From 057fecccf96b9ae649670e9254eca7cc1190bee1 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Thu, 21 Nov 2019 14:42:06 -0600 Subject: [PATCH 001/387] CVE-2019-5647 for AppSpider --- 2019/5xxx/CVE-2019-5647.json | 76 ++++++++++++++++++++++++++++++++++-- 1 file changed, 73 insertions(+), 3 deletions(-) diff --git a/2019/5xxx/CVE-2019-5647.json b/2019/5xxx/CVE-2019-5647.json index 1a89ae404c4..2fe876095f1 100644 --- a/2019/5xxx/CVE-2019-5647.json +++ b/2019/5xxx/CVE-2019-5647.json @@ -1,8 +1,35 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cve@rapid7.com", + "DATE_PUBLIC": "2019-08-20T14:00:00.000Z", "ID": "CVE-2019-5647", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Rapid7 AppSpider Chrome Plugin Insufficient Session Expiration" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AppSpider", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "3.8.213", + "version_value": "3.8.213" + } + ] + } + } + ] + }, + "vendor_name": "Rapid7" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +38,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it was not. This issue affects Rapid7 AppSpider version 3.8.213 and prior versions, and is fixed in version 3.8.215." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-613 Insufficient Session Expiration" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://help.rapid7.com/appspiderenterprise/release-notes/?rid=3.8.215", + "refsource": "CONFIRM", + "url": "https://help.rapid7.com/appspiderenterprise/release-notes/?rid=3.8.215" + } + ] + }, + "source": { + "discovery": "USER" } } \ No newline at end of file From e3a106f29dd7850ed7afa22c269dba45bcdf37d4 Mon Sep 17 00:00:00 2001 From: DellEMCProductSecurity Date: Tue, 7 Jan 2020 16:16:07 -0500 Subject: [PATCH 002/387] Added CVE-2019-18588 --- 2019/18xxx/CVE-2019-18588 .json | 71 +++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 2019/18xxx/CVE-2019-18588 .json diff --git a/2019/18xxx/CVE-2019-18588 .json b/2019/18xxx/CVE-2019-18588 .json new file mode 100644 index 00000000000..365d2c32777 --- /dev/null +++ b/2019/18xxx/CVE-2019-18588 .json @@ -0,0 +1,71 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2019-12-12", + "ID": "CVE-2019-18588 ", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Unisphere for PowerMax", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.1.0.9 and 9.0.2.16" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users' sessions." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 9.0, + "baseSeverity": "Critical", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.dell.com/support/security/en-us/details/539808/DSA-2019-193-Dell-EMC-Unisphere-for-PowerMax-and-Dell-EMC-PowerMax-Embedded-Management-Cross-Site" + } + ] + } +} \ No newline at end of file From f0d49bc820c17381a90253c4fd3219a83ed967b5 Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Fri, 10 Jan 2020 10:33:12 -0500 Subject: [PATCH 003/387] IBM20200110-103312 Added CVE-2019-4508, CVE-2019-4559 --- 2019/4xxx/CVE-2019-4508.json | 105 ++++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4559.json | 105 ++++++++++++++++++++++++++++++----- 2 files changed, 180 insertions(+), 30 deletions(-) diff --git a/2019/4xxx/CVE-2019-4508.json b/2019/4xxx/CVE-2019-4508.json index 21c61dffa28..3a16a23f8e0 100644 --- a/2019/4xxx/CVE-2019-4508.json +++ b/2019/4xxx/CVE-2019-4508.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4508", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 1170334 (QRadar SIEM)", + "url" : "https://www.ibm.com/support/pages/node/1170334", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/1170334" + }, + { + "name" : "ibm-qradar-cve20194508-info-disc (164429)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/164429", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_format" : "MITRE", + "CVE_data_meta" : { + "DATE_PUBLIC" : "2020-01-09T00:00:00", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4508" + }, + "description" : { + "description_data" : [ + { + "value" : "IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in some instances which could be decrypted by a local attacker. IBM X-Force ID: 164429.", + "lang" : "eng" + } + ] + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "7.3.0" + }, + { + "version_value" : "7.3.3" + } + ] + }, + "product_name" : "QRadar SIEM" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "impact" : { + "cvssv3" : { + "BM" : { + "S" : "U", + "I" : "N", + "AC" : "H", + "C" : "H", + "A" : "N", + "PR" : "N", + "SCORE" : "5.100", + "AV" : "L", + "UI" : "N" + }, + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + } + } + } +} diff --git a/2019/4xxx/CVE-2019-4559.json b/2019/4xxx/CVE-2019-4559.json index 4171b65250b..0b1ee2940d6 100644 --- a/2019/4xxx/CVE-2019-4559.json +++ b/2019/4xxx/CVE-2019-4559.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4559", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + }, + "BM" : { + "A" : "N", + "C" : "L", + "AC" : "L", + "UI" : "N", + "SCORE" : "5.300", + "AV" : "N", + "PR" : "N", + "S" : "U", + "I" : "N" + } + } + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "QRadar SIEM", + "version" : { + "version_data" : [ + { + "version_value" : "7.3.0" + }, + { + "version_value" : "7.3.3" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM QRadar SIEM 7.3.0 through 7.3.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 166355." + } + ] + }, + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4559", + "DATE_PUBLIC" : "2020-01-09T00:00:00", + "STATE" : "PUBLIC" + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/pages/node/1170346", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/1170346", + "title" : "IBM Security Bulletin 1170346 (QRadar SIEM)" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/166355", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-qradar-cve20194559-info-disc (166355)", + "refsource" : "XF" + } + ] + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "data_type" : "CVE" +} From aabe51f145f87723335591935c374edbb275ad73 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Jan 2020 16:01:12 +0000 Subject: [PATCH 004/387] "-Synchronized-Data." --- 2018/1xxx/CVE-2018-1311.json | 5 + 2019/4xxx/CVE-2019-4508.json | 180 +++++++++++++++++------------------ 2019/4xxx/CVE-2019-4559.json | 180 +++++++++++++++++------------------ 2020/1xxx/CVE-2020-1765.json | 19 ++-- 2020/1xxx/CVE-2020-1766.json | 19 ++-- 2020/1xxx/CVE-2020-1767.json | 15 ++- 6 files changed, 205 insertions(+), 213 deletions(-) diff --git a/2018/1xxx/CVE-2018-1311.json b/2018/1xxx/CVE-2018-1311.json index 3ba055ea2b2..86c65976dd7 100644 --- a/2018/1xxx/CVE-2018-1311.json +++ b/2018/1xxx/CVE-2018-1311.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://marc.info/?l=xerces-c-users&m=157653840106914&w=2", "url": "https://marc.info/?l=xerces-c-users&m=157653840106914&w=2" + }, + { + "refsource": "MLIST", + "name": "[xerces-c-dev] 20200110 [xerces-c] 06/13: Add CVE-2018-1311 advisory and web site note.", + "url": "https://lists.apache.org/thread.html/r48ea463fde218b1e4cc1a1d05770a0cea34de0600b4355315a49226b@%3Cc-dev.xerces.apache.org%3E" } ] }, diff --git a/2019/4xxx/CVE-2019-4508.json b/2019/4xxx/CVE-2019-4508.json index 3a16a23f8e0..7b263ae4e74 100644 --- a/2019/4xxx/CVE-2019-4508.json +++ b/2019/4xxx/CVE-2019-4508.json @@ -1,93 +1,93 @@ { - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 1170334 (QRadar SIEM)", - "url" : "https://www.ibm.com/support/pages/node/1170334", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/1170334" - }, - { - "name" : "ibm-qradar-cve20194508-info-disc (164429)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/164429", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-01-09T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2019-4508" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in some instances which could be decrypted by a local attacker. IBM X-Force ID: 164429.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.3.0" - }, - { - "version_value" : "7.3.3" - } - ] - }, - "product_name" : "QRadar SIEM" - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] } - ] - } - }, - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "I" : "N", - "AC" : "H", - "C" : "H", - "A" : "N", - "PR" : "N", - "SCORE" : "5.100", - "AV" : "L", - "UI" : "N" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - } -} + ] + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 1170334 (QRadar SIEM)", + "url": "https://www.ibm.com/support/pages/node/1170334", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/1170334" + }, + { + "name": "ibm-qradar-cve20194508-info-disc (164429)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164429", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_format": "MITRE", + "CVE_data_meta": { + "DATE_PUBLIC": "2020-01-09T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4508" + }, + "description": { + "description_data": [ + { + "value": "IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in some instances which could be decrypted by a local attacker. IBM X-Force ID: 164429.", + "lang": "eng" + } + ] + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.3.0" + }, + { + "version_value": "7.3.3" + } + ] + }, + "product_name": "QRadar SIEM" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "I": "N", + "AC": "H", + "C": "H", + "A": "N", + "PR": "N", + "SCORE": "5.100", + "AV": "L", + "UI": "N" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4559.json b/2019/4xxx/CVE-2019-4559.json index 0b1ee2940d6..5a2f54a5bcf 100644 --- a/2019/4xxx/CVE-2019-4559.json +++ b/2019/4xxx/CVE-2019-4559.json @@ -1,93 +1,93 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "A" : "N", - "C" : "L", - "AC" : "L", - "UI" : "N", - "SCORE" : "5.300", - "AV" : "N", - "PR" : "N", - "S" : "U", - "I" : "N" - } - } - }, - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "QRadar SIEM", - "version" : { - "version_data" : [ - { - "version_value" : "7.3.0" - }, - { - "version_value" : "7.3.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "A": "N", + "C": "L", + "AC": "L", + "UI": "N", + "SCORE": "5.300", + "AV": "N", + "PR": "N", + "S": "U", + "I": "N" } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM QRadar SIEM 7.3.0 through 7.3.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 166355." - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2019-4559", - "DATE_PUBLIC" : "2020-01-09T00:00:00", - "STATE" : "PUBLIC" - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/1170346", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/1170346", - "title" : "IBM Security Bulletin 1170346 (QRadar SIEM)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/166355", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-qradar-cve20194559-info-disc (166355)", - "refsource" : "XF" - } - ] - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + } + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "QRadar SIEM", + "version": { + "version_data": [ + { + "version_value": "7.3.0" + }, + { + "version_value": "7.3.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_type" : "CVE" -} + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM QRadar SIEM 7.3.0 through 7.3.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 166355." + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4559", + "DATE_PUBLIC": "2020-01-09T00:00:00", + "STATE": "PUBLIC" + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/1170346", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/1170346", + "title": "IBM Security Bulletin 1170346 (QRadar SIEM)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166355", + "title": "X-Force Vulnerability Report", + "name": "ibm-qradar-cve20194559-info-disc (166355)", + "refsource": "XF" + } + ] + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_type": "CVE" +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1765.json b/2020/1xxx/CVE-2020-1765.json index 737ef66e88f..b1ae6266c0f 100644 --- a/2020/1xxx/CVE-2020-1765.json +++ b/2020/1xxx/CVE-2020-1765.json @@ -10,6 +10,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "OTRS AG", "product": { "product_data": [ { @@ -17,14 +18,10 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "5.0.x", - "version_value": "5.0.39" + "version_value": "5.0.x version 5.0.39 and prior versions" }, { - "version_affected": "<=", - "version_name": "6.0.x", - "version_value": "6.0.24" + "version_value": "6.0.x version 6.0.24 and prior versions" } ] } @@ -34,16 +31,13 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "7.0.x", - "version_value": "7.0.13" + "version_value": "7.0.x version 7.0.13 and prior versions" } ] } } ] - }, - "vendor_name": "OTRS AG" + } } ] } @@ -61,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound.\n\nThis issue affects:\n((OTRS)) Community Edition\n5.0.x version 5.0.39 and prior versions;\n6.0.x version 6.0.24 and prior versions.\nOTRS\n7.0.x version 7.0.13 and prior versions." + "value": "An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions." } ] }, @@ -100,6 +94,7 @@ "reference_data": [ { "refsource": "CONFIRM", + "name": "https://otrs.com/release-notes/otrs-security-advisory-2020-01/", "url": "https://otrs.com/release-notes/otrs-security-advisory-2020-01/" } ] diff --git a/2020/1xxx/CVE-2020-1766.json b/2020/1xxx/CVE-2020-1766.json index 832c1888815..b8241262c27 100644 --- a/2020/1xxx/CVE-2020-1766.json +++ b/2020/1xxx/CVE-2020-1766.json @@ -10,6 +10,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "OTRS AG", "product": { "product_data": [ { @@ -17,14 +18,10 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "5.0.x", - "version_value": "5.0.39" + "version_value": "5.0.x version 5.0.39 and prior versions" }, { - "version_affected": "<=", - "version_name": "6.0.x", - "version_value": "6.0.24" + "version_value": "6.0.x version 6.0.24 and prior versions" } ] } @@ -34,16 +31,13 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "7.0.x", - "version_value": "7.0.13" + "version_value": "7.0.x version 7.0.13 and prior versions" } ] } } ] - }, - "vendor_name": "OTRS AG" + } } ] } @@ -61,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. \n\nThis issue affects:\n((OTRS)) Community Edition\n5.0.x version 5.0.39 and prior versions;\n6.0.x version 6.0.24 and prior versions.\nOTRS\n7.0.x version 7.0.13 and prior versions." + "value": "Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions." } ] }, @@ -100,6 +94,7 @@ "reference_data": [ { "refsource": "CONFIRM", + "name": "https://otrs.com/release-notes/otrs-security-advisory-2020-02/", "url": "https://otrs.com/release-notes/otrs-security-advisory-2020-02/" } ] diff --git a/2020/1xxx/CVE-2020-1767.json b/2020/1xxx/CVE-2020-1767.json index aabfe6d5a38..d25b188de82 100644 --- a/2020/1xxx/CVE-2020-1767.json +++ b/2020/1xxx/CVE-2020-1767.json @@ -10,6 +10,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "OTRS AG", "product": { "product_data": [ { @@ -17,9 +18,7 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "6.0.x", - "version_value": "6.0.24" + "version_value": "6.0.x version 6.0.24 and prior versions" } ] } @@ -29,16 +28,13 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "7.0.x", - "version_value": "7.0.13" + "version_value": "7.0.x version 7.0.13 and prior versions" } ] } } ] - }, - "vendor_name": "OTRS AG" + } } ] } @@ -50,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent.\n\nThis issue affects:\n((OTRS)) Community Edition\n6.0.x version 6.0.24 and prior versions.\nOTRS\n7.0.x version 7.0.13 and prior versions." + "value": "Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions." } ] }, @@ -89,6 +85,7 @@ "reference_data": [ { "refsource": "CONFIRM", + "name": "https://otrs.com/release-notes/otrs-security-advisory-2020-03/", "url": "https://otrs.com/release-notes/otrs-security-advisory-2020-03/" } ] From 37db8a38fb5c07af60e4817a52d9c490da0b16d1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Jan 2020 17:01:05 +0000 Subject: [PATCH 005/387] "-Synchronized-Data." --- 2012/3xxx/CVE-2012-3822.json | 53 +++++++++++++++++++++++++++-- 2012/3xxx/CVE-2012-3823.json | 53 +++++++++++++++++++++++++++-- 2012/3xxx/CVE-2012-3824.json | 53 +++++++++++++++++++++++++++-- 2012/4xxx/CVE-2012-4030.json | 48 ++++++++++++++++++++++++-- 2019/19xxx/CVE-2019-19820.json | 61 ++++++++++++++++++++++++++++++---- 2019/20xxx/CVE-2019-20373.json | 5 +++ 2020/6xxx/CVE-2020-6162.json | 61 ++++++++++++++++++++++++++++++---- 7 files changed, 314 insertions(+), 20 deletions(-) diff --git a/2012/3xxx/CVE-2012-3822.json b/2012/3xxx/CVE-2012-3822.json index 4fc91c59747..bc2df88a5dd 100644 --- a/2012/3xxx/CVE-2012-3822.json +++ b/2012/3xxx/CVE-2012-3822.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-3822", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html", + "refsource": "MISC", + "name": "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html" + }, + { + "refsource": "XF", + "name": "79509", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79509" } ] } diff --git a/2012/3xxx/CVE-2012-3823.json b/2012/3xxx/CVE-2012-3823.json index caf11d15ab5..d8fc616a863 100644 --- a/2012/3xxx/CVE-2012-3823.json +++ b/2012/3xxx/CVE-2012-3823.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-3823", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html", + "refsource": "MISC", + "name": "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html" + }, + { + "refsource": "XF", + "name": "79510", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79510" } ] } diff --git a/2012/3xxx/CVE-2012-3824.json b/2012/3xxx/CVE-2012-3824.json index 4df8aa0ec93..2dcd9aeeba1 100644 --- a/2012/3xxx/CVE-2012-3824.json +++ b/2012/3xxx/CVE-2012-3824.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-3824", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html", + "refsource": "MISC", + "name": "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html" + }, + { + "refsource": "XF", + "name": "79506", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79506" } ] } diff --git a/2012/4xxx/CVE-2012-4030.json b/2012/4xxx/CVE-2012-4030.json index 792dbf171de..cef901e3d55 100644 --- a/2012/4xxx/CVE-2012-4030.json +++ b/2012/4xxx/CVE-2012-4030.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4030", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "XF", + "name": "78054", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78054" } ] } diff --git a/2019/19xxx/CVE-2019-19820.json b/2019/19xxx/CVE-2019-19820.json index 36ec334dbee..18351048619 100644 --- a/2019/19xxx/CVE-2019-19820.json +++ b/2019/19xxx/CVE-2019-19820.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19820", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19820", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402405 using METHOD_NEITHER results in a read primitive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nafiez.github.io/security/vulnerability/2019/12/04/kyrol-internet-security-invalid-pointer-vulnerability.html", + "refsource": "MISC", + "name": "https://nafiez.github.io/security/vulnerability/2019/12/04/kyrol-internet-security-invalid-pointer-vulnerability.html" + }, + { + "url": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-04-kyrol-internet-security-invalid-pointer-vulnerability.md", + "refsource": "MISC", + "name": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-04-kyrol-internet-security-invalid-pointer-vulnerability.md" } ] } diff --git a/2019/20xxx/CVE-2019-20373.json b/2019/20xxx/CVE-2019-20373.json index 72f785152d5..c268eb3d723 100644 --- a/2019/20xxx/CVE-2019-20373.json +++ b/2019/20xxx/CVE-2019-20373.json @@ -56,6 +56,11 @@ "url": "https://git.launchpad.net/~ltsp-upstream/ltsp/+git/ldm/commit/?id=c351ac69ef63ed6c84221cef73e409059661b8ba", "refsource": "MISC", "name": "https://git.launchpad.net/~ltsp-upstream/ltsp/+git/ldm/commit/?id=c351ac69ef63ed6c84221cef73e409059661b8ba" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200110 [SECURITY] [DLA 2064-1] ldm security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00007.html" } ] } diff --git a/2020/6xxx/CVE-2020-6162.json b/2020/6xxx/CVE-2020-6162.json index ed07449c843..80172f90030 100644 --- a/2020/6xxx/CVE-2020-6162.json +++ b/2020/6xxx/CVE-2020-6162.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6162", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6162", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Bftpd 5.3. Under certain circumstances, an out-of-bounds read is triggered due to an uninitialized value. The daemon crashes at startup in the hidegroups_init function in dirlist.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://bftpd.sourceforge.net/news.html", + "url": "http://bftpd.sourceforge.net/news.html" + }, + { + "refsource": "CONFIRM", + "name": "https://fossies.org/linux/bftpd/CHANGELOG", + "url": "https://fossies.org/linux/bftpd/CHANGELOG" } ] } From 7f00b1c997aac0db4e0d812455bdd32f352f5801 Mon Sep 17 00:00:00 2001 From: DellEMCProductSecurity Date: Fri, 10 Jan 2020 13:00:20 -0500 Subject: [PATCH 006/387] Fixed extra space in CVE-2019-18588 file name --- 2019/18xxx/{CVE-2019-18588 .json => CVE-2019-18588.json} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename 2019/18xxx/{CVE-2019-18588 .json => CVE-2019-18588.json} (100%) diff --git a/2019/18xxx/CVE-2019-18588 .json b/2019/18xxx/CVE-2019-18588.json similarity index 100% rename from 2019/18xxx/CVE-2019-18588 .json rename to 2019/18xxx/CVE-2019-18588.json From d22c01df18d985b0dab459964aced9d89a90b0bc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Jan 2020 18:01:05 +0000 Subject: [PATCH 007/387] "-Synchronized-Data." --- 2017/5xxx/CVE-2017-5645.json | 5 +++ 2019/14xxx/CVE-2019-14301.json | 62 +++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14302.json | 62 +++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14304.json | 62 +++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14306.json | 62 +++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15039.json | 2 +- 2019/17xxx/CVE-2019-17571.json | 5 +++ 2019/18xxx/CVE-2019-18194.json | 67 ++++++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19817.json | 61 ++++++++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19819.json | 61 ++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20372.json | 5 +++ 2020/6xxx/CVE-2020-6750.json | 5 +++ 12 files changed, 446 insertions(+), 13 deletions(-) create mode 100644 2019/14xxx/CVE-2019-14301.json create mode 100644 2019/14xxx/CVE-2019-14302.json create mode 100644 2019/14xxx/CVE-2019-14304.json create mode 100644 2019/14xxx/CVE-2019-14306.json create mode 100644 2019/18xxx/CVE-2019-18194.json diff --git a/2017/5xxx/CVE-2017-5645.json b/2017/5xxx/CVE-2017-5645.json index c32eace13a5..b5684aae0da 100644 --- a/2017/5xxx/CVE-2017-5645.json +++ b/2017/5xxx/CVE-2017-5645.json @@ -286,6 +286,11 @@ "refsource": "MLIST", "name": "[tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", "url": "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url": "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3Cdev.tika.apache.org%3E" } ] } diff --git a/2019/14xxx/CVE-2019-14301.json b/2019/14xxx/CVE-2019-14301.json new file mode 100644 index 00000000000..33069f8d991 --- /dev/null +++ b/2019/14xxx/CVE-2019-14301.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ricoh.com/info/2019/0823_1/", + "url": "https://www.ricoh.com/info/2019/0823_1/" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14302.json b/2019/14xxx/CVE-2019-14302.json new file mode 100644 index 00000000000..a1751153ef2 --- /dev/null +++ b/2019/14xxx/CVE-2019-14302.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On Ricoh SP C250DN 1.06 devices, a debug port can be used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ricoh.com/info/2019/0823_1/", + "url": "https://www.ricoh.com/info/2019/0823_1/" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14304.json b/2019/14xxx/CVE-2019-14304.json new file mode 100644 index 00000000000..3f5ef493859 --- /dev/null +++ b/2019/14xxx/CVE-2019-14304.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ricoh SP C250DN 1.06 devices allow CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ricoh.com/info/2019/0823_1/", + "url": "https://www.ricoh.com/info/2019/0823_1/" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14306.json b/2019/14xxx/CVE-2019-14306.json new file mode 100644 index 00000000000..91d49bf6506 --- /dev/null +++ b/2019/14xxx/CVE-2019-14306.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of 2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ricoh.com/info/2019/0823_1/", + "url": "https://www.ricoh.com/info/2019/0823_1/" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15039.json b/2019/15xxx/CVE-2019-15039.json index 6e6e93bd442..e27892526ae 100644 --- a/2019/15xxx/CVE-2019-15039.json +++ b/2019/15xxx/CVE-2019-15039.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2018.2.5 and 2019.1." + "value": "An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1." } ] }, diff --git a/2019/17xxx/CVE-2019-17571.json b/2019/17xxx/CVE-2019-17571.json index ef0f41998e3..d0795e9e99c 100644 --- a/2019/17xxx/CVE-2019-17571.json +++ b/2019/17xxx/CVE-2019-17571.json @@ -158,6 +158,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200110-0001/", "url": "https://security.netapp.com/advisory/ntap-20200110-0001/" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url": "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3Cdev.tika.apache.org%3E" } ] }, diff --git a/2019/18xxx/CVE-2019-18194.json b/2019/18xxx/CVE-2019-18194.json new file mode 100644 index 00000000000..620be6ee9f2 --- /dev/null +++ b/2019/18xxx/CVE-2019-18194.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/", + "refsource": "MISC", + "name": "https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=88qeaLq98Gc", + "url": "https://www.youtube.com/watch?v=88qeaLq98Gc" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19817.json b/2019/19xxx/CVE-2019-19817.json index 92679abb759..c4b522fcdb1 100644 --- a/2019/19xxx/CVE-2019-19817.json +++ b/2019/19xxx/CVE-2019-19817.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19817", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19817", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x2e8a Out-of-Bounds Read via crafted Unicode content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nafiez.github.io/security/vulnerability/remote/2019/12/12/multiple-nitro-pdf-vulnerability.html", + "refsource": "MISC", + "name": "https://nafiez.github.io/security/vulnerability/remote/2019/12/12/multiple-nitro-pdf-vulnerability.html" + }, + { + "url": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-12-multiple-nitro-pdf-vulnerability.md", + "refsource": "MISC", + "name": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-12-multiple-nitro-pdf-vulnerability.md" } ] } diff --git a/2019/19xxx/CVE-2019-19819.json b/2019/19xxx/CVE-2019-19819.json index 058d88bafa6..5fc8b53b33b 100644 --- a/2019/19xxx/CVE-2019-19819.json +++ b/2019/19xxx/CVE-2019-19819.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19819", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19819", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x90ec NULL Pointer Dereference via crafted Unicode content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nafiez.github.io/security/vulnerability/remote/2019/12/12/multiple-nitro-pdf-vulnerability.html", + "refsource": "MISC", + "name": "https://nafiez.github.io/security/vulnerability/remote/2019/12/12/multiple-nitro-pdf-vulnerability.html" + }, + { + "url": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-12-multiple-nitro-pdf-vulnerability.md", + "refsource": "MISC", + "name": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-12-multiple-nitro-pdf-vulnerability.md" } ] } diff --git a/2019/20xxx/CVE-2019-20372.json b/2019/20xxx/CVE-2019-20372.json index 7df973615e1..877b5d2ba6a 100644 --- a/2019/20xxx/CVE-2019-20372.json +++ b/2019/20xxx/CVE-2019-20372.json @@ -71,6 +71,11 @@ "url": "https://github.com/kubernetes/ingress-nginx/pull/4859", "refsource": "MISC", "name": "https://github.com/kubernetes/ingress-nginx/pull/4859" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e", + "url": "https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e" } ] } diff --git a/2020/6xxx/CVE-2020-6750.json b/2020/6xxx/CVE-2020-6750.json index 01c80f2157b..a55514afd74 100644 --- a/2020/6xxx/CVE-2020-6750.json +++ b/2020/6xxx/CVE-2020-6750.json @@ -56,6 +56,11 @@ "url": "https://gitlab.gnome.org/GNOME/glib/issues/1989", "refsource": "MISC", "name": "https://gitlab.gnome.org/GNOME/glib/issues/1989" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1160668", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1160668" } ] } From 86df78719496630513c12d4fcdfde601e972c5af Mon Sep 17 00:00:00 2001 From: DellEMCProductSecurity Date: Fri, 10 Jan 2020 13:18:20 -0500 Subject: [PATCH 008/387] Also fix the extra space in the file --- 2019/18xxx/CVE-2019-18588.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2019/18xxx/CVE-2019-18588.json b/2019/18xxx/CVE-2019-18588.json index 365d2c32777..64691a9491c 100644 --- a/2019/18xxx/CVE-2019-18588.json +++ b/2019/18xxx/CVE-2019-18588.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "secure@dell.com", "DATE_PUBLIC": "2019-12-12", - "ID": "CVE-2019-18588 ", + "ID": "CVE-2019-18588", "STATE": "PUBLIC" }, "affects": { From 86a65af8c7748a07a845b555a788776bed126a2b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Jan 2020 19:01:16 +0000 Subject: [PATCH 009/387] "-Synchronized-Data." --- 2011/5xxx/CVE-2011-5020.json | 48 ++++++++++++++++++++++++++++++++-- 2019/18xxx/CVE-2019-18588.json | 43 +++++++++++++++--------------- 2 files changed, 68 insertions(+), 23 deletions(-) diff --git a/2011/5xxx/CVE-2011-5020.json b/2011/5xxx/CVE-2011-5020.json index 8b954d5c9d4..2323095bf36 100644 --- a/2011/5xxx/CVE-2011-5020.json +++ b/2011/5xxx/CVE-2011-5020.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-5020", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.cloudscan.me/2012/02/cve-2011-5020-online-tv-database-sql.html", + "refsource": "MISC", + "name": "http://www.cloudscan.me/2012/02/cve-2011-5020-online-tv-database-sql.html" } ] } diff --git a/2019/18xxx/CVE-2019-18588.json b/2019/18xxx/CVE-2019-18588.json index 64691a9491c..e0b4f47d802 100644 --- a/2019/18xxx/CVE-2019-18588.json +++ b/2019/18xxx/CVE-2019-18588.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2019-12-12", - "ID": "CVE-2019-18588", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2019-12-12", + "ID": "CVE-2019-18588", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "Unisphere for PowerMax", + "product_name": "Unisphere for PowerMax", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "9.1.0.9 and 9.0.2.16" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users' sessions." } ] - }, + }, "impact": { "cvss": { - "baseScore": 9.0, - "baseSeverity": "Critical", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 9.0, + "baseSeverity": "Critical", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.0" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/security/en-us/details/539808/DSA-2019-193-Dell-EMC-Unisphere-for-PowerMax-and-Dell-EMC-PowerMax-Embedded-Management-Cross-Site" + "refsource": "MISC", + "url": "https://www.dell.com/support/security/en-us/details/539808/DSA-2019-193-Dell-EMC-Unisphere-for-PowerMax-and-Dell-EMC-PowerMax-Embedded-Management-Cross-Site", + "name": "https://www.dell.com/support/security/en-us/details/539808/DSA-2019-193-Dell-EMC-Unisphere-for-PowerMax-and-Dell-EMC-PowerMax-Embedded-Management-Cross-Site" } ] } From 4c4a7d10c6ae3b01836c0647fd7bc251e7ba08f4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Jan 2020 20:01:06 +0000 Subject: [PATCH 010/387] "-Synchronized-Data." --- 2012/3xxx/CVE-2012-3821.json | 68 ++++++++++++++++++++++++++++++++++-- 2012/4xxx/CVE-2012-4284.json | 63 +++++++++++++++++++++++++++++++-- 2 files changed, 127 insertions(+), 4 deletions(-) diff --git a/2012/3xxx/CVE-2012-3821.json b/2012/3xxx/CVE-2012-3821.json index 5b2c11cab46..5c10018e083 100644 --- a/2012/3xxx/CVE-2012-3821.json +++ b/2012/3xxx/CVE-2012-3821.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-3821", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html", + "refsource": "MISC", + "name": "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79508", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79508" + }, + { + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0103.html", + "refsource": "MISC", + "name": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0103.html" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/archive/1/524462", + "url": "https://www.securityfocus.com/archive/1/524462" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/56117/info", + "url": "https://www.securityfocus.com/bid/56117/info" } ] } diff --git a/2012/4xxx/CVE-2012-4284.json b/2012/4xxx/CVE-2012-4284.json index 50d06409c70..28f70fbaa58 100644 --- a/2012/4xxx/CVE-2012-4284.json +++ b/2012/4xxx/CVE-2012-4284.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4284", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/55002", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/55002" + }, + { + "url": "http://www.exploit-db.com/exploits/24579", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/24579" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/120643/Viscosity-setuid-set-ViscosityHelper-Privilege-Escalation.html", + "url": "https://packetstormsecurity.com/files/120643/Viscosity-setuid-set-ViscosityHelper-Privilege-Escalation.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.sparklabs.com/viscosity/releasenotes/mac/", + "url": "https://www.sparklabs.com/viscosity/releasenotes/mac/" } ] } From 2562cb8e7bbb74aba0bc7737a5d4f4c950a18ff2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Jan 2020 21:01:05 +0000 Subject: [PATCH 011/387] "-Synchronized-Data." --- 2012/4xxx/CVE-2012-4603.json | 63 +++++++++++++++++++++- 2019/16xxx/CVE-2019-16788.json | 96 +++------------------------------- 2019/20xxx/CVE-2019-20043.json | 7 ++- 2020/6xxx/CVE-2020-6832.json | 18 +++++++ 2020/6xxx/CVE-2020-6833.json | 18 +++++++ 2020/6xxx/CVE-2020-6834.json | 18 +++++++ 2020/6xxx/CVE-2020-6835.json | 67 ++++++++++++++++++++++++ 7 files changed, 195 insertions(+), 92 deletions(-) create mode 100644 2020/6xxx/CVE-2020-6832.json create mode 100644 2020/6xxx/CVE-2020-6833.json create mode 100644 2020/6xxx/CVE-2020-6834.json create mode 100644 2020/6xxx/CVE-2020-6835.json diff --git a/2012/4xxx/CVE-2012-4603.json b/2012/4xxx/CVE-2012-4603.json index 0019ea5bb53..a2ad8c79a17 100644 --- a/2012/4xxx/CVE-2012-4603.json +++ b/2012/4xxx/CVE-2012-4603.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4603", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "55518", + "url": "http://www.securityfocus.com/bid/55518" + }, + { + "refsource": "SECTRACK", + "name": "1027521", + "url": "http://www.securitytracker.com/id?1027521" + }, + { + "refsource": "SECTRACK", + "name": "1027522", + "url": "http://www.securitytracker.com/id?1027522" + }, + { + "refsource": "XF", + "name": "78433", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78433" } ] } diff --git a/2019/16xxx/CVE-2019-16788.json b/2019/16xxx/CVE-2019-16788.json index f51b2e2c637..b332b506e3d 100644 --- a/2019/16xxx/CVE-2019-16788.json +++ b/2019/16xxx/CVE-2019-16788.json @@ -1,100 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "security-advisories@github.com", - "ID": "CVE-2019-16788", - "STATE": "PUBLIC", - "TITLE": "Stored cross-site scripting (XSS) in WordPress through 'wp_targeted_link_rel'" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "WordPress", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "< 3.5.1", - "version_value": "3.5.1" - } - ] - } - } - ] - }, - "vendor_name": "WordPress" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-16788", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "In WordPress versions from 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. Automatic updates are enabled by default for minor releases and we strongly recommend that you keep them enabled." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-20043. Reason: This candidate is a duplicate of CVE-2019-20043. Notes: All CVE users should reference CVE-2019-20043 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 5.4, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross-site Scripting (XSS)" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "name": "https://wpvulndb.com/vulnerabilities/9973", - "url": "https://wpvulndb.com/vulnerabilities/9973" - }, - { - "name": "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/", - "refsource": "MISC", - "url": "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/" - }, - { - "name": "https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9", - "refsource": "MISC", - "url": "https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9" - }, - { - "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw", - "refsource": "CONFIRM", - "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw" - } - ] - }, - "source": { - "advisory": "GHSA-g7rg-hchx-c2gw", - "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20043.json b/2019/20xxx/CVE-2019-20043.json index fef5b6f8b92..3a80f262f25 100644 --- a/2019/20xxx/CVE-2019-20043.json +++ b/2019/20xxx/CVE-2019-20043.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "WordPress before 5.3.1 allowed an unauthenticated user to make a post sticky through the REST API because of missing access control in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php." + "value": "In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release." } ] }, @@ -81,6 +81,11 @@ "refsource": "DEBIAN", "name": "DSA-4599", "url": "https://www.debian.org/security/2020/dsa-4599" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw", + "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw" } ] } diff --git a/2020/6xxx/CVE-2020-6832.json b/2020/6xxx/CVE-2020-6832.json new file mode 100644 index 00000000000..8f928a7f99b --- /dev/null +++ b/2020/6xxx/CVE-2020-6832.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6832", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6833.json b/2020/6xxx/CVE-2020-6833.json new file mode 100644 index 00000000000..9bbd4896370 --- /dev/null +++ b/2020/6xxx/CVE-2020-6833.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6833", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6834.json b/2020/6xxx/CVE-2020-6834.json new file mode 100644 index 00000000000..003ebece3ed --- /dev/null +++ b/2020/6xxx/CVE-2020-6834.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6834", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6835.json b/2020/6xxx/CVE-2020-6835.json new file mode 100644 index 00000000000..18eaa76275b --- /dev/null +++ b/2020/6xxx/CVE-2020-6835.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fossies.org/linux/bftpd/CHANGELOG", + "refsource": "MISC", + "name": "https://fossies.org/linux/bftpd/CHANGELOG" + }, + { + "url": "http://bftpd.sourceforge.net/news.html#302460", + "refsource": "MISC", + "name": "http://bftpd.sourceforge.net/news.html#302460" + } + ] + } +} \ No newline at end of file From 3355a7583b2920cd8e2b24cc05386f0ea1ab02e0 Mon Sep 17 00:00:00 2001 From: Adrian Taylor Date: Fri, 10 Jan 2020 13:07:48 -0800 Subject: [PATCH 012/387] Two Chrome CVEs. --- 2019/13xxx/CVE-2019-13767.json | 63 ++++++++++++++++++++++++++++++++++ 2020/6xxx/CVE-2020-6377.json | 51 +++++++++++++++++++++++++-- 2 files changed, 111 insertions(+), 3 deletions(-) create mode 100644 2019/13xxx/CVE-2019-13767.json diff --git a/2019/13xxx/CVE-2019-13767.json b/2019/13xxx/CVE-2019-13767.json new file mode 100644 index 00000000000..d1c87a5b08f --- /dev/null +++ b/2019/13xxx/CVE-2019-13767.json @@ -0,0 +1,63 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-13767", + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "79.0.3945.88", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1031653" + }, + { + "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6377.json b/2020/6xxx/CVE-2020-6377.json index 94af76198cc..1d9b96efa34 100644 --- a/2020/6xxx/CVE-2020-6377.json +++ b/2020/6xxx/CVE-2020-6377.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6377", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "79.0.3945.117", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1029462" + }, + { + "url": "https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } From 0531212b51d9184bf45cef293582eacb263d8be5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Jan 2020 22:01:16 +0000 Subject: [PATCH 013/387] "-Synchronized-Data." --- 2019/13xxx/CVE-2019-13767.json | 11 +++- 2019/16xxx/CVE-2019-16773.json | 101 +++------------------------------ 2019/19xxx/CVE-2019-19475.json | 56 ++++++++++++++++-- 2019/20xxx/CVE-2019-20042.json | 12 +++- 2020/6xxx/CVE-2020-6377.json | 11 +++- 5 files changed, 84 insertions(+), 107 deletions(-) diff --git a/2019/13xxx/CVE-2019-13767.json b/2019/13xxx/CVE-2019-13767.json index d1c87a5b08f..40ae06cda42 100644 --- a/2019/13xxx/CVE-2019-13767.json +++ b/2019/13xxx/CVE-2019-13767.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13767", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "security@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/1031653" + "url": "https://crbug.com/1031653", + "refsource": "MISC", + "name": "https://crbug.com/1031653" }, { - "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html" + "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html" } ] }, diff --git a/2019/16xxx/CVE-2019-16773.json b/2019/16xxx/CVE-2019-16773.json index d4b908e0a8e..61389bb381a 100644 --- a/2019/16xxx/CVE-2019-16773.json +++ b/2019/16xxx/CVE-2019-16773.json @@ -1,105 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "security-advisories@github.com", - "ID": "CVE-2019-16773", - "STATE": "PUBLIC", - "TITLE": "Stored cross-site scripting (XSS) in WordPress through 'wp_targeted_link_rel'" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "WordPress", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "< 3.5.1", - "version_value": "3.5.1" - } - ] - } - } - ] - }, - "vendor_name": "WordPress" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-16773", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "In WordPress versions from 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. Automatic updates are enabled by default for minor releases and we strongly recommend that you keep them enabled." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-20042. Reason: This candidate is a duplicate of CVE-2019-20042. Notes: All CVE users should reference CVE-2019-20042 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] - }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 5.8, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross-site Scripting (XSS)" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "name": "https://wpvulndb.com/vulnerabilities/9975", - "url": "https://wpvulndb.com/vulnerabilities/9975" - }, - { - "name": "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/", - "refsource": "MISC", - "url": "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/" - }, - { - "name": "https://github.com/WordPress/wordpress-develop/commit/1f7f3f1f59567e2504f0fbebd51ccf004b3ccb1d", - "refsource": "MISC", - "url": "https://github.com/WordPress/wordpress-develop/commit/1f7f3f1f59567e2504f0fbebd51ccf004b3ccb1d" - }, - { - "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xvg2-m2f4-83m7", - "refsource": "CONFIRM", - "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xvg2-m2f4-83m7" - }, - { - "name": "https://hackerone.com/reports/509930", - "refsource": "MISC", - "url": "https://hackerone.com/reports/509930" - } - ] - }, - "source": { - "advisory": "GHSA-xvg2-m2f4-83m7", - "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19475.json b/2019/19xxx/CVE-2019-19475.json index 5fd01f45ada..30b0791d86e 100644 --- a/2019/19xxx/CVE-2019-19475.json +++ b/2019/19xxx/CVE-2019-19475.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19475", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19475", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in \u201cAuthenticated Users\u201d group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-19475.html", + "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-19475.html" } ] } diff --git a/2019/20xxx/CVE-2019-20042.json b/2019/20xxx/CVE-2019-20042.json index e4fb0df9da8..ab6299e1ed9 100644 --- a/2019/20xxx/CVE-2019-20042.json +++ b/2019/20xxx/CVE-2019-20042.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "WordPress before 5.3.1 allowed an attacker to create a cross-site scripting attack (XSS) in well crafted links, because of an insufficient protection mechanism in wp_targeted_link_rel in wp-includes/formatting.php." + "value": "In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release." } ] }, @@ -86,6 +86,16 @@ "refsource": "DEBIAN", "name": "DSA-4599", "url": "https://www.debian.org/security/2020/dsa-4599" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xvg2-m2f4-83m7", + "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xvg2-m2f4-83m7" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/509930", + "url": "https://hackerone.com/reports/509930" } ] } diff --git a/2020/6xxx/CVE-2020-6377.json b/2020/6xxx/CVE-2020-6377.json index 1d9b96efa34..2c59405d71b 100644 --- a/2020/6xxx/CVE-2020-6377.json +++ b/2020/6xxx/CVE-2020-6377.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6377", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "security@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/1029462" + "url": "https://crbug.com/1029462", + "refsource": "MISC", + "name": "https://crbug.com/1029462" }, { - "url": "https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html" + "url": "https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html" } ] }, From 89b674327c5145c7aad49d36f2dbc0b74df39658 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Jan 2020 23:01:05 +0000 Subject: [PATCH 014/387] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20224.json | 5 +++++ 2020/0xxx/CVE-2020-0009.json | 5 +++++ 2020/6xxx/CVE-2020-6756.json | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/2019/20xxx/CVE-2019-20224.json b/2019/20xxx/CVE-2019-20224.json index 1a84c2506af..259e017e54a 100644 --- a/2019/20xxx/CVE-2019-20224.json +++ b/2019/20xxx/CVE-2019-20224.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://shells.systems/pandorafms-v7-0ng-authenticated-remote-code-execution-cve-2019-20224/", "url": "https://shells.systems/pandorafms-v7-0ng-authenticated-remote-code-execution-cve-2019-20224/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155897/Pandora-7.0NG-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/155897/Pandora-7.0NG-Remote-Code-Execution.html" } ] } diff --git a/2020/0xxx/CVE-2020-0009.json b/2020/0xxx/CVE-2020-0009.json index a88a03a21d9..1d167870520 100644 --- a/2020/0xxx/CVE-2020-0009.json +++ b/2020/0xxx/CVE-2020-0009.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://source.android.com/security/bulletin/2020-01-11", "url": "https://source.android.com/security/bulletin/2020-01-11" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155903/Android-ashmem-Read-Only-Bypasses.html", + "url": "http://packetstormsecurity.com/files/155903/Android-ashmem-Read-Only-Bypasses.html" } ] }, diff --git a/2020/6xxx/CVE-2020-6756.json b/2020/6xxx/CVE-2020-6756.json index 03784c261d1..bf645f2d194 100644 --- a/2020/6xxx/CVE-2020-6756.json +++ b/2020/6xxx/CVE-2020-6756.json @@ -56,6 +56,11 @@ "url": "https://pwnedchile.com/2020/01/08/pixelstor-5000-rce-exploit/", "refsource": "MISC", "name": "https://pwnedchile.com/2020/01/08/pixelstor-5000-rce-exploit/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155898/PixelStor-5000-K-4.0.1580-20150629-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/155898/PixelStor-5000-K-4.0.1580-20150629-Remote-Code-Execution.html" } ] }, From be358220dda1a74664c72a037ee04a87c3406dd6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 11 Jan 2020 01:01:05 +0000 Subject: [PATCH 015/387] "-Synchronized-Data." --- 2020/6xxx/CVE-2020-6836.json | 67 ++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 2020/6xxx/CVE-2020-6836.json diff --git a/2020/6xxx/CVE-2020-6836.json b/2020/6xxx/CVE-2020-6836.json new file mode 100644 index 00000000000..2a57cf37757 --- /dev/null +++ b/2020/6xxx/CVE-2020-6836.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may allow attackers to run arbitrary commands on the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.npmjs.com/advisories/1439", + "refsource": "MISC", + "name": "https://www.npmjs.com/advisories/1439" + }, + { + "url": "https://github.com/handsontable/formula-parser/commit/396b089738d4bf30eb570a4fe6a188affa95cd5e", + "refsource": "MISC", + "name": "https://github.com/handsontable/formula-parser/commit/396b089738d4bf30eb570a4fe6a188affa95cd5e" + } + ] + } +} \ No newline at end of file From 887b880bf4d6c05929029bb07ab81d18b26ccde2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 11 Jan 2020 02:01:08 +0000 Subject: [PATCH 016/387] "-Synchronized-Data." --- 2020/6xxx/CVE-2020-6837.json | 18 ++++++++++++++++++ 2020/6xxx/CVE-2020-6838.json | 18 ++++++++++++++++++ 2020/6xxx/CVE-2020-6839.json | 18 ++++++++++++++++++ 2020/6xxx/CVE-2020-6840.json | 18 ++++++++++++++++++ 4 files changed, 72 insertions(+) create mode 100644 2020/6xxx/CVE-2020-6837.json create mode 100644 2020/6xxx/CVE-2020-6838.json create mode 100644 2020/6xxx/CVE-2020-6839.json create mode 100644 2020/6xxx/CVE-2020-6840.json diff --git a/2020/6xxx/CVE-2020-6837.json b/2020/6xxx/CVE-2020-6837.json new file mode 100644 index 00000000000..b996d4ea22c --- /dev/null +++ b/2020/6xxx/CVE-2020-6837.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6837", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6838.json b/2020/6xxx/CVE-2020-6838.json new file mode 100644 index 00000000000..df358529d2a --- /dev/null +++ b/2020/6xxx/CVE-2020-6838.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6838", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6839.json b/2020/6xxx/CVE-2020-6839.json new file mode 100644 index 00000000000..34fd467d8b0 --- /dev/null +++ b/2020/6xxx/CVE-2020-6839.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6839", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6840.json b/2020/6xxx/CVE-2020-6840.json new file mode 100644 index 00000000000..f77ace210d9 --- /dev/null +++ b/2020/6xxx/CVE-2020-6840.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6840", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 70f7cd3122a227a8ec4ecf139b229c45924ff9b9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 11 Jan 2020 03:01:04 +0000 Subject: [PATCH 017/387] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20377.json | 18 ++++++++++ 2019/20xxx/CVE-2019-20378.json | 62 ++++++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20379.json | 62 ++++++++++++++++++++++++++++++++++ 2020/6xxx/CVE-2020-6838.json | 56 ++++++++++++++++++++++++++---- 2020/6xxx/CVE-2020-6839.json | 56 ++++++++++++++++++++++++++---- 2020/6xxx/CVE-2020-6840.json | 56 ++++++++++++++++++++++++++---- 2020/6xxx/CVE-2020-6841.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6842.json | 18 ++++++++++ 8 files changed, 328 insertions(+), 18 deletions(-) create mode 100644 2019/20xxx/CVE-2019-20377.json create mode 100644 2019/20xxx/CVE-2019-20378.json create mode 100644 2019/20xxx/CVE-2019-20379.json create mode 100644 2020/6xxx/CVE-2020-6841.json create mode 100644 2020/6xxx/CVE-2020-6842.json diff --git a/2019/20xxx/CVE-2019-20377.json b/2019/20xxx/CVE-2019-20377.json new file mode 100644 index 00000000000..34b6631e4da --- /dev/null +++ b/2019/20xxx/CVE-2019-20377.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20377", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20378.json b/2019/20xxx/CVE-2019-20378.json new file mode 100644 index 00000000000..7bfc165f9ef --- /dev/null +++ b/2019/20xxx/CVE-2019-20378.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ganglia/ganglia-web/issues/351", + "refsource": "MISC", + "name": "https://github.com/ganglia/ganglia-web/issues/351" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20379.json b/2019/20xxx/CVE-2019-20379.json new file mode 100644 index 00000000000..f829ec72927 --- /dev/null +++ b/2019/20xxx/CVE-2019-20379.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ganglia/ganglia-web/issues/351", + "refsource": "MISC", + "name": "https://github.com/ganglia/ganglia-web/issues/351" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6838.json b/2020/6xxx/CVE-2020-6838.json index df358529d2a..dafea452e9b 100644 --- a/2020/6xxx/CVE-2020-6838.json +++ b/2020/6xxx/CVE-2020-6838.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6838", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6838", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mruby/mruby/issues/4926", + "refsource": "MISC", + "name": "https://github.com/mruby/mruby/issues/4926" } ] } diff --git a/2020/6xxx/CVE-2020-6839.json b/2020/6xxx/CVE-2020-6839.json index 34fd467d8b0..fa4f4abe6ee 100644 --- a/2020/6xxx/CVE-2020-6839.json +++ b/2020/6xxx/CVE-2020-6839.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6839", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6839", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mruby/mruby/issues/4929", + "refsource": "MISC", + "name": "https://github.com/mruby/mruby/issues/4929" } ] } diff --git a/2020/6xxx/CVE-2020-6840.json b/2020/6xxx/CVE-2020-6840.json index f77ace210d9..39f2999de7e 100644 --- a/2020/6xxx/CVE-2020-6840.json +++ b/2020/6xxx/CVE-2020-6840.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6840", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6840", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mruby/mruby/issues/4927", + "refsource": "MISC", + "name": "https://github.com/mruby/mruby/issues/4927" } ] } diff --git a/2020/6xxx/CVE-2020-6841.json b/2020/6xxx/CVE-2020-6841.json new file mode 100644 index 00000000000..499dd373f26 --- /dev/null +++ b/2020/6xxx/CVE-2020-6841.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6841", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6842.json b/2020/6xxx/CVE-2020-6842.json new file mode 100644 index 00000000000..e7d654cd5bd --- /dev/null +++ b/2020/6xxx/CVE-2020-6842.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6842", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From a1c230e5c814f70d4cd99d6ddaf7b090da4fce46 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 11 Jan 2020 04:01:06 +0000 Subject: [PATCH 018/387] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20377.json | 56 ++++++++++++++++++++--- 2020/6xxx/CVE-2020-6843.json | 18 ++++++++ 2020/6xxx/CVE-2020-6844.json | 18 ++++++++ 2020/6xxx/CVE-2020-6845.json | 18 ++++++++ 2020/6xxx/CVE-2020-6846.json | 18 ++++++++ 2020/6xxx/CVE-2020-6847.json | 81 ++++++++++++++++++++++++++++++++++ 6 files changed, 203 insertions(+), 6 deletions(-) create mode 100644 2020/6xxx/CVE-2020-6843.json create mode 100644 2020/6xxx/CVE-2020-6844.json create mode 100644 2020/6xxx/CVE-2020-6845.json create mode 100644 2020/6xxx/CVE-2020-6846.json create mode 100644 2020/6xxx/CVE-2020-6847.json diff --git a/2019/20xxx/CVE-2019-20377.json b/2019/20xxx/CVE-2019-20377.json index 34b6631e4da..5ce3ea7ffb4 100644 --- a/2019/20xxx/CVE-2019-20377.json +++ b/2019/20xxx/CVE-2019-20377.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20377", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20377", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TopList before 2019-09-03 allows XSS via a title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tophubs/TopList/issues/32", + "refsource": "MISC", + "name": "https://github.com/tophubs/TopList/issues/32" } ] } diff --git a/2020/6xxx/CVE-2020-6843.json b/2020/6xxx/CVE-2020-6843.json new file mode 100644 index 00000000000..2b447e1d468 --- /dev/null +++ b/2020/6xxx/CVE-2020-6843.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6843", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6844.json b/2020/6xxx/CVE-2020-6844.json new file mode 100644 index 00000000000..3f0942a7d1b --- /dev/null +++ b/2020/6xxx/CVE-2020-6844.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6844", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6845.json b/2020/6xxx/CVE-2020-6845.json new file mode 100644 index 00000000000..adae636c44e --- /dev/null +++ b/2020/6xxx/CVE-2020-6845.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6845", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6846.json b/2020/6xxx/CVE-2020-6846.json new file mode 100644 index 00000000000..17a95e8ddd5 --- /dev/null +++ b/2020/6xxx/CVE-2020-6846.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6846", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6847.json b/2020/6xxx/CVE-2020-6847.json new file mode 100644 index 00000000000..251985decd4 --- /dev/null +++ b/2020/6xxx/CVE-2020-6847.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/Marshall-Hallenbeck/bf6a4a4f408bb7a5e0a47cb39dc1dbbe", + "refsource": "MISC", + "name": "https://gist.github.com/Marshall-Hallenbeck/bf6a4a4f408bb7a5e0a47cb39dc1dbbe" + }, + { + "url": "https://github.com/3s3s/opentrade/blob/4f91391164219da30533453e1ff6800ef2ef3c6b/static_pages/js/index.js#L473", + "refsource": "MISC", + "name": "https://github.com/3s3s/opentrade/blob/4f91391164219da30533453e1ff6800ef2ef3c6b/static_pages/js/index.js#L473" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:C/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file From 049dc85ed69dd366b7e7795934c33f54cb297991 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 11 Jan 2020 11:01:04 +0000 Subject: [PATCH 019/387] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20373.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/20xxx/CVE-2019-20373.json b/2019/20xxx/CVE-2019-20373.json index c268eb3d723..50561ed81b2 100644 --- a/2019/20xxx/CVE-2019-20373.json +++ b/2019/20xxx/CVE-2019-20373.json @@ -57,6 +57,11 @@ "refsource": "MISC", "name": "https://git.launchpad.net/~ltsp-upstream/ltsp/+git/ldm/commit/?id=c351ac69ef63ed6c84221cef73e409059661b8ba" }, + { + "refsource": "DEBIAN", + "name": "DSA-4601", + "url": "https://www.debian.org/security/2020/dsa-4601" + }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20200110 [SECURITY] [DLA 2064-1] ldm security update", From 804cea7a169afe1e3e25c317a8707fa81697ce5a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 11 Jan 2020 15:01:05 +0000 Subject: [PATCH 020/387] "-Synchronized-Data." --- 2017/5xxx/CVE-2017-5645.json | 5 +++++ 2019/17xxx/CVE-2019-17571.json | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/2017/5xxx/CVE-2017-5645.json b/2017/5xxx/CVE-2017-5645.json index b5684aae0da..d9212ca3900 100644 --- a/2017/5xxx/CVE-2017-5645.json +++ b/2017/5xxx/CVE-2017-5645.json @@ -291,6 +291,11 @@ "refsource": "MLIST", "name": "[tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", "url": "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3Cdev.tika.apache.org%3E" } ] } diff --git a/2019/17xxx/CVE-2019-17571.json b/2019/17xxx/CVE-2019-17571.json index d0795e9e99c..b6343d995c0 100644 --- a/2019/17xxx/CVE-2019-17571.json +++ b/2019/17xxx/CVE-2019-17571.json @@ -163,6 +163,11 @@ "refsource": "MLIST", "name": "[tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", "url": "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3Cdev.tika.apache.org%3E" } ] }, From 08b55ce93db4970d45d4a03b8790de916222191a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 11 Jan 2020 16:01:05 +0000 Subject: [PATCH 021/387] "-Synchronized-Data." --- 2019/5xxx/CVE-2019-5844.json | 5 +++++ 2019/5xxx/CVE-2019-5845.json | 5 +++++ 2019/5xxx/CVE-2019-5846.json | 5 +++++ 2020/6xxx/CVE-2020-6377.json | 5 +++++ 4 files changed, 20 insertions(+) diff --git a/2019/5xxx/CVE-2019-5844.json b/2019/5xxx/CVE-2019-5844.json index d7a7bb3b33a..fd44e43336e 100644 --- a/2019/5xxx/CVE-2019-5844.json +++ b/2019/5xxx/CVE-2019-5844.json @@ -59,6 +59,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0004", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00002.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0006", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html" } ] }, diff --git a/2019/5xxx/CVE-2019-5845.json b/2019/5xxx/CVE-2019-5845.json index f6911af9e0c..91c6ba7c226 100644 --- a/2019/5xxx/CVE-2019-5845.json +++ b/2019/5xxx/CVE-2019-5845.json @@ -59,6 +59,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0004", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00002.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0006", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html" } ] }, diff --git a/2019/5xxx/CVE-2019-5846.json b/2019/5xxx/CVE-2019-5846.json index 7ce2ae03b5c..9b166f50bd3 100644 --- a/2019/5xxx/CVE-2019-5846.json +++ b/2019/5xxx/CVE-2019-5846.json @@ -59,6 +59,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0004", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00002.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0006", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html" } ] }, diff --git a/2020/6xxx/CVE-2020-6377.json b/2020/6xxx/CVE-2020-6377.json index 2c59405d71b..916ad316c67 100644 --- a/2020/6xxx/CVE-2020-6377.json +++ b/2020/6xxx/CVE-2020-6377.json @@ -54,6 +54,11 @@ "url": "https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html", "refsource": "MISC", "name": "https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0006", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html" } ] }, From f05e774c48b67712af31f62c233c477e28ee9fe8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 11 Jan 2020 18:01:05 +0000 Subject: [PATCH 022/387] "-Synchronized-Data." --- 2014/1xxx/CVE-2014-1972.json | 5 +++++ 2019/0xxx/CVE-2019-0195.json | 5 +++++ 2019/0xxx/CVE-2019-0207.json | 5 +++++ 2019/10xxx/CVE-2019-10071.json | 5 +++++ 4 files changed, 20 insertions(+) diff --git a/2014/1xxx/CVE-2014-1972.json b/2014/1xxx/CVE-2014-1972.json index 5c2da697510..ea55bc6ae7c 100644 --- a/2014/1xxx/CVE-2014-1972.json +++ b/2014/1xxx/CVE-2014-1972.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[tapestry-users] 20191007 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure", "url": "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c@%3Cusers.tapestry.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html", + "url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E" } ] } diff --git a/2019/0xxx/CVE-2019-0195.json b/2019/0xxx/CVE-2019-0195.json index 913610e927e..9abf7dea9c2 100644 --- a/2019/0xxx/CVE-2019-0195.json +++ b/2019/0xxx/CVE-2019-0195.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[tapestry-users] 20191014 Re: [CVE-2019-0195] Apache Tapestry vulnerability disclosure", "url": "https://lists.apache.org/thread.html/6c40c1e03d2131119f9b77882431a0050f02bf9cae9ee48b84d012df@%3Cusers.tapestry.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html", + "url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E" } ] }, diff --git a/2019/0xxx/CVE-2019-0207.json b/2019/0xxx/CVE-2019-0207.json index 59168282c3c..accb9e38962 100644 --- a/2019/0xxx/CVE-2019-0207.json +++ b/2019/0xxx/CVE-2019-0207.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[tapestry-users] 20191007 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure", "url": "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c@%3Cusers.tapestry.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html", + "url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E" } ] }, diff --git a/2019/10xxx/CVE-2019-10071.json b/2019/10xxx/CVE-2019-10071.json index fd3a9364604..19b890e67f3 100644 --- a/2019/10xxx/CVE-2019-10071.json +++ b/2019/10xxx/CVE-2019-10071.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[tapestry-users] 20191014 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure", "url": "https://lists.apache.org/thread.html/7a437dad5af7309aba4d01bfc2463b3ac34e6aafaa565381d3a36460@%3Cusers.tapestry.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html", + "url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E" } ] }, From 9a93b37b0ba04fd65f8b0ef6414ef127c07f8458 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 11 Jan 2020 19:01:09 +0000 Subject: [PATCH 023/387] "-Synchronized-Data." --- 2019/13xxx/CVE-2019-13767.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/13xxx/CVE-2019-13767.json b/2019/13xxx/CVE-2019-13767.json index 40ae06cda42..e5fe6777c86 100644 --- a/2019/13xxx/CVE-2019-13767.json +++ b/2019/13xxx/CVE-2019-13767.json @@ -54,6 +54,11 @@ "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html", "refsource": "MISC", "name": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0007", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00005.html" } ] }, From 34031dbcabb1f50360742048af96731893bcdd02 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 11 Jan 2020 22:01:05 +0000 Subject: [PATCH 024/387] "-Synchronized-Data." --- 2017/5xxx/CVE-2017-5645.json | 10 ++++++++++ 2019/17xxx/CVE-2019-17571.json | 10 ++++++++++ 2 files changed, 20 insertions(+) diff --git a/2017/5xxx/CVE-2017-5645.json b/2017/5xxx/CVE-2017-5645.json index d9212ca3900..2479e8b63d3 100644 --- a/2017/5xxx/CVE-2017-5645.json +++ b/2017/5xxx/CVE-2017-5645.json @@ -296,6 +296,16 @@ "refsource": "MLIST", "name": "[tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", "url": "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3Cdev.tika.apache.org%3E" } ] } diff --git a/2019/17xxx/CVE-2019-17571.json b/2019/17xxx/CVE-2019-17571.json index b6343d995c0..e0e7f2e7552 100644 --- a/2019/17xxx/CVE-2019-17571.json +++ b/2019/17xxx/CVE-2019-17571.json @@ -168,6 +168,16 @@ "refsource": "MLIST", "name": "[tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", "url": "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3Cdev.tika.apache.org%3E" } ] }, From 6f26fc3d2ffe2054d368e6ac979a574cb0b9a37a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 12 Jan 2020 01:01:06 +0000 Subject: [PATCH 025/387] "-Synchronized-Data." --- 2019/11xxx/CVE-2019-11727.json | 5 +++++ 2019/11xxx/CVE-2019-11745.json | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/2019/11xxx/CVE-2019-11727.json b/2019/11xxx/CVE-2019-11727.json index c4639bc7c72..8a4963c00c0 100644 --- a/2019/11xxx/CVE-2019-11727.json +++ b/2019/11xxx/CVE-2019-11727.json @@ -84,6 +84,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2260", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0008", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html" } ] }, diff --git a/2019/11xxx/CVE-2019-11745.json b/2019/11xxx/CVE-2019-11745.json index 01a9bdac288..ee4b6f38093 100644 --- a/2019/11xxx/CVE-2019-11745.json +++ b/2019/11xxx/CVE-2019-11745.json @@ -93,6 +93,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0002", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0008", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html" } ] }, From dc99c93f03c25efdb037bdb485e509bc1a8a453e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 12 Jan 2020 03:01:02 +0000 Subject: [PATCH 026/387] "-Synchronized-Data." --- 2010/2xxx/CVE-2010-2247.json | 5 +++++ 2018/9xxx/CVE-2018-9018.json | 5 +++++ 2019/15xxx/CVE-2019-15139.json | 5 +++++ 2019/16xxx/CVE-2019-16056.json | 5 +++++ 2019/16xxx/CVE-2019-16935.json | 5 +++++ 2019/19xxx/CVE-2019-19722.json | 5 +++++ 6 files changed, 30 insertions(+) diff --git a/2010/2xxx/CVE-2010-2247.json b/2010/2xxx/CVE-2010-2247.json index dea3e0b0ee4..de6762b0999 100644 --- a/2010/2xxx/CVE-2010-2247.json +++ b/2010/2xxx/CVE-2010-2247.json @@ -61,6 +61,11 @@ "url": "https://access.redhat.com/security/cve/cve-2010-2247", "refsource": "MISC", "name": "https://access.redhat.com/security/cve/cve-2010-2247" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-1db19e75db", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JLAGK43ZTRNAMRO7JI2AW4BAZS35QSEE/" } ] } diff --git a/2018/9xxx/CVE-2018-9018.json b/2018/9xxx/CVE-2018-9018.json index a4dd5186820..579aaca4363 100644 --- a/2018/9xxx/CVE-2018-9018.json +++ b/2018/9xxx/CVE-2018-9018.json @@ -76,6 +76,11 @@ "name": "103526", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103526" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-f12cb1ddab", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3IYH7QSNXXOIDFTYLY455ANZ3JWQ7FCS/" } ] } diff --git a/2019/15xxx/CVE-2019-15139.json b/2019/15xxx/CVE-2019-15139.json index 007a126258e..d5e91741028 100644 --- a/2019/15xxx/CVE-2019-15139.json +++ b/2019/15xxx/CVE-2019-15139.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2519", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-f12cb1ddab", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3IYH7QSNXXOIDFTYLY455ANZ3JWQ7FCS/" } ] } diff --git a/2019/16xxx/CVE-2019-16056.json b/2019/16xxx/CVE-2019-16056.json index f6d7f883bef..190cdac9746 100644 --- a/2019/16xxx/CVE-2019-16056.json +++ b/2019/16xxx/CVE-2019-16056.json @@ -181,6 +181,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3948", "url": "https://access.redhat.com/errata/RHSA-2019:3948" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-7ec5bb5d22", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEARDOTXCYPYELKBD2KWZ27GSPXDI3GQ/" } ] } diff --git a/2019/16xxx/CVE-2019-16935.json b/2019/16xxx/CVE-2019-16935.json index bde5599cfaa..a4c096e94a9 100644 --- a/2019/16xxx/CVE-2019-16935.json +++ b/2019/16xxx/CVE-2019-16935.json @@ -136,6 +136,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-57462fa10d", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-7ec5bb5d22", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEARDOTXCYPYELKBD2KWZ27GSPXDI3GQ/" } ] } diff --git a/2019/19xxx/CVE-2019-19722.json b/2019/19xxx/CVE-2019-19722.json index 846774ea630..1ee18ed7d01 100644 --- a/2019/19xxx/CVE-2019-19722.json +++ b/2019/19xxx/CVE-2019-19722.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-5898f4f935", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OZCJ3RBA4WIYGN7SOV4TW2AIHXPZATK/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-72e5ac943a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PPB7PG5BM3MC5ZF2KHQ3UR7CZIO42BB/" } ] } From 1722620574a496d0e8c9a6e21eb327ecbf0826c2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 12 Jan 2020 04:01:04 +0000 Subject: [PATCH 027/387] "-Synchronized-Data." --- 2010/2xxx/CVE-2010-2247.json | 5 +++++ 2018/1002xxx/CVE-2018-1002102.json | 7 ++++++- 2018/9xxx/CVE-2018-9018.json | 5 +++++ 2019/13xxx/CVE-2019-13107.json | 5 +++++ 2019/15xxx/CVE-2019-15139.json | 5 +++++ 2019/16xxx/CVE-2019-16056.json | 5 +++++ 2019/16xxx/CVE-2019-16935.json | 5 +++++ 7 files changed, 36 insertions(+), 1 deletion(-) diff --git a/2010/2xxx/CVE-2010-2247.json b/2010/2xxx/CVE-2010-2247.json index de6762b0999..c904262f2bb 100644 --- a/2010/2xxx/CVE-2010-2247.json +++ b/2010/2xxx/CVE-2010-2247.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-1db19e75db", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JLAGK43ZTRNAMRO7JI2AW4BAZS35QSEE/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a5b60d0c2b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLHAXN3XRR7RJ73SJTBSW3GZT4GLHI33/" } ] } diff --git a/2018/1002xxx/CVE-2018-1002102.json b/2018/1002xxx/CVE-2018-1002102.json index ca656608347..96adf20e242 100644 --- a/2018/1002xxx/CVE-2018-1002102.json +++ b/2018/1002xxx/CVE-2018-1002102.json @@ -79,6 +79,11 @@ "name": "https://github.com/kubernetes/kubernetes/issues/85867", "refsource": "CONFIRM", "url": "https://github.com/kubernetes/kubernetes/issues/85867" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-943f4b03d2", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q56CULSH7F7BC4NPS67ZS23ZCLL5TIVK/" } ] }, @@ -94,4 +99,4 @@ "value": "For Kubernetes versions >= v1.10.0, the ValidateProxyRedirects feature can be manually enabled with the kube-apiserver flag --feature-gates=ValidateProxyRedirects=true" } ] -} +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9018.json b/2018/9xxx/CVE-2018-9018.json index 579aaca4363..ee6ae201407 100644 --- a/2018/9xxx/CVE-2018-9018.json +++ b/2018/9xxx/CVE-2018-9018.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-f12cb1ddab", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3IYH7QSNXXOIDFTYLY455ANZ3JWQ7FCS/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-210b0a6e4f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FS76VNCFL3FVRMGXQEMHBOKA7EE46BTS/" } ] } diff --git a/2019/13xxx/CVE-2019-13107.json b/2019/13xxx/CVE-2019-13107.json index 97434ea7e5d..bd0e9e37c90 100644 --- a/2019/13xxx/CVE-2019-13107.json +++ b/2019/13xxx/CVE-2019-13107.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://github.com/tbeu/matio/pull/118", "url": "https://github.com/tbeu/matio/pull/118" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a1a2f55fcf", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7AE25FWDBPC7KLVMPLHT4G64O4GISQQ/" } ] } diff --git a/2019/15xxx/CVE-2019-15139.json b/2019/15xxx/CVE-2019-15139.json index d5e91741028..c6f90c878b1 100644 --- a/2019/15xxx/CVE-2019-15139.json +++ b/2019/15xxx/CVE-2019-15139.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-f12cb1ddab", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3IYH7QSNXXOIDFTYLY455ANZ3JWQ7FCS/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-210b0a6e4f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FS76VNCFL3FVRMGXQEMHBOKA7EE46BTS/" } ] } diff --git a/2019/16xxx/CVE-2019-16056.json b/2019/16xxx/CVE-2019-16056.json index 190cdac9746..d6e38b9bb68 100644 --- a/2019/16xxx/CVE-2019-16056.json +++ b/2019/16xxx/CVE-2019-16056.json @@ -186,6 +186,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-7ec5bb5d22", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEARDOTXCYPYELKBD2KWZ27GSPXDI3GQ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a268ba7b23", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGESQSGIHDCIGOBVF7VXCMIE6YDWRYB/" } ] } diff --git a/2019/16xxx/CVE-2019-16935.json b/2019/16xxx/CVE-2019-16935.json index a4c096e94a9..018fd0af2c7 100644 --- a/2019/16xxx/CVE-2019-16935.json +++ b/2019/16xxx/CVE-2019-16935.json @@ -141,6 +141,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-7ec5bb5d22", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEARDOTXCYPYELKBD2KWZ27GSPXDI3GQ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a268ba7b23", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGESQSGIHDCIGOBVF7VXCMIE6YDWRYB/" } ] } From d19f89fc425f8e8dbd1308e475b1b9ca7505afa7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 12 Jan 2020 13:01:10 +0000 Subject: [PATCH 028/387] "-Synchronized-Data." --- 2019/5xxx/CVE-2019-5844.json | 5 +++++ 2019/5xxx/CVE-2019-5845.json | 5 +++++ 2019/5xxx/CVE-2019-5846.json | 5 +++++ 2020/6xxx/CVE-2020-6377.json | 5 +++++ 4 files changed, 20 insertions(+) diff --git a/2019/5xxx/CVE-2019-5844.json b/2019/5xxx/CVE-2019-5844.json index fd44e43336e..054abaa2893 100644 --- a/2019/5xxx/CVE-2019-5844.json +++ b/2019/5xxx/CVE-2019-5844.json @@ -64,6 +64,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0006", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0009", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html" } ] }, diff --git a/2019/5xxx/CVE-2019-5845.json b/2019/5xxx/CVE-2019-5845.json index 91c6ba7c226..761b4fc2393 100644 --- a/2019/5xxx/CVE-2019-5845.json +++ b/2019/5xxx/CVE-2019-5845.json @@ -64,6 +64,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0006", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0009", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html" } ] }, diff --git a/2019/5xxx/CVE-2019-5846.json b/2019/5xxx/CVE-2019-5846.json index 9b166f50bd3..63affbcdb2b 100644 --- a/2019/5xxx/CVE-2019-5846.json +++ b/2019/5xxx/CVE-2019-5846.json @@ -64,6 +64,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0006", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0009", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html" } ] }, diff --git a/2020/6xxx/CVE-2020-6377.json b/2020/6xxx/CVE-2020-6377.json index 916ad316c67..30fdbf757bf 100644 --- a/2020/6xxx/CVE-2020-6377.json +++ b/2020/6xxx/CVE-2020-6377.json @@ -59,6 +59,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0006", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0009", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html" } ] }, From 96a5628212827b5c3756ee1ba5fb63ba507c807b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jan 2020 01:01:04 +0000 Subject: [PATCH 029/387] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17571.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/17xxx/CVE-2019-17571.json b/2019/17xxx/CVE-2019-17571.json index e0e7f2e7552..8bfc70af9b1 100644 --- a/2019/17xxx/CVE-2019-17571.json +++ b/2019/17xxx/CVE-2019-17571.json @@ -178,6 +178,11 @@ "refsource": "MLIST", "name": "[tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", "url": "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200112 [SECURITY] [DLA 2065-1] apache-log4j1.2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00008.html" } ] }, From 59980a68af90b5d64c588d02b18f4324fa2cadf2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jan 2020 04:01:03 +0000 Subject: [PATCH 030/387] "-Synchronized-Data." --- 2019/2xxx/CVE-2019-2126.json | 5 +++++ 2019/9xxx/CVE-2019-9232.json | 5 +++++ 2019/9xxx/CVE-2019-9325.json | 5 +++++ 2019/9xxx/CVE-2019-9371.json | 5 +++++ 2019/9xxx/CVE-2019-9433.json | 5 +++++ 2020/6xxx/CVE-2020-6377.json | 5 +++++ 6 files changed, 30 insertions(+) diff --git a/2019/2xxx/CVE-2019-2126.json b/2019/2xxx/CVE-2019-2126.json index e7b74e30bdc..f7960e259a0 100644 --- a/2019/2xxx/CVE-2019-2126.json +++ b/2019/2xxx/CVE-2019-2126.json @@ -53,6 +53,11 @@ "refsource": "UBUNTU", "name": "USN-4199-1", "url": "https://usn.ubuntu.com/4199-1/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-65eac1b48b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/" } ] }, diff --git a/2019/9xxx/CVE-2019-9232.json b/2019/9xxx/CVE-2019-9232.json index 1352be6f0d2..45e96d50edd 100644 --- a/2019/9xxx/CVE-2019-9232.json +++ b/2019/9xxx/CVE-2019-9232.json @@ -83,6 +83,11 @@ "refsource": "DEBIAN", "name": "DSA-4578", "url": "https://www.debian.org/security/2019/dsa-4578" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-65eac1b48b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/" } ] }, diff --git a/2019/9xxx/CVE-2019-9325.json b/2019/9xxx/CVE-2019-9325.json index 2a21abdf53c..a3c84fe0a90 100644 --- a/2019/9xxx/CVE-2019-9325.json +++ b/2019/9xxx/CVE-2019-9325.json @@ -78,6 +78,11 @@ "refsource": "DEBIAN", "name": "DSA-4578", "url": "https://www.debian.org/security/2019/dsa-4578" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-65eac1b48b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/" } ] }, diff --git a/2019/9xxx/CVE-2019-9371.json b/2019/9xxx/CVE-2019-9371.json index 3d12d795fd3..f3e151b3f01 100644 --- a/2019/9xxx/CVE-2019-9371.json +++ b/2019/9xxx/CVE-2019-9371.json @@ -78,6 +78,11 @@ "refsource": "DEBIAN", "name": "DSA-4578", "url": "https://www.debian.org/security/2019/dsa-4578" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-65eac1b48b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/" } ] }, diff --git a/2019/9xxx/CVE-2019-9433.json b/2019/9xxx/CVE-2019-9433.json index f0f64c68ec5..c83d1f87f24 100644 --- a/2019/9xxx/CVE-2019-9433.json +++ b/2019/9xxx/CVE-2019-9433.json @@ -83,6 +83,11 @@ "refsource": "DEBIAN", "name": "DSA-4578", "url": "https://www.debian.org/security/2019/dsa-4578" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-65eac1b48b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/" } ] }, diff --git a/2020/6xxx/CVE-2020-6377.json b/2020/6xxx/CVE-2020-6377.json index 30fdbf757bf..7b4575a22b7 100644 --- a/2020/6xxx/CVE-2020-6377.json +++ b/2020/6xxx/CVE-2020-6377.json @@ -64,6 +64,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0009", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-581537c8aa", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PSUXNEUS6N42UJNQVCQSTSM6CSW2REPG/" } ] }, From a34a12590539f93cb7f93695be1470d8903e2e7e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jan 2020 05:01:07 +0000 Subject: [PATCH 031/387] "-Synchronized-Data." --- 2020/6xxx/CVE-2020-6848.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/6xxx/CVE-2020-6849.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6850.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6851.json | 18 +++++++++++ 4 files changed, 116 insertions(+) create mode 100644 2020/6xxx/CVE-2020-6848.json create mode 100644 2020/6xxx/CVE-2020-6849.json create mode 100644 2020/6xxx/CVE-2020-6850.json create mode 100644 2020/6xxx/CVE-2020-6851.json diff --git a/2020/6xxx/CVE-2020-6848.json b/2020/6xxx/CVE-2020-6848.json new file mode 100644 index 00000000000..1989bc2754e --- /dev/null +++ b/2020/6xxx/CVE-2020-6848.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Name) parameter to the configWebParams.cgi URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/flir-brickstream-recuento-y-seguimiento.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/flir-brickstream-recuento-y-seguimiento.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6849.json b/2020/6xxx/CVE-2020-6849.json new file mode 100644 index 00000000000..2ced3f436d8 --- /dev/null +++ b/2020/6xxx/CVE-2020-6849.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6849", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6850.json b/2020/6xxx/CVE-2020-6850.json new file mode 100644 index 00000000000..09e7e52bffa --- /dev/null +++ b/2020/6xxx/CVE-2020-6850.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6850", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6851.json b/2020/6xxx/CVE-2020-6851.json new file mode 100644 index 00000000000..8824b2663b1 --- /dev/null +++ b/2020/6xxx/CVE-2020-6851.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6851", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 449225a91e11528720b25965fe2da7cdaaec3d3a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jan 2020 06:01:04 +0000 Subject: [PATCH 032/387] "-Synchronized-Data." --- 2020/6xxx/CVE-2020-6851.json | 56 ++++++++++++++++++++++++++++++++---- 2020/6xxx/CVE-2020-6852.json | 18 ++++++++++++ 2020/6xxx/CVE-2020-6853.json | 18 ++++++++++++ 2020/6xxx/CVE-2020-6854.json | 18 ++++++++++++ 2020/6xxx/CVE-2020-6855.json | 18 ++++++++++++ 2020/6xxx/CVE-2020-6856.json | 18 ++++++++++++ 2020/6xxx/CVE-2020-6857.json | 18 ++++++++++++ 2020/6xxx/CVE-2020-6858.json | 18 ++++++++++++ 8 files changed, 176 insertions(+), 6 deletions(-) create mode 100644 2020/6xxx/CVE-2020-6852.json create mode 100644 2020/6xxx/CVE-2020-6853.json create mode 100644 2020/6xxx/CVE-2020-6854.json create mode 100644 2020/6xxx/CVE-2020-6855.json create mode 100644 2020/6xxx/CVE-2020-6856.json create mode 100644 2020/6xxx/CVE-2020-6857.json create mode 100644 2020/6xxx/CVE-2020-6858.json diff --git a/2020/6xxx/CVE-2020-6851.json b/2020/6xxx/CVE-2020-6851.json index 8824b2663b1..d5f58de73e7 100644 --- a/2020/6xxx/CVE-2020-6851.json +++ b/2020/6xxx/CVE-2020-6851.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6851", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6851", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in libopenjp2.so." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/uclouvain/openjpeg/issues/1228", + "refsource": "MISC", + "name": "https://github.com/uclouvain/openjpeg/issues/1228" } ] } diff --git a/2020/6xxx/CVE-2020-6852.json b/2020/6xxx/CVE-2020-6852.json new file mode 100644 index 00000000000..04769f890d7 --- /dev/null +++ b/2020/6xxx/CVE-2020-6852.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6852", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6853.json b/2020/6xxx/CVE-2020-6853.json new file mode 100644 index 00000000000..183f875a3bd --- /dev/null +++ b/2020/6xxx/CVE-2020-6853.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6853", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6854.json b/2020/6xxx/CVE-2020-6854.json new file mode 100644 index 00000000000..bc711820e75 --- /dev/null +++ b/2020/6xxx/CVE-2020-6854.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6854", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6855.json b/2020/6xxx/CVE-2020-6855.json new file mode 100644 index 00000000000..ac14361b7fb --- /dev/null +++ b/2020/6xxx/CVE-2020-6855.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6855", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6856.json b/2020/6xxx/CVE-2020-6856.json new file mode 100644 index 00000000000..f5fb1e825a1 --- /dev/null +++ b/2020/6xxx/CVE-2020-6856.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6856", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6857.json b/2020/6xxx/CVE-2020-6857.json new file mode 100644 index 00000000000..7ca612202e1 --- /dev/null +++ b/2020/6xxx/CVE-2020-6857.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6857", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6858.json b/2020/6xxx/CVE-2020-6858.json new file mode 100644 index 00000000000..4e4c556f9f2 --- /dev/null +++ b/2020/6xxx/CVE-2020-6858.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6858", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 9e777910a5455084f7316f801abf52007713af8f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jan 2020 07:01:15 +0000 Subject: [PATCH 033/387] "-Synchronized-Data." --- 2020/6xxx/CVE-2020-6859.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6860.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/6xxx/CVE-2020-6861.json | 18 +++++++++++ 3 files changed, 98 insertions(+) create mode 100644 2020/6xxx/CVE-2020-6859.json create mode 100644 2020/6xxx/CVE-2020-6860.json create mode 100644 2020/6xxx/CVE-2020-6861.json diff --git a/2020/6xxx/CVE-2020-6859.json b/2020/6xxx/CVE-2020-6859.json new file mode 100644 index 00000000000..12582b84a2a --- /dev/null +++ b/2020/6xxx/CVE-2020-6859.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6859", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6860.json b/2020/6xxx/CVE-2020-6860.json new file mode 100644 index 00000000000..0c22c0f1a10 --- /dev/null +++ b/2020/6xxx/CVE-2020-6860.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hoene/libmysofa/issues/96", + "refsource": "MISC", + "name": "https://github.com/hoene/libmysofa/issues/96" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6861.json b/2020/6xxx/CVE-2020-6861.json new file mode 100644 index 00000000000..568c1023b61 --- /dev/null +++ b/2020/6xxx/CVE-2020-6861.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6861", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From fade2253edbe228aace605befada2249d9a9109e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jan 2020 10:01:06 +0000 Subject: [PATCH 034/387] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17015.json | 5 +++++ 2019/17xxx/CVE-2019-17016.json | 5 +++++ 2019/17xxx/CVE-2019-17017.json | 5 +++++ 2019/17xxx/CVE-2019-17021.json | 5 +++++ 2019/17xxx/CVE-2019-17022.json | 5 +++++ 2019/17xxx/CVE-2019-17024.json | 5 +++++ 6 files changed, 30 insertions(+) diff --git a/2019/17xxx/CVE-2019-17015.json b/2019/17xxx/CVE-2019-17015.json index 5252728b4f4..6098fbb9110 100644 --- a/2019/17xxx/CVE-2019-17015.json +++ b/2019/17xxx/CVE-2019-17015.json @@ -68,6 +68,11 @@ "refsource": "CONFIRM", "name": "https://www.mozilla.org/security/advisories/mfsa2020-02/", "url": "https://www.mozilla.org/security/advisories/mfsa2020-02/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01)", + "url": "https://seclists.org/bugtraq/2020/Jan/18" } ] }, diff --git a/2019/17xxx/CVE-2019-17016.json b/2019/17xxx/CVE-2019-17016.json index e3d3eefef72..00b11eb7548 100644 --- a/2019/17xxx/CVE-2019-17016.json +++ b/2019/17xxx/CVE-2019-17016.json @@ -88,6 +88,11 @@ "refsource": "UBUNTU", "name": "USN-4234-1", "url": "https://usn.ubuntu.com/4234-1/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01)", + "url": "https://seclists.org/bugtraq/2020/Jan/18" } ] }, diff --git a/2019/17xxx/CVE-2019-17017.json b/2019/17xxx/CVE-2019-17017.json index 836f8ae5154..6eb9928d3b3 100644 --- a/2019/17xxx/CVE-2019-17017.json +++ b/2019/17xxx/CVE-2019-17017.json @@ -88,6 +88,11 @@ "refsource": "UBUNTU", "name": "USN-4234-1", "url": "https://usn.ubuntu.com/4234-1/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01)", + "url": "https://seclists.org/bugtraq/2020/Jan/18" } ] }, diff --git a/2019/17xxx/CVE-2019-17021.json b/2019/17xxx/CVE-2019-17021.json index 2b0a81c3ba3..77f6c6e3764 100644 --- a/2019/17xxx/CVE-2019-17021.json +++ b/2019/17xxx/CVE-2019-17021.json @@ -68,6 +68,11 @@ "refsource": "CONFIRM", "name": "https://www.mozilla.org/security/advisories/mfsa2020-02/", "url": "https://www.mozilla.org/security/advisories/mfsa2020-02/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01)", + "url": "https://seclists.org/bugtraq/2020/Jan/18" } ] }, diff --git a/2019/17xxx/CVE-2019-17022.json b/2019/17xxx/CVE-2019-17022.json index 26920740374..229e7961c3a 100644 --- a/2019/17xxx/CVE-2019-17022.json +++ b/2019/17xxx/CVE-2019-17022.json @@ -88,6 +88,11 @@ "refsource": "UBUNTU", "name": "USN-4234-1", "url": "https://usn.ubuntu.com/4234-1/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01)", + "url": "https://seclists.org/bugtraq/2020/Jan/18" } ] }, diff --git a/2019/17xxx/CVE-2019-17024.json b/2019/17xxx/CVE-2019-17024.json index d2507c86abf..1a25fd943ab 100644 --- a/2019/17xxx/CVE-2019-17024.json +++ b/2019/17xxx/CVE-2019-17024.json @@ -88,6 +88,11 @@ "refsource": "UBUNTU", "name": "USN-4234-1", "url": "https://usn.ubuntu.com/4234-1/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01)", + "url": "https://seclists.org/bugtraq/2020/Jan/18" } ] }, From 0596b85ccd0e0bc48d88d1f3ca3d96c8163fb4ed Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jan 2020 13:01:12 +0000 Subject: [PATCH 035/387] "-Synchronized-Data." --- 2014/5xxx/CVE-2014-5380.json | 63 ++++++++++++++++++++++++++++++++-- 2014/5xxx/CVE-2014-5381.json | 63 ++++++++++++++++++++++++++++++++-- 2014/6xxx/CVE-2014-6038.json | 63 ++++++++++++++++++++++++++++++++-- 2014/6xxx/CVE-2014-6039.json | 63 ++++++++++++++++++++++++++++++++-- 2014/6xxx/CVE-2014-6059.json | 58 +++++++++++++++++++++++++++++-- 2019/13xxx/CVE-2019-13699.json | 5 +++ 2019/13xxx/CVE-2019-13700.json | 5 +++ 2019/13xxx/CVE-2019-13701.json | 5 +++ 2019/13xxx/CVE-2019-13702.json | 5 +++ 2019/13xxx/CVE-2019-13703.json | 5 +++ 2019/13xxx/CVE-2019-13704.json | 5 +++ 2019/13xxx/CVE-2019-13705.json | 5 +++ 2019/13xxx/CVE-2019-13706.json | 5 +++ 2019/13xxx/CVE-2019-13707.json | 5 +++ 2019/13xxx/CVE-2019-13708.json | 5 +++ 2019/13xxx/CVE-2019-13709.json | 5 +++ 2019/13xxx/CVE-2019-13710.json | 5 +++ 2019/13xxx/CVE-2019-13711.json | 5 +++ 2019/13xxx/CVE-2019-13713.json | 5 +++ 2019/13xxx/CVE-2019-13714.json | 5 +++ 2019/13xxx/CVE-2019-13715.json | 5 +++ 2019/13xxx/CVE-2019-13716.json | 5 +++ 2019/13xxx/CVE-2019-13717.json | 5 +++ 2019/13xxx/CVE-2019-13718.json | 5 +++ 2019/13xxx/CVE-2019-13719.json | 5 +++ 2019/15xxx/CVE-2019-15903.json | 5 +++ 26 files changed, 405 insertions(+), 10 deletions(-) diff --git a/2014/5xxx/CVE-2014-5380.json b/2014/5xxx/CVE-2014-5380.json index 9da5655cf19..230bae6a48a 100644 --- a/2014/5xxx/CVE-2014-5380.json +++ b/2014/5xxx/CVE-2014-5380.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5380", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Grand MA 300 allows retrieval of the access PIN from sniffed data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/128003/Grand-MA-300-Fingerprint-Reader-Weak-PIN-Verification.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/128003/Grand-MA-300-Fingerprint-Reader-Weak-PIN-Verification.html" + }, + { + "url": "http://www.securityfocus.com/bid/69390", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/69390" + }, + { + "url": "http://seclists.org/fulldisclosure/2014/Aug/70", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Aug/70" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95484", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95484" } ] } diff --git a/2014/5xxx/CVE-2014-5381.json b/2014/5xxx/CVE-2014-5381.json index d2c852cbca6..1bda098579b 100644 --- a/2014/5xxx/CVE-2014-5381.json +++ b/2014/5xxx/CVE-2014-5381.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5381", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Grand MA 300 allows a brute-force attack on the PIN." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/128003/Grand-MA-300-Fingerprint-Reader-Weak-PIN-Verification.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/128003/Grand-MA-300-Fingerprint-Reader-Weak-PIN-Verification.html" + }, + { + "url": "http://www.securityfocus.com/bid/69390", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/69390" + }, + { + "url": "http://seclists.org/fulldisclosure/2014/Aug/70", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Aug/70" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95485", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95485" } ] } diff --git a/2014/6xxx/CVE-2014-6038.json b/2014/6xxx/CVE-2014-6038.json index 3a3454df766..50f7e819199 100644 --- a/2014/6xxx/CVE-2014-6038.json +++ b/2014/6xxx/CVE-2014-6038.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-6038", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html" + }, + { + "url": "http://www.securityfocus.com/bid/70959", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/70959" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98540", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98540" + }, + { + "url": "http://seclists.org/fulldisclosure/2014/Nov/12", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Nov/12" } ] } diff --git a/2014/6xxx/CVE-2014-6039.json b/2014/6xxx/CVE-2014-6039.json index 6ea6d6c2df5..2e04b090f64 100644 --- a/2014/6xxx/CVE-2014-6039.json +++ b/2014/6xxx/CVE-2014-6039.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-6039", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html" + }, + { + "url": "http://seclists.org/fulldisclosure/2014/Nov/12", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Nov/12" + }, + { + "url": "http://www.securityfocus.com/bid/70960", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/70960" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98539", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98539" } ] } diff --git a/2014/6xxx/CVE-2014-6059.json b/2014/6xxx/CVE-2014-6059.json index cbff28fca50..f2a8ed4ad92 100644 --- a/2014/6xxx/CVE-2014-6059.json +++ b/2014/6xxx/CVE-2014-6059.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-6059", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/128137/WordPress-Advanced-Access-Manager-2.8.2-File-Write-Code-Execution.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/128137/WordPress-Advanced-Access-Manager-2.8.2-File-Write-Code-Execution.html" + }, + { + "url": "http://www.securityfocus.com/bid/69549", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/69549" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95694", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95694" } ] } diff --git a/2019/13xxx/CVE-2019-13699.json b/2019/13xxx/CVE-2019-13699.json index b1b7aa7eee0..0f7365d70fc 100644 --- a/2019/13xxx/CVE-2019-13699.json +++ b/2019/13xxx/CVE-2019-13699.json @@ -54,6 +54,11 @@ "url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html", "refsource": "MISC", "name": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13700.json b/2019/13xxx/CVE-2019-13700.json index f27f4641d64..fba0def4614 100644 --- a/2019/13xxx/CVE-2019-13700.json +++ b/2019/13xxx/CVE-2019-13700.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/998431", "refsource": "MISC", "name": "https://crbug.com/998431" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13701.json b/2019/13xxx/CVE-2019-13701.json index b0315adfaf9..8eebb0a0ad9 100644 --- a/2019/13xxx/CVE-2019-13701.json +++ b/2019/13xxx/CVE-2019-13701.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/998284", "refsource": "MISC", "name": "https://crbug.com/998284" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13702.json b/2019/13xxx/CVE-2019-13702.json index 6b9e698012c..11cdf890e06 100644 --- a/2019/13xxx/CVE-2019-13702.json +++ b/2019/13xxx/CVE-2019-13702.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/991125", "refsource": "MISC", "name": "https://crbug.com/991125" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13703.json b/2019/13xxx/CVE-2019-13703.json index e99ba887f74..72be54cfd12 100644 --- a/2019/13xxx/CVE-2019-13703.json +++ b/2019/13xxx/CVE-2019-13703.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/992838", "refsource": "MISC", "name": "https://crbug.com/992838" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13704.json b/2019/13xxx/CVE-2019-13704.json index aa47a94327f..581ed1a622c 100644 --- a/2019/13xxx/CVE-2019-13704.json +++ b/2019/13xxx/CVE-2019-13704.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/1001283", "refsource": "MISC", "name": "https://crbug.com/1001283" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13705.json b/2019/13xxx/CVE-2019-13705.json index 78114239481..8c07e01772c 100644 --- a/2019/13xxx/CVE-2019-13705.json +++ b/2019/13xxx/CVE-2019-13705.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/989078", "refsource": "MISC", "name": "https://crbug.com/989078" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13706.json b/2019/13xxx/CVE-2019-13706.json index 6dd57c2d012..4501e3e84a1 100644 --- a/2019/13xxx/CVE-2019-13706.json +++ b/2019/13xxx/CVE-2019-13706.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/1001159", "refsource": "MISC", "name": "https://crbug.com/1001159" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13707.json b/2019/13xxx/CVE-2019-13707.json index c3a1dc3761d..7a23a961f90 100644 --- a/2019/13xxx/CVE-2019-13707.json +++ b/2019/13xxx/CVE-2019-13707.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/859349", "refsource": "MISC", "name": "https://crbug.com/859349" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13708.json b/2019/13xxx/CVE-2019-13708.json index 8efadfca7ba..90c69877157 100644 --- a/2019/13xxx/CVE-2019-13708.json +++ b/2019/13xxx/CVE-2019-13708.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/931894", "refsource": "MISC", "name": "https://crbug.com/931894" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13709.json b/2019/13xxx/CVE-2019-13709.json index cb252aa6cf8..a13208e0ed9 100644 --- a/2019/13xxx/CVE-2019-13709.json +++ b/2019/13xxx/CVE-2019-13709.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/1005218", "refsource": "MISC", "name": "https://crbug.com/1005218" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13710.json b/2019/13xxx/CVE-2019-13710.json index 0b22568fe70..cb13e282b91 100644 --- a/2019/13xxx/CVE-2019-13710.json +++ b/2019/13xxx/CVE-2019-13710.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/756825", "refsource": "MISC", "name": "https://crbug.com/756825" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13711.json b/2019/13xxx/CVE-2019-13711.json index 0a40d7a1a81..abfa902f5af 100644 --- a/2019/13xxx/CVE-2019-13711.json +++ b/2019/13xxx/CVE-2019-13711.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/986063", "refsource": "MISC", "name": "https://crbug.com/986063" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13713.json b/2019/13xxx/CVE-2019-13713.json index a65f2036671..96ce57c10c4 100644 --- a/2019/13xxx/CVE-2019-13713.json +++ b/2019/13xxx/CVE-2019-13713.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/993288", "refsource": "MISC", "name": "https://crbug.com/993288" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13714.json b/2019/13xxx/CVE-2019-13714.json index 098eddc8745..f8a4e897205 100644 --- a/2019/13xxx/CVE-2019-13714.json +++ b/2019/13xxx/CVE-2019-13714.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/982812", "refsource": "MISC", "name": "https://crbug.com/982812" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13715.json b/2019/13xxx/CVE-2019-13715.json index 203cb9bb5b6..99a54c6ad1e 100644 --- a/2019/13xxx/CVE-2019-13715.json +++ b/2019/13xxx/CVE-2019-13715.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/760855", "refsource": "MISC", "name": "https://crbug.com/760855" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13716.json b/2019/13xxx/CVE-2019-13716.json index 0d646d8783a..8583e1f0e74 100644 --- a/2019/13xxx/CVE-2019-13716.json +++ b/2019/13xxx/CVE-2019-13716.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/1005948", "refsource": "MISC", "name": "https://crbug.com/1005948" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13717.json b/2019/13xxx/CVE-2019-13717.json index f8ae5aaa8cf..2a77dae702d 100644 --- a/2019/13xxx/CVE-2019-13717.json +++ b/2019/13xxx/CVE-2019-13717.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/839239", "refsource": "MISC", "name": "https://crbug.com/839239" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13718.json b/2019/13xxx/CVE-2019-13718.json index e5f3183062c..26f642241fd 100644 --- a/2019/13xxx/CVE-2019-13718.json +++ b/2019/13xxx/CVE-2019-13718.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/866162", "refsource": "MISC", "name": "https://crbug.com/866162" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13719.json b/2019/13xxx/CVE-2019-13719.json index 2b0ef7ce237..2ebe0d96bc1 100644 --- a/2019/13xxx/CVE-2019-13719.json +++ b/2019/13xxx/CVE-2019-13719.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/927150", "refsource": "MISC", "name": "https://crbug.com/927150" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/15xxx/CVE-2019-15903.json b/2019/15xxx/CVE-2019-15903.json index b039421a1b5..c98859ae855 100644 --- a/2019/15xxx/CVE-2019-15903.json +++ b/2019/15xxx/CVE-2019-15903.json @@ -316,6 +316,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-5 tvOS 13.3", "url": "http://seclists.org/fulldisclosure/2019/Dec/27" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] } From 5c17f692459365dea99ba963b50fc61249472105 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jan 2020 14:01:06 +0000 Subject: [PATCH 036/387] "-Synchronized-Data." --- 2011/2xxx/CVE-2011-2670.json | 50 +++++++++++++++++++++++++++-- 2013/6xxx/CVE-2013-6225.json | 58 ++++++++++++++++++++++++++++++++-- 2014/9xxx/CVE-2014-9382.json | 58 ++++++++++++++++++++++++++++++++-- 2019/11xxx/CVE-2019-11287.json | 5 +++ 2020/6xxx/CVE-2020-6862.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6863.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6864.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6865.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6866.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6867.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6868.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6869.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6870.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6871.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6872.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6873.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6874.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6875.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6876.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6877.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6878.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6879.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6880.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6881.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6882.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6883.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6884.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6885.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6886.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6887.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6888.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6889.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6890.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6891.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6892.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6893.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6894.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6895.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6896.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6897.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6898.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6899.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6900.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6901.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6902.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6903.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6904.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6905.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6906.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6907.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6908.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6909.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6910.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6911.json | 18 +++++++++++ 54 files changed, 1064 insertions(+), 7 deletions(-) create mode 100644 2020/6xxx/CVE-2020-6862.json create mode 100644 2020/6xxx/CVE-2020-6863.json create mode 100644 2020/6xxx/CVE-2020-6864.json create mode 100644 2020/6xxx/CVE-2020-6865.json create mode 100644 2020/6xxx/CVE-2020-6866.json create mode 100644 2020/6xxx/CVE-2020-6867.json create mode 100644 2020/6xxx/CVE-2020-6868.json create mode 100644 2020/6xxx/CVE-2020-6869.json create mode 100644 2020/6xxx/CVE-2020-6870.json create mode 100644 2020/6xxx/CVE-2020-6871.json create mode 100644 2020/6xxx/CVE-2020-6872.json create mode 100644 2020/6xxx/CVE-2020-6873.json create mode 100644 2020/6xxx/CVE-2020-6874.json create mode 100644 2020/6xxx/CVE-2020-6875.json create mode 100644 2020/6xxx/CVE-2020-6876.json create mode 100644 2020/6xxx/CVE-2020-6877.json create mode 100644 2020/6xxx/CVE-2020-6878.json create mode 100644 2020/6xxx/CVE-2020-6879.json create mode 100644 2020/6xxx/CVE-2020-6880.json create mode 100644 2020/6xxx/CVE-2020-6881.json create mode 100644 2020/6xxx/CVE-2020-6882.json create mode 100644 2020/6xxx/CVE-2020-6883.json create mode 100644 2020/6xxx/CVE-2020-6884.json create mode 100644 2020/6xxx/CVE-2020-6885.json create mode 100644 2020/6xxx/CVE-2020-6886.json create mode 100644 2020/6xxx/CVE-2020-6887.json create mode 100644 2020/6xxx/CVE-2020-6888.json create mode 100644 2020/6xxx/CVE-2020-6889.json create mode 100644 2020/6xxx/CVE-2020-6890.json create mode 100644 2020/6xxx/CVE-2020-6891.json create mode 100644 2020/6xxx/CVE-2020-6892.json create mode 100644 2020/6xxx/CVE-2020-6893.json create mode 100644 2020/6xxx/CVE-2020-6894.json create mode 100644 2020/6xxx/CVE-2020-6895.json create mode 100644 2020/6xxx/CVE-2020-6896.json create mode 100644 2020/6xxx/CVE-2020-6897.json create mode 100644 2020/6xxx/CVE-2020-6898.json create mode 100644 2020/6xxx/CVE-2020-6899.json create mode 100644 2020/6xxx/CVE-2020-6900.json create mode 100644 2020/6xxx/CVE-2020-6901.json create mode 100644 2020/6xxx/CVE-2020-6902.json create mode 100644 2020/6xxx/CVE-2020-6903.json create mode 100644 2020/6xxx/CVE-2020-6904.json create mode 100644 2020/6xxx/CVE-2020-6905.json create mode 100644 2020/6xxx/CVE-2020-6906.json create mode 100644 2020/6xxx/CVE-2020-6907.json create mode 100644 2020/6xxx/CVE-2020-6908.json create mode 100644 2020/6xxx/CVE-2020-6909.json create mode 100644 2020/6xxx/CVE-2020-6910.json create mode 100644 2020/6xxx/CVE-2020-6911.json diff --git a/2011/2xxx/CVE-2011-2670.json b/2011/2xxx/CVE-2011-2670.json index bfe07c7ea73..ef4b4f09fca 100644 --- a/2011/2xxx/CVE-2011-2670.json +++ b/2011/2xxx/CVE-2011-2670.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2011-2670", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "before 3.6" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://jvn.jp/en/jp/JVN74649877/index.html", + "refsource": "MISC", + "name": "http://jvn.jp/en/jp/JVN74649877/index.html" } ] } diff --git a/2013/6xxx/CVE-2013-6225.json b/2013/6xxx/CVE-2013-6225.json index ca88d4b44dd..0ebe33a7b99 100644 --- a/2013/6xxx/CVE-2013-6225.json +++ b/2013/6xxx/CVE-2013-6225.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6225", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.exploit-db.com/exploits/29672", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/29672" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89051", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89051" + }, + { + "refsource": "MISC", + "name": "https://curesec.com/de/veroeffentlichungen/advisories.html", + "url": "https://curesec.com/de/veroeffentlichungen/advisories.html" } ] } diff --git a/2014/9xxx/CVE-2014-9382.json b/2014/9xxx/CVE-2014-9382.json index 68fbfb2ce9b..2ba87d7899b 100644 --- a/2014/9xxx/CVE-2014-9382.json +++ b/2014/9xxx/CVE-2014-9382.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9382", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user account creation" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/132121/FreeBox-3.0.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/132121/FreeBox-3.0.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" + }, + { + "url": "http://www.securityfocus.com/bid/74936", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/74936" + }, + { + "url": "http://seclists.org/fulldisclosure/2015/Jun/1", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Jun/1" } ] } diff --git a/2019/11xxx/CVE-2019-11287.json b/2019/11xxx/CVE-2019-11287.json index 20586271960..a38496e4da6 100644 --- a/2019/11xxx/CVE-2019-11287.json +++ b/2019/11xxx/CVE-2019-11287.json @@ -95,6 +95,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-74d2feb5be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0078", + "url": "https://access.redhat.com/errata/RHSA-2020:0078" } ] }, diff --git a/2020/6xxx/CVE-2020-6862.json b/2020/6xxx/CVE-2020-6862.json new file mode 100644 index 00000000000..7743768f08c --- /dev/null +++ b/2020/6xxx/CVE-2020-6862.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6862", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6863.json b/2020/6xxx/CVE-2020-6863.json new file mode 100644 index 00000000000..d6379afa17e --- /dev/null +++ b/2020/6xxx/CVE-2020-6863.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6863", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6864.json b/2020/6xxx/CVE-2020-6864.json new file mode 100644 index 00000000000..022e08818bd --- /dev/null +++ b/2020/6xxx/CVE-2020-6864.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6864", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6865.json b/2020/6xxx/CVE-2020-6865.json new file mode 100644 index 00000000000..7cba2bda19e --- /dev/null +++ b/2020/6xxx/CVE-2020-6865.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6865", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6866.json b/2020/6xxx/CVE-2020-6866.json new file mode 100644 index 00000000000..076794a1d09 --- /dev/null +++ b/2020/6xxx/CVE-2020-6866.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6866", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6867.json b/2020/6xxx/CVE-2020-6867.json new file mode 100644 index 00000000000..fb762f6ccc9 --- /dev/null +++ b/2020/6xxx/CVE-2020-6867.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6867", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6868.json b/2020/6xxx/CVE-2020-6868.json new file mode 100644 index 00000000000..413382ce29f --- /dev/null +++ b/2020/6xxx/CVE-2020-6868.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6868", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6869.json b/2020/6xxx/CVE-2020-6869.json new file mode 100644 index 00000000000..f82e9eb2ec7 --- /dev/null +++ b/2020/6xxx/CVE-2020-6869.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6869", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6870.json b/2020/6xxx/CVE-2020-6870.json new file mode 100644 index 00000000000..7fa33b39df4 --- /dev/null +++ b/2020/6xxx/CVE-2020-6870.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6870", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6871.json b/2020/6xxx/CVE-2020-6871.json new file mode 100644 index 00000000000..0f93b40c03d --- /dev/null +++ b/2020/6xxx/CVE-2020-6871.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6871", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6872.json b/2020/6xxx/CVE-2020-6872.json new file mode 100644 index 00000000000..2e25ff17e47 --- /dev/null +++ b/2020/6xxx/CVE-2020-6872.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6872", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6873.json b/2020/6xxx/CVE-2020-6873.json new file mode 100644 index 00000000000..70bc40c02bf --- /dev/null +++ b/2020/6xxx/CVE-2020-6873.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6873", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6874.json b/2020/6xxx/CVE-2020-6874.json new file mode 100644 index 00000000000..bbb98bc9b8b --- /dev/null +++ b/2020/6xxx/CVE-2020-6874.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6874", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6875.json b/2020/6xxx/CVE-2020-6875.json new file mode 100644 index 00000000000..5624e8b4bdf --- /dev/null +++ b/2020/6xxx/CVE-2020-6875.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6875", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6876.json b/2020/6xxx/CVE-2020-6876.json new file mode 100644 index 00000000000..314f529975f --- /dev/null +++ b/2020/6xxx/CVE-2020-6876.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6876", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6877.json b/2020/6xxx/CVE-2020-6877.json new file mode 100644 index 00000000000..2f469c32241 --- /dev/null +++ b/2020/6xxx/CVE-2020-6877.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6877", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6878.json b/2020/6xxx/CVE-2020-6878.json new file mode 100644 index 00000000000..e48ff9c4d4f --- /dev/null +++ b/2020/6xxx/CVE-2020-6878.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6878", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6879.json b/2020/6xxx/CVE-2020-6879.json new file mode 100644 index 00000000000..09753145ad9 --- /dev/null +++ b/2020/6xxx/CVE-2020-6879.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6879", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6880.json b/2020/6xxx/CVE-2020-6880.json new file mode 100644 index 00000000000..ec4215c126c --- /dev/null +++ b/2020/6xxx/CVE-2020-6880.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6880", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6881.json b/2020/6xxx/CVE-2020-6881.json new file mode 100644 index 00000000000..c39ea8f661c --- /dev/null +++ b/2020/6xxx/CVE-2020-6881.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6881", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6882.json b/2020/6xxx/CVE-2020-6882.json new file mode 100644 index 00000000000..dca68b015f1 --- /dev/null +++ b/2020/6xxx/CVE-2020-6882.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6882", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6883.json b/2020/6xxx/CVE-2020-6883.json new file mode 100644 index 00000000000..2a08f1ead90 --- /dev/null +++ b/2020/6xxx/CVE-2020-6883.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6883", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6884.json b/2020/6xxx/CVE-2020-6884.json new file mode 100644 index 00000000000..6ea90fdc0e7 --- /dev/null +++ b/2020/6xxx/CVE-2020-6884.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6884", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6885.json b/2020/6xxx/CVE-2020-6885.json new file mode 100644 index 00000000000..325829e7900 --- /dev/null +++ b/2020/6xxx/CVE-2020-6885.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6885", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6886.json b/2020/6xxx/CVE-2020-6886.json new file mode 100644 index 00000000000..1420f2167f3 --- /dev/null +++ b/2020/6xxx/CVE-2020-6886.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6886", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6887.json b/2020/6xxx/CVE-2020-6887.json new file mode 100644 index 00000000000..be0dabf2295 --- /dev/null +++ b/2020/6xxx/CVE-2020-6887.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6887", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6888.json b/2020/6xxx/CVE-2020-6888.json new file mode 100644 index 00000000000..bf36d025981 --- /dev/null +++ b/2020/6xxx/CVE-2020-6888.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6888", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6889.json b/2020/6xxx/CVE-2020-6889.json new file mode 100644 index 00000000000..80446ad2483 --- /dev/null +++ b/2020/6xxx/CVE-2020-6889.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6889", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6890.json b/2020/6xxx/CVE-2020-6890.json new file mode 100644 index 00000000000..b298c0259f0 --- /dev/null +++ b/2020/6xxx/CVE-2020-6890.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6890", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6891.json b/2020/6xxx/CVE-2020-6891.json new file mode 100644 index 00000000000..6ff83d80c0b --- /dev/null +++ b/2020/6xxx/CVE-2020-6891.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6891", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6892.json b/2020/6xxx/CVE-2020-6892.json new file mode 100644 index 00000000000..d834ac8ce75 --- /dev/null +++ b/2020/6xxx/CVE-2020-6892.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6892", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6893.json b/2020/6xxx/CVE-2020-6893.json new file mode 100644 index 00000000000..36617f771f1 --- /dev/null +++ b/2020/6xxx/CVE-2020-6893.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6893", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6894.json b/2020/6xxx/CVE-2020-6894.json new file mode 100644 index 00000000000..da4025fd738 --- /dev/null +++ b/2020/6xxx/CVE-2020-6894.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6894", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6895.json b/2020/6xxx/CVE-2020-6895.json new file mode 100644 index 00000000000..f180a85571e --- /dev/null +++ b/2020/6xxx/CVE-2020-6895.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6895", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6896.json b/2020/6xxx/CVE-2020-6896.json new file mode 100644 index 00000000000..9b917bd9db2 --- /dev/null +++ b/2020/6xxx/CVE-2020-6896.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6896", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6897.json b/2020/6xxx/CVE-2020-6897.json new file mode 100644 index 00000000000..6822a204ebe --- /dev/null +++ b/2020/6xxx/CVE-2020-6897.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6897", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6898.json b/2020/6xxx/CVE-2020-6898.json new file mode 100644 index 00000000000..dc836d5c8a0 --- /dev/null +++ b/2020/6xxx/CVE-2020-6898.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6898", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6899.json b/2020/6xxx/CVE-2020-6899.json new file mode 100644 index 00000000000..73670758199 --- /dev/null +++ b/2020/6xxx/CVE-2020-6899.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6899", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6900.json b/2020/6xxx/CVE-2020-6900.json new file mode 100644 index 00000000000..93f7d89633c --- /dev/null +++ b/2020/6xxx/CVE-2020-6900.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6900", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6901.json b/2020/6xxx/CVE-2020-6901.json new file mode 100644 index 00000000000..ea28e180c75 --- /dev/null +++ b/2020/6xxx/CVE-2020-6901.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6901", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6902.json b/2020/6xxx/CVE-2020-6902.json new file mode 100644 index 00000000000..9f7049238d4 --- /dev/null +++ b/2020/6xxx/CVE-2020-6902.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6902", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6903.json b/2020/6xxx/CVE-2020-6903.json new file mode 100644 index 00000000000..4a9f1bebc5a --- /dev/null +++ b/2020/6xxx/CVE-2020-6903.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6903", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6904.json b/2020/6xxx/CVE-2020-6904.json new file mode 100644 index 00000000000..575b7a79a3f --- /dev/null +++ b/2020/6xxx/CVE-2020-6904.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6904", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6905.json b/2020/6xxx/CVE-2020-6905.json new file mode 100644 index 00000000000..26d9911c3ac --- /dev/null +++ b/2020/6xxx/CVE-2020-6905.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6905", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6906.json b/2020/6xxx/CVE-2020-6906.json new file mode 100644 index 00000000000..ea98708dce0 --- /dev/null +++ b/2020/6xxx/CVE-2020-6906.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6906", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6907.json b/2020/6xxx/CVE-2020-6907.json new file mode 100644 index 00000000000..88a84bd5ca0 --- /dev/null +++ b/2020/6xxx/CVE-2020-6907.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6907", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6908.json b/2020/6xxx/CVE-2020-6908.json new file mode 100644 index 00000000000..0a7124adae9 --- /dev/null +++ b/2020/6xxx/CVE-2020-6908.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6908", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6909.json b/2020/6xxx/CVE-2020-6909.json new file mode 100644 index 00000000000..1c6c162f151 --- /dev/null +++ b/2020/6xxx/CVE-2020-6909.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6909", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6910.json b/2020/6xxx/CVE-2020-6910.json new file mode 100644 index 00000000000..2e2520db9ba --- /dev/null +++ b/2020/6xxx/CVE-2020-6910.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6910", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6911.json b/2020/6xxx/CVE-2020-6911.json new file mode 100644 index 00000000000..c0e28a7fc6d --- /dev/null +++ b/2020/6xxx/CVE-2020-6911.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6911", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From f371d0ae697e32a1f7d864266d8ccf9c20de2868 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jan 2020 15:01:03 +0000 Subject: [PATCH 037/387] "-Synchronized-Data." --- 2019/19xxx/CVE-2019-19781.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/2019/19xxx/CVE-2019-19781.json b/2019/19xxx/CVE-2019-19781.json index c808a0a75f8..ae0f8c8b22c 100644 --- a/2019/19xxx/CVE-2019-19781.json +++ b/2019/19xxx/CVE-2019-19781.json @@ -66,6 +66,16 @@ "refsource": "MISC", "name": "https://twitter.com/bad_packets/status/1215431625766424576", "url": "https://twitter.com/bad_packets/status/1215431625766424576" + }, + { + "refsource": "MISC", + "name": "https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/", + "url": "https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/" + }, + { + "refsource": "MISC", + "name": "https://forms.gle/eDf3DXZAv96oosfj6", + "url": "https://forms.gle/eDf3DXZAv96oosfj6" } ] } From 50b7293e5ba0d46e016f7f6bd903fb95f8e8f25d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jan 2020 16:01:09 +0000 Subject: [PATCH 038/387] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17558.json | 20 ++++++++++++++ 2019/19xxx/CVE-2019-19547.json | 50 ++++++++++++++++++++++++++++++++-- 2020/1xxx/CVE-2020-1810.json | 2 +- 2020/6xxx/CVE-2020-6377.json | 5 ++++ 4 files changed, 73 insertions(+), 4 deletions(-) diff --git a/2019/17xxx/CVE-2019-17558.json b/2019/17xxx/CVE-2019-17558.json index 77281c36d08..2ae3b40e833 100644 --- a/2019/17xxx/CVE-2019-17558.json +++ b/2019/17xxx/CVE-2019-17558.json @@ -83,6 +83,26 @@ "refsource": "MLIST", "name": "[lucene-issues] 20200108 [GitHub] [lucene-solr] Sachpat commented on issue #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "url": "https://lists.apache.org/thread.html/r58c58fe51c87bc30ee13bb8b4c83587f023edb349018705208e65b37@%3Cissues.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-issues] 20200113 [GitHub] [lucene-solr] Sachpat closed pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", + "url": "https://lists.apache.org/thread.html/r25f1bd4545617f5b86dde27b4c30fec73117af65598a30e20209739a@%3Cissues.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-issues] 20200113 [jira] [Commented] (SOLR-14025) CVE-2019-17558: Velocity response writer RCE vulnerability persists after 8.3.1", + "url": "https://lists.apache.org/thread.html/r12ab2cb15a34e49b4fecb5b2bdd7e10f3e8b7bf1f4f47fcde34d3a7c@%3Cissues.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-issues] 20200113 [GitHub] [lucene-solr] chatman commented on issue #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", + "url": "https://lists.apache.org/thread.html/r99c3f7ec3a079e2abbd540ecdb55a0e2a0f349ca7084273a12e87aeb@%3Cissues.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-issues] 20200113 [GitHub] [lucene-solr] Sachpat commented on issue #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", + "url": "https://lists.apache.org/thread.html/r0b7b9d4113e6ec1ae1d3d0898c645f758511107ea44f0f3a1210c5d5@%3Cissues.lucene.apache.org%3E" } ] }, diff --git a/2019/19xxx/CVE-2019-19547.json b/2019/19xxx/CVE-2019-19547.json index 62b2c89aad1..33677bf1ae5 100644 --- a/2019/19xxx/CVE-2019-19547.json +++ b/2019/19xxx/CVE-2019-19547.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19547", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Symantec", + "product": { + "product_data": [ + { + "product_name": "Endpoint Detection and Response (SEDR)", + "version": { + "version_data": [ + { + "version_value": "Prior to 4.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.symantec.com/us/en/article.SYMSA1502.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1502.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy." } ] } diff --git a/2020/1xxx/CVE-2020-1810.json b/2020/1xxx/CVE-2020-1810.json index 51f75623955..4b7817daca5 100644 --- a/2020/1xxx/CVE-2020-1810.json +++ b/2020/1xxx/CVE-2020-1810.json @@ -198,7 +198,7 @@ "description_data": [ { "lang": "eng", - "value": "Huawei products CloudEngine 12800, S5700, and S6700 have a weak algorithm vulnerability. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information. Affected product versions include: CloudEngine 12800 versions V100R003C00SPC600, V100R003C10SPC100, V100R005C00SPC200, V100R005C00SPC300, V100R005C10HP0001, V100R005C10SPC100, V100R005C10SPC200, V100R006C00, V200R001C00, V200R002C01, V200R002C10, V200R002C20, V200R005C10; CloudEngine S5700 versions V200R005C00SPC500, V200R005C03, V200R006C00SPC100, V200R006C00SPC300, V200R006C00SPC500, V200R007C00SPC100, V200R007C00SPC500, V200R010C00SPC300, V200R010C00SPC600, V200R010C00SPC700, V200R011C00SPC200, V200R011C10SPC500, V200R011C10SPC600, V200R012C00SPC200, V200R012C00SPC500, V200R012C00SPC600, V200R012C00SPC700, V200R012C00SPC710, V200R012C20; CloudEngine S6700 versions V200R005C00SPC500, V200R005C01, V200R008C00SPC500, V200R010C00SPC300, V200R010C00SPC600, V200R011C00SPC200, V200R011C10SPC500, V200R011C10SPC600, V200R012C00SPC200, V200R012C00SPC500, V200R012C00SPC600, V200R012C00SPC710." + "value": "Huawei products CloudEngine 12800;S5700;S6700 have a weak algorithm vulnerability. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information. Affected product versions include: CloudEngine 12800 versions V100R003C00SPC600, V100R003C10SPC100, V100R005C00SPC200, V100R005C00SPC300, V100R005C10HP0001, V100R005C10SPC100, V100R005C10SPC200, V100R006C00, V200R001C00, V200R002C01, V200R002C10, V200R002C20, V200R005C10; S5700 versions V200R005C00SPC500, V200R005C03, V200R006C00SPC100, V200R006C00SPC300, V200R006C00SPC500, V200R007C00SPC100, V200R007C00SPC500; S6700 versions V200R005C00SPC500, V200R005C01." } ] } diff --git a/2020/6xxx/CVE-2020-6377.json b/2020/6xxx/CVE-2020-6377.json index 7b4575a22b7..fdbae3e89ed 100644 --- a/2020/6xxx/CVE-2020-6377.json +++ b/2020/6xxx/CVE-2020-6377.json @@ -69,6 +69,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-581537c8aa", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PSUXNEUS6N42UJNQVCQSTSM6CSW2REPG/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0084", + "url": "https://access.redhat.com/errata/RHSA-2020:0084" } ] }, From c1962b22229124620693a12db00267a5fd8b19df Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jan 2020 17:01:07 +0000 Subject: [PATCH 039/387] "-Synchronized-Data." --- 2019/18xxx/CVE-2019-18893.json | 62 +++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18894.json | 62 +++++++++++++++++++++++++++++ 2020/6xxx/CVE-2020-6859.json | 71 +++++++++++++++++++++++++++++++--- 2020/6xxx/CVE-2020-6912.json | 18 +++++++++ 2020/6xxx/CVE-2020-6913.json | 18 +++++++++ 2020/6xxx/CVE-2020-6914.json | 18 +++++++++ 2020/6xxx/CVE-2020-6915.json | 18 +++++++++ 2020/6xxx/CVE-2020-6916.json | 18 +++++++++ 2020/6xxx/CVE-2020-6917.json | 18 +++++++++ 2020/6xxx/CVE-2020-6918.json | 18 +++++++++ 2020/6xxx/CVE-2020-6919.json | 18 +++++++++ 2020/6xxx/CVE-2020-6920.json | 18 +++++++++ 2020/6xxx/CVE-2020-6921.json | 18 +++++++++ 2020/6xxx/CVE-2020-6922.json | 18 +++++++++ 2020/6xxx/CVE-2020-6923.json | 18 +++++++++ 2020/6xxx/CVE-2020-6924.json | 18 +++++++++ 2020/6xxx/CVE-2020-6925.json | 18 +++++++++ 2020/6xxx/CVE-2020-6926.json | 18 +++++++++ 2020/6xxx/CVE-2020-6927.json | 18 +++++++++ 2020/6xxx/CVE-2020-6928.json | 18 +++++++++ 2020/6xxx/CVE-2020-6929.json | 18 +++++++++ 2020/6xxx/CVE-2020-6930.json | 18 +++++++++ 2020/6xxx/CVE-2020-6931.json | 18 +++++++++ 23 files changed, 549 insertions(+), 6 deletions(-) create mode 100644 2019/18xxx/CVE-2019-18893.json create mode 100644 2019/18xxx/CVE-2019-18894.json create mode 100644 2020/6xxx/CVE-2020-6912.json create mode 100644 2020/6xxx/CVE-2020-6913.json create mode 100644 2020/6xxx/CVE-2020-6914.json create mode 100644 2020/6xxx/CVE-2020-6915.json create mode 100644 2020/6xxx/CVE-2020-6916.json create mode 100644 2020/6xxx/CVE-2020-6917.json create mode 100644 2020/6xxx/CVE-2020-6918.json create mode 100644 2020/6xxx/CVE-2020-6919.json create mode 100644 2020/6xxx/CVE-2020-6920.json create mode 100644 2020/6xxx/CVE-2020-6921.json create mode 100644 2020/6xxx/CVE-2020-6922.json create mode 100644 2020/6xxx/CVE-2020-6923.json create mode 100644 2020/6xxx/CVE-2020-6924.json create mode 100644 2020/6xxx/CVE-2020-6925.json create mode 100644 2020/6xxx/CVE-2020-6926.json create mode 100644 2020/6xxx/CVE-2020-6927.json create mode 100644 2020/6xxx/CVE-2020-6928.json create mode 100644 2020/6xxx/CVE-2020-6929.json create mode 100644 2020/6xxx/CVE-2020-6930.json create mode 100644 2020/6xxx/CVE-2020-6931.json diff --git a/2019/18xxx/CVE-2019-18893.json b/2019/18xxx/CVE-2019-18893.json new file mode 100644 index 00000000000..eecb18085a4 --- /dev/null +++ b/2019/18xxx/CVE-2019-18893.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component. While Video Downloader is technically a browser extension, it is granted a very wide set of privileges and can for example access cookies and browsing history, spy on the user while they are surfing the web, and alter their surfing experience in almost arbitrary ways." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://palant.de/2020/01/13/pwning-avast-secure-browser-for-fun-and-profit/", + "url": "https://palant.de/2020/01/13/pwning-avast-secure-browser-for-fun-and-profit/" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18894.json b/2019/18xxx/CVE-2019-18894.json new file mode 100644 index 00000000000..f593407959d --- /dev/null +++ b/2019/18xxx/CVE-2019-18894.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. A flaw in the processing of a command allows execution of arbitrary OS commands with the privileges of the currently logged in user. This allows for example attackers who compromised a browser extension to escape from the browser sandbox." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://palant.de/2020/01/13/pwning-avast-secure-browser-for-fun-and-profit/", + "url": "https://palant.de/2020/01/13/pwning-avast-secure-browser-for-fun-and-profit/" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6859.json b/2020/6xxx/CVE-2020-6859.json index 12582b84a2a..9c413d23595 100644 --- a/2020/6xxx/CVE-2020-6859.json +++ b/2020/6xxx/CVE-2020-6859.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6859", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6859", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and ajax_resize_image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/ultimate-member/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/ultimate-member/#developers" + }, + { + "url": "https://github.com/ultimatemember/ultimatemember/blob/627bbb0fae81ac34c60b43f0867eadcf8e1bc523/includes/core/class-files.php#L310", + "refsource": "MISC", + "name": "https://github.com/ultimatemember/ultimatemember/blob/627bbb0fae81ac34c60b43f0867eadcf8e1bc523/includes/core/class-files.php#L310" + }, + { + "url": "https://github.com/ultimatemember/ultimatemember/blob/627bbb0fae81ac34c60b43f0867eadcf8e1bc523/includes/core/class-files.php#L269", + "refsource": "MISC", + "name": "https://github.com/ultimatemember/ultimatemember/blob/627bbb0fae81ac34c60b43f0867eadcf8e1bc523/includes/core/class-files.php#L269" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/ultimatemember/ultimatemember/commit/249682559012734a4f7d71f52609b2f301ea55b1", + "url": "https://github.com/ultimatemember/ultimatemember/commit/249682559012734a4f7d71f52609b2f301ea55b1" } ] } diff --git a/2020/6xxx/CVE-2020-6912.json b/2020/6xxx/CVE-2020-6912.json new file mode 100644 index 00000000000..38fcf9aa360 --- /dev/null +++ b/2020/6xxx/CVE-2020-6912.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6912", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6913.json b/2020/6xxx/CVE-2020-6913.json new file mode 100644 index 00000000000..a841c083fb3 --- /dev/null +++ b/2020/6xxx/CVE-2020-6913.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6913", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6914.json b/2020/6xxx/CVE-2020-6914.json new file mode 100644 index 00000000000..c6f478e3a06 --- /dev/null +++ b/2020/6xxx/CVE-2020-6914.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6914", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6915.json b/2020/6xxx/CVE-2020-6915.json new file mode 100644 index 00000000000..963fbea586d --- /dev/null +++ b/2020/6xxx/CVE-2020-6915.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6915", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6916.json b/2020/6xxx/CVE-2020-6916.json new file mode 100644 index 00000000000..79701fafddd --- /dev/null +++ b/2020/6xxx/CVE-2020-6916.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6916", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6917.json b/2020/6xxx/CVE-2020-6917.json new file mode 100644 index 00000000000..0159d81cb0e --- /dev/null +++ b/2020/6xxx/CVE-2020-6917.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6917", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6918.json b/2020/6xxx/CVE-2020-6918.json new file mode 100644 index 00000000000..03db0ccc1cf --- /dev/null +++ b/2020/6xxx/CVE-2020-6918.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6918", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6919.json b/2020/6xxx/CVE-2020-6919.json new file mode 100644 index 00000000000..58449b9aa2b --- /dev/null +++ b/2020/6xxx/CVE-2020-6919.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6919", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6920.json b/2020/6xxx/CVE-2020-6920.json new file mode 100644 index 00000000000..d59871ead96 --- /dev/null +++ b/2020/6xxx/CVE-2020-6920.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6920", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6921.json b/2020/6xxx/CVE-2020-6921.json new file mode 100644 index 00000000000..dacddd50071 --- /dev/null +++ b/2020/6xxx/CVE-2020-6921.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6921", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6922.json b/2020/6xxx/CVE-2020-6922.json new file mode 100644 index 00000000000..1ba813819c8 --- /dev/null +++ b/2020/6xxx/CVE-2020-6922.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6922", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6923.json b/2020/6xxx/CVE-2020-6923.json new file mode 100644 index 00000000000..e80a586bdbb --- /dev/null +++ b/2020/6xxx/CVE-2020-6923.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6923", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6924.json b/2020/6xxx/CVE-2020-6924.json new file mode 100644 index 00000000000..19e0510306c --- /dev/null +++ b/2020/6xxx/CVE-2020-6924.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6924", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6925.json b/2020/6xxx/CVE-2020-6925.json new file mode 100644 index 00000000000..6968a4aa902 --- /dev/null +++ b/2020/6xxx/CVE-2020-6925.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6925", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6926.json b/2020/6xxx/CVE-2020-6926.json new file mode 100644 index 00000000000..4488b67baf8 --- /dev/null +++ b/2020/6xxx/CVE-2020-6926.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6926", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6927.json b/2020/6xxx/CVE-2020-6927.json new file mode 100644 index 00000000000..e5f46dfa2dd --- /dev/null +++ b/2020/6xxx/CVE-2020-6927.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6927", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6928.json b/2020/6xxx/CVE-2020-6928.json new file mode 100644 index 00000000000..e2c8e1c672a --- /dev/null +++ b/2020/6xxx/CVE-2020-6928.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6928", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6929.json b/2020/6xxx/CVE-2020-6929.json new file mode 100644 index 00000000000..ed2362bbf87 --- /dev/null +++ b/2020/6xxx/CVE-2020-6929.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6929", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6930.json b/2020/6xxx/CVE-2020-6930.json new file mode 100644 index 00000000000..01e34c39931 --- /dev/null +++ b/2020/6xxx/CVE-2020-6930.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6930", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6931.json b/2020/6xxx/CVE-2020-6931.json new file mode 100644 index 00000000000..902558bf276 --- /dev/null +++ b/2020/6xxx/CVE-2020-6931.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6931", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 1045ce8af360efb0dc096e89067b517fc7c6de52 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jan 2020 18:01:10 +0000 Subject: [PATCH 040/387] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17016.json | 10 ++++ 2019/17xxx/CVE-2019-17017.json | 10 ++++ 2019/17xxx/CVE-2019-17022.json | 10 ++++ 2019/17xxx/CVE-2019-17024.json | 10 ++++ 2019/19xxx/CVE-2019-19891.json | 61 ++++++++++++++++++--- 2019/20xxx/CVE-2019-20209.json | 96 +++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20210.json | 96 +++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20211.json | 96 +++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20212.json | 96 +++++++++++++++++++++++++++++++--- 2020/5xxx/CVE-2020-5195.json | 66 ++++++++++++++++++++--- 10 files changed, 515 insertions(+), 36 deletions(-) diff --git a/2019/17xxx/CVE-2019-17016.json b/2019/17xxx/CVE-2019-17016.json index 00b11eb7548..80512691dfd 100644 --- a/2019/17xxx/CVE-2019-17016.json +++ b/2019/17xxx/CVE-2019-17016.json @@ -93,6 +93,16 @@ "refsource": "BUGTRAQ", "name": "20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01)", "url": "https://seclists.org/bugtraq/2020/Jan/18" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0085", + "url": "https://access.redhat.com/errata/RHSA-2020:0085" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0086", + "url": "https://access.redhat.com/errata/RHSA-2020:0086" } ] }, diff --git a/2019/17xxx/CVE-2019-17017.json b/2019/17xxx/CVE-2019-17017.json index 6eb9928d3b3..36bf0004310 100644 --- a/2019/17xxx/CVE-2019-17017.json +++ b/2019/17xxx/CVE-2019-17017.json @@ -93,6 +93,16 @@ "refsource": "BUGTRAQ", "name": "20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01)", "url": "https://seclists.org/bugtraq/2020/Jan/18" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0085", + "url": "https://access.redhat.com/errata/RHSA-2020:0085" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0086", + "url": "https://access.redhat.com/errata/RHSA-2020:0086" } ] }, diff --git a/2019/17xxx/CVE-2019-17022.json b/2019/17xxx/CVE-2019-17022.json index 229e7961c3a..28a0fe90ee6 100644 --- a/2019/17xxx/CVE-2019-17022.json +++ b/2019/17xxx/CVE-2019-17022.json @@ -93,6 +93,16 @@ "refsource": "BUGTRAQ", "name": "20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01)", "url": "https://seclists.org/bugtraq/2020/Jan/18" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0085", + "url": "https://access.redhat.com/errata/RHSA-2020:0085" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0086", + "url": "https://access.redhat.com/errata/RHSA-2020:0086" } ] }, diff --git a/2019/17xxx/CVE-2019-17024.json b/2019/17xxx/CVE-2019-17024.json index 1a25fd943ab..bf67d1aa017 100644 --- a/2019/17xxx/CVE-2019-17024.json +++ b/2019/17xxx/CVE-2019-17024.json @@ -93,6 +93,16 @@ "refsource": "BUGTRAQ", "name": "20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01)", "url": "https://seclists.org/bugtraq/2020/Jan/18" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0085", + "url": "https://access.redhat.com/errata/RHSA-2020:0085" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0086", + "url": "https://access.redhat.com/errata/RHSA-2020:0086" } ] }, diff --git a/2019/19xxx/CVE-2019-19891.json b/2019/19xxx/CVE-2019-19891.json index 8991523f6c8..b9ee9f1e3d4 100644 --- a/2019/19xxx/CVE-2019-19891.json +++ b/2019/19xxx/CVE-2019-19891.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19891", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19891", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 and 8.1 could allow an attacker to launch a man-in-the-middle attack. A successful exploit may allow the attacker to intercept sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitel.com/support/security-advisories", + "refsource": "MISC", + "name": "https://www.mitel.com/support/security-advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-19-0009", + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-19-0009" } ] } diff --git a/2019/20xxx/CVE-2019-20209.json b/2019/20xxx/CVE-2019-20209.json index 8df84241948..88d29cf8f7e 100644 --- a/2019/20xxx/CVE-2019-20209.json +++ b/2019/20xxx/CVE-2019-20209.json @@ -1,17 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20209", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20209", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727", + "refsource": "MISC", + "name": "https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727" + }, + { + "url": "https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571", + "refsource": "MISC", + "name": "https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571" + }, + { + "url": "https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622", + "refsource": "MISC", + "name": "https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10013", + "url": "https://wpvulndb.com/vulnerabilities/10013" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10014", + "url": "https://wpvulndb.com/vulnerabilities/10014" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10018", + "url": "https://wpvulndb.com/vulnerabilities/10018" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120111", + "url": "https://cxsecurity.com/issue/WLB-2019120111" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120112", + "url": "https://cxsecurity.com/issue/WLB-2019120112" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120110", + "url": "https://cxsecurity.com/issue/WLB-2019120110" } ] } diff --git a/2019/20xxx/CVE-2019-20210.json b/2019/20xxx/CVE-2019-20210.json index ef56be41895..2b92391b99d 100644 --- a/2019/20xxx/CVE-2019-20210.json +++ b/2019/20xxx/CVE-2019-20210.json @@ -1,17 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20210", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20210", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727", + "refsource": "MISC", + "name": "https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727" + }, + { + "url": "https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571", + "refsource": "MISC", + "name": "https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571" + }, + { + "url": "https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622", + "refsource": "MISC", + "name": "https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10013", + "url": "https://wpvulndb.com/vulnerabilities/10013" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10014", + "url": "https://wpvulndb.com/vulnerabilities/10014" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10018", + "url": "https://wpvulndb.com/vulnerabilities/10018" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120111", + "url": "https://cxsecurity.com/issue/WLB-2019120111" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120112", + "url": "https://cxsecurity.com/issue/WLB-2019120112" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120110", + "url": "https://cxsecurity.com/issue/WLB-2019120110" } ] } diff --git a/2019/20xxx/CVE-2019-20211.json b/2019/20xxx/CVE-2019-20211.json index bc3d224ffbd..b67588cc9e5 100644 --- a/2019/20xxx/CVE-2019-20211.json +++ b/2019/20xxx/CVE-2019-20211.json @@ -1,17 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20211", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20211", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727", + "refsource": "MISC", + "name": "https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727" + }, + { + "url": "https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571", + "refsource": "MISC", + "name": "https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571" + }, + { + "url": "https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622", + "refsource": "MISC", + "name": "https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10013", + "url": "https://wpvulndb.com/vulnerabilities/10013" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10014", + "url": "https://wpvulndb.com/vulnerabilities/10014" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10018", + "url": "https://wpvulndb.com/vulnerabilities/10018" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120111", + "url": "https://cxsecurity.com/issue/WLB-2019120111" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120112", + "url": "https://cxsecurity.com/issue/WLB-2019120112" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120110", + "url": "https://cxsecurity.com/issue/WLB-2019120110" } ] } diff --git a/2019/20xxx/CVE-2019-20212.json b/2019/20xxx/CVE-2019-20212.json index 2cb83295e13..e2becbc1fef 100644 --- a/2019/20xxx/CVE-2019-20212.json +++ b/2019/20xxx/CVE-2019-20212.json @@ -1,17 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20212", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20212", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727", + "refsource": "MISC", + "name": "https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727" + }, + { + "url": "https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571", + "refsource": "MISC", + "name": "https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571" + }, + { + "url": "https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622", + "refsource": "MISC", + "name": "https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10013", + "url": "https://wpvulndb.com/vulnerabilities/10013" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10014", + "url": "https://wpvulndb.com/vulnerabilities/10014" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10018", + "url": "https://wpvulndb.com/vulnerabilities/10018" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120111", + "url": "https://cxsecurity.com/issue/WLB-2019120111" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120112", + "url": "https://cxsecurity.com/issue/WLB-2019120112" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120110", + "url": "https://cxsecurity.com/issue/WLB-2019120110" } ] } diff --git a/2020/5xxx/CVE-2020-5195.json b/2020/5xxx/CVE-2020-5195.json index 98b86ad9f35..f12dfb2fc25 100644 --- a/2020/5xxx/CVE-2020-5195.json +++ b/2020/5xxx/CVE-2020-5195.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5195", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5195", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This occurs because of the folder_up.png IMG element not properly sanitizing user-inserted directory paths. The path modification must be done on a publicly shared folder for a remote attacker to insert arbitrary JavaScript or HTML. The vulnerability impacts anyone who clicks the malicious link crafted by the attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements", + "refsource": "MISC", + "name": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements" + }, + { + "refsource": "MISC", + "name": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities", + "url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://www.cerberusftp.com/xss-vulnerability-in-public-shares-fixed-in-cerberus-ftp-server-version-11-0-1-and-10-0-17/", + "url": "https://www.cerberusftp.com/xss-vulnerability-in-public-shares-fixed-in-cerberus-ftp-server-version-11-0-1-and-10-0-17/" } ] } From 51dd6e514515d8f26cc7cd1958686263b6a93b81 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jan 2020 19:01:11 +0000 Subject: [PATCH 041/387] "-Synchronized-Data." --- 2012/4xxx/CVE-2012-4767.json | 58 +++++++++++++++++++++++++- 2018/11xxx/CVE-2018-11805.json | 5 +++ 2019/10xxx/CVE-2019-10161.json | 5 +++ 2019/12xxx/CVE-2019-12420.json | 5 +++ 2019/13xxx/CVE-2019-13627.json | 5 +++ 2019/19xxx/CVE-2019-19727.json | 66 ++++++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19728.json | 66 ++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20372.json | 5 +++ 2020/5xxx/CVE-2020-5390.json | 76 +++++++++++++++++++++++++++++++--- 2020/6xxx/CVE-2020-6847.json | 5 +++ 2020/6xxx/CVE-2020-6932.json | 18 ++++++++ 2020/6xxx/CVE-2020-6933.json | 18 ++++++++ 2020/6xxx/CVE-2020-6934.json | 18 ++++++++ 2020/6xxx/CVE-2020-6935.json | 18 ++++++++ 2020/6xxx/CVE-2020-6936.json | 18 ++++++++ 2020/6xxx/CVE-2020-6937.json | 18 ++++++++ 2020/6xxx/CVE-2020-6938.json | 18 ++++++++ 2020/6xxx/CVE-2020-6939.json | 18 ++++++++ 2020/6xxx/CVE-2020-6940.json | 18 ++++++++ 2020/6xxx/CVE-2020-6941.json | 18 ++++++++ 2020/6xxx/CVE-2020-6942.json | 18 ++++++++ 2020/6xxx/CVE-2020-6943.json | 18 ++++++++ 2020/6xxx/CVE-2020-6944.json | 18 ++++++++ 2020/6xxx/CVE-2020-6945.json | 18 ++++++++ 2020/6xxx/CVE-2020-6946.json | 18 ++++++++ 2020/6xxx/CVE-2020-6947.json | 18 ++++++++ 2020/6xxx/CVE-2020-6948.json | 62 +++++++++++++++++++++++++++ 2020/6xxx/CVE-2020-6949.json | 62 +++++++++++++++++++++++++++ 28 files changed, 688 insertions(+), 20 deletions(-) create mode 100644 2020/6xxx/CVE-2020-6932.json create mode 100644 2020/6xxx/CVE-2020-6933.json create mode 100644 2020/6xxx/CVE-2020-6934.json create mode 100644 2020/6xxx/CVE-2020-6935.json create mode 100644 2020/6xxx/CVE-2020-6936.json create mode 100644 2020/6xxx/CVE-2020-6937.json create mode 100644 2020/6xxx/CVE-2020-6938.json create mode 100644 2020/6xxx/CVE-2020-6939.json create mode 100644 2020/6xxx/CVE-2020-6940.json create mode 100644 2020/6xxx/CVE-2020-6941.json create mode 100644 2020/6xxx/CVE-2020-6942.json create mode 100644 2020/6xxx/CVE-2020-6943.json create mode 100644 2020/6xxx/CVE-2020-6944.json create mode 100644 2020/6xxx/CVE-2020-6945.json create mode 100644 2020/6xxx/CVE-2020-6946.json create mode 100644 2020/6xxx/CVE-2020-6947.json create mode 100644 2020/6xxx/CVE-2020-6948.json create mode 100644 2020/6xxx/CVE-2020-6949.json diff --git a/2012/4xxx/CVE-2012-4767.json b/2012/4xxx/CVE-2012-4767.json index c30f821ad4e..f2d6f02223a 100644 --- a/2012/4xxx/CVE-2012-4767.json +++ b/2012/4xxx/CVE-2012-4767.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4767", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the logs.9972 directory, which could let a malicious user decrypt and potentially change the Safend security policies applied to the machine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/56740", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/56740" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/118491/Safend-Data-Protector-3.4.5586.9772-Privilege-Escalation.html", + "url": "https://packetstormsecurity.com/files/118491/Safend-Data-Protector-3.4.5586.9772-Privilege-Escalation.html" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/archive/1/524864", + "url": "https://www.securityfocus.com/archive/1/524864" } ] } diff --git a/2018/11xxx/CVE-2018-11805.json b/2018/11xxx/CVE-2018-11805.json index 331bc504fee..52f981827d7 100644 --- a/2018/11xxx/CVE-2018-11805.json +++ b/2018/11xxx/CVE-2018-11805.json @@ -113,6 +113,11 @@ "refsource": "MLIST", "name": "[spamassassin-users] 20191219 Re: CVE-2018-11805 fix and sa-exim", "url": "https://lists.apache.org/thread.html/0b5c73809d0690527341d940029f743807b70550050fd23ee869c5e5@%3Cusers.spamassassin.apache.org%3E" + }, + { + "refsource": "UBUNTU", + "name": "USN-4237-1", + "url": "https://usn.ubuntu.com/4237-1/" } ] }, diff --git a/2019/10xxx/CVE-2019-10161.json b/2019/10xxx/CVE-2019-10161.json index 2bd518fd058..0d48c549bab 100644 --- a/2019/10xxx/CVE-2019-10161.json +++ b/2019/10xxx/CVE-2019-10161.json @@ -61,6 +61,11 @@ "url": "https://libvirt.org/git/?p=libvirt.git;a=commit;h=aed6a032cead4386472afb24b16196579e239580", "name": "https://libvirt.org/git/?p=libvirt.git;a=commit;h=aed6a032cead4386472afb24b16196579e239580", "refsource": "CONFIRM" + }, + { + "refsource": "UBUNTU", + "name": "USN-4047-2", + "url": "https://usn.ubuntu.com/4047-2/" } ] }, diff --git a/2019/12xxx/CVE-2019-12420.json b/2019/12xxx/CVE-2019-12420.json index 66e08addc73..ae1b9794fdd 100644 --- a/2019/12xxx/CVE-2019-12420.json +++ b/2019/12xxx/CVE-2019-12420.json @@ -93,6 +93,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191216 [SECURITY] [DLA 2037-1] spamassassin security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4237-1", + "url": "https://usn.ubuntu.com/4237-1/" } ] }, diff --git a/2019/13xxx/CVE-2019-13627.json b/2019/13xxx/CVE-2019-13627.json index 494e630794f..3d65e488bec 100644 --- a/2019/13xxx/CVE-2019-13627.json +++ b/2019/13xxx/CVE-2019-13627.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200101 [SECURITY] [DLA 1931-2] libgcrypt20 regression update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00001.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4236-1", + "url": "https://usn.ubuntu.com/4236-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19727.json b/2019/19xxx/CVE-2019-19727.json index eff15e20db3..498a25a2a76 100644 --- a/2019/19xxx/CVE-2019-19727.json +++ b/2019/19xxx/CVE-2019-19727.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19727", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19727", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.schedmd.com/pipermail/slurm-announce/", + "refsource": "MISC", + "name": "https://lists.schedmd.com/pipermail/slurm-announce/" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1155784", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1155784" + }, + { + "refsource": "CONFIRM", + "name": "https://www.schedmd.com/news.php", + "url": "https://www.schedmd.com/news.php" } ] } diff --git a/2019/19xxx/CVE-2019-19728.json b/2019/19xxx/CVE-2019-19728.json index 08f102f2888..ed5e36b6102 100644 --- a/2019/19xxx/CVE-2019-19728.json +++ b/2019/19xxx/CVE-2019-19728.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19728", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19728", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.schedmd.com/pipermail/slurm-announce/", + "refsource": "MISC", + "name": "https://lists.schedmd.com/pipermail/slurm-announce/" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1159692", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1159692" + }, + { + "refsource": "CONFIRM", + "name": "https://www.schedmd.com/news.php", + "url": "https://www.schedmd.com/news.php" } ] } diff --git a/2019/20xxx/CVE-2019-20372.json b/2019/20xxx/CVE-2019-20372.json index 877b5d2ba6a..62ac4724e61 100644 --- a/2019/20xxx/CVE-2019-20372.json +++ b/2019/20xxx/CVE-2019-20372.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e", "url": "https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e" + }, + { + "refsource": "UBUNTU", + "name": "USN-4235-1", + "url": "https://usn.ubuntu.com/4235-1/" } ] } diff --git a/2020/5xxx/CVE-2020-5390.json b/2020/5xxx/CVE-2020-5390.json index 3099b422469..93f1fe49460 100644 --- a/2020/5xxx/CVE-2020-5390.json +++ b/2020/5xxx/CVE-2020-5390.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5390", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5390", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus the signature verification will succeed, but the wrong data will be used. This specifically affects the verification of assertion that have been signed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25", + "url": "https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/IdentityPython/pysaml2/commit/f27c7e7a7010f83380566a219fd6a290a00f2b6e", + "url": "https://github.com/IdentityPython/pysaml2/commit/f27c7e7a7010f83380566a219fd6a290a00f2b6e" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/IdentityPython/pysaml2/releases/tag/v5.0.0", + "url": "https://github.com/IdentityPython/pysaml2/releases/tag/v5.0.0" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/IdentityPython/pysaml2/releases", + "url": "https://github.com/IdentityPython/pysaml2/releases" + }, + { + "refsource": "MISC", + "name": "https://pypi.org/project/pysaml2/5.0.0/", + "url": "https://pypi.org/project/pysaml2/5.0.0/" } ] } diff --git a/2020/6xxx/CVE-2020-6847.json b/2020/6xxx/CVE-2020-6847.json index 251985decd4..936d3efc8f5 100644 --- a/2020/6xxx/CVE-2020-6847.json +++ b/2020/6xxx/CVE-2020-6847.json @@ -61,6 +61,11 @@ "url": "https://github.com/3s3s/opentrade/blob/4f91391164219da30533453e1ff6800ef2ef3c6b/static_pages/js/index.js#L473", "refsource": "MISC", "name": "https://github.com/3s3s/opentrade/blob/4f91391164219da30533453e1ff6800ef2ef3c6b/static_pages/js/index.js#L473" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/3s3s/opentrade/pull/337", + "url": "https://github.com/3s3s/opentrade/pull/337" } ] }, diff --git a/2020/6xxx/CVE-2020-6932.json b/2020/6xxx/CVE-2020-6932.json new file mode 100644 index 00000000000..d183e71007d --- /dev/null +++ b/2020/6xxx/CVE-2020-6932.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6932", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6933.json b/2020/6xxx/CVE-2020-6933.json new file mode 100644 index 00000000000..2530bb6adb1 --- /dev/null +++ b/2020/6xxx/CVE-2020-6933.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6933", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6934.json b/2020/6xxx/CVE-2020-6934.json new file mode 100644 index 00000000000..9408e0bf111 --- /dev/null +++ b/2020/6xxx/CVE-2020-6934.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6934", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6935.json b/2020/6xxx/CVE-2020-6935.json new file mode 100644 index 00000000000..631069052c5 --- /dev/null +++ b/2020/6xxx/CVE-2020-6935.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6935", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6936.json b/2020/6xxx/CVE-2020-6936.json new file mode 100644 index 00000000000..1e5fdbe5342 --- /dev/null +++ b/2020/6xxx/CVE-2020-6936.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6936", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6937.json b/2020/6xxx/CVE-2020-6937.json new file mode 100644 index 00000000000..8eb76d190c8 --- /dev/null +++ b/2020/6xxx/CVE-2020-6937.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6937", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6938.json b/2020/6xxx/CVE-2020-6938.json new file mode 100644 index 00000000000..93a6e0e384d --- /dev/null +++ b/2020/6xxx/CVE-2020-6938.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6938", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6939.json b/2020/6xxx/CVE-2020-6939.json new file mode 100644 index 00000000000..ee632bcebd1 --- /dev/null +++ b/2020/6xxx/CVE-2020-6939.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6939", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6940.json b/2020/6xxx/CVE-2020-6940.json new file mode 100644 index 00000000000..c044a95884b --- /dev/null +++ b/2020/6xxx/CVE-2020-6940.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6940", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6941.json b/2020/6xxx/CVE-2020-6941.json new file mode 100644 index 00000000000..1c7a0c9e4b8 --- /dev/null +++ b/2020/6xxx/CVE-2020-6941.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6941", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6942.json b/2020/6xxx/CVE-2020-6942.json new file mode 100644 index 00000000000..127cfe9fe59 --- /dev/null +++ b/2020/6xxx/CVE-2020-6942.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6942", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6943.json b/2020/6xxx/CVE-2020-6943.json new file mode 100644 index 00000000000..5578bbe8bf0 --- /dev/null +++ b/2020/6xxx/CVE-2020-6943.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6943", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6944.json b/2020/6xxx/CVE-2020-6944.json new file mode 100644 index 00000000000..8ef5cc17d54 --- /dev/null +++ b/2020/6xxx/CVE-2020-6944.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6944", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6945.json b/2020/6xxx/CVE-2020-6945.json new file mode 100644 index 00000000000..4bb606f2d62 --- /dev/null +++ b/2020/6xxx/CVE-2020-6945.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6945", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6946.json b/2020/6xxx/CVE-2020-6946.json new file mode 100644 index 00000000000..fc87b6ba3a7 --- /dev/null +++ b/2020/6xxx/CVE-2020-6946.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6946", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6947.json b/2020/6xxx/CVE-2020-6947.json new file mode 100644 index 00000000000..b2ad65a155c --- /dev/null +++ b/2020/6xxx/CVE-2020-6947.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6947", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6948.json b/2020/6xxx/CVE-2020-6948.json new file mode 100644 index 00000000000..9446c72ee7c --- /dev/null +++ b/2020/6xxx/CVE-2020-6948.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/HashBrownCMS/hashbrown-cms/issues/326", + "refsource": "MISC", + "name": "https://github.com/HashBrownCMS/hashbrown-cms/issues/326" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6949.json b/2020/6xxx/CVE-2020-6949.json new file mode 100644 index 00000000000..a200571dbae --- /dev/null +++ b/2020/6xxx/CVE-2020-6949.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/HashBrownCMS/hashbrown-cms/issues/327", + "refsource": "MISC", + "name": "https://github.com/HashBrownCMS/hashbrown-cms/issues/327" + } + ] + } +} \ No newline at end of file From e2e4666ac244ecb17e17321057602d4bf826c484 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jan 2020 20:01:07 +0000 Subject: [PATCH 042/387] "-Synchronized-Data." --- 2012/4xxx/CVE-2012-4750.json | 63 ++++++++++++++++++++++++++++++++-- 2012/4xxx/CVE-2012-4760.json | 58 +++++++++++++++++++++++++++++-- 2012/4xxx/CVE-2012-4761.json | 58 +++++++++++++++++++++++++++++-- 2019/17xxx/CVE-2019-17015.json | 5 +++ 2019/17xxx/CVE-2019-17016.json | 5 +++ 2019/17xxx/CVE-2019-17017.json | 5 +++ 2019/17xxx/CVE-2019-17021.json | 5 +++ 2019/17xxx/CVE-2019-17022.json | 5 +++ 2019/17xxx/CVE-2019-17024.json | 5 +++ 2019/18xxx/CVE-2019-18859.json | 5 +++ 2019/19xxx/CVE-2019-19470.json | 7 +++- 2019/19xxx/CVE-2019-19781.json | 15 ++++++++ 2019/20xxx/CVE-2019-20145.json | 61 ++++++++++++++++++++++++++++---- 2019/20xxx/CVE-2019-20146.json | 61 ++++++++++++++++++++++++++++---- 2019/20xxx/CVE-2019-20147.json | 61 ++++++++++++++++++++++++++++---- 2019/20xxx/CVE-2019-20148.json | 61 ++++++++++++++++++++++++++++---- 2020/5xxx/CVE-2020-5197.json | 61 ++++++++++++++++++++++++++++---- 2020/6xxx/CVE-2020-6832.json | 61 ++++++++++++++++++++++++++++---- 2020/6xxx/CVE-2020-6950.json | 18 ++++++++++ 19 files changed, 577 insertions(+), 43 deletions(-) create mode 100644 2020/6xxx/CVE-2020-6950.json diff --git a/2012/4xxx/CVE-2012-4750.json b/2012/4xxx/CVE-2012-4750.json index fa4601833cf..14c572bc916 100644 --- a/2012/4xxx/CVE-2012-4750.json +++ b/2012/4xxx/CVE-2012-4750.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4750", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Code Execution vulnerability exists in the memcpy function when processing AMF requests in Ezhometech EzServer 7.0, which could let a remote malicious user execute arbitrary code or cause a Denial of Service" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79267", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79267" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/archive/1/524430", + "url": "https://www.securityfocus.com/archive/1/524430" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/117391/Ezhometech-EzServer-7.0-Remote-Heap-Corruption.html", + "url": "https://packetstormsecurity.com/files/117391/Ezhometech-EzServer-7.0-Remote-Heap-Corruption.html" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/55938", + "url": "https://www.securityfocus.com/bid/55938" } ] } diff --git a/2012/4xxx/CVE-2012-4760.json b/2012/4xxx/CVE-2012-4760.json index cb15f531297..f8c24584b83 100644 --- a/2012/4xxx/CVE-2012-4760.json +++ b/2012/4xxx/CVE-2012-4760.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4760", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Privilege Escalation vulnerability exists in the SDBagent service in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/56740", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/56740" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2012/Nov/108", + "url": "https://seclists.org/bugtraq/2012/Nov/108" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2012-4760", + "url": "https://packetstormsecurity.com/files/cve/CVE-2012-4760" } ] } diff --git a/2012/4xxx/CVE-2012-4761.json b/2012/4xxx/CVE-2012-4761.json index 41275a0d23a..550e8edc504 100644 --- a/2012/4xxx/CVE-2012-4761.json +++ b/2012/4xxx/CVE-2012-4761.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4761", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Privilege Escalation vulnerability exists in the unquoted Service Binary in SDPAgent or SDBAgent in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/56740", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/56740" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2012/Nov/108", + "url": "https://seclists.org/bugtraq/2012/Nov/108" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2012-4760", + "url": "https://packetstormsecurity.com/files/cve/CVE-2012-4760" } ] } diff --git a/2019/17xxx/CVE-2019-17015.json b/2019/17xxx/CVE-2019-17015.json index 6098fbb9110..469393d5dba 100644 --- a/2019/17xxx/CVE-2019-17015.json +++ b/2019/17xxx/CVE-2019-17015.json @@ -73,6 +73,11 @@ "refsource": "BUGTRAQ", "name": "20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01)", "url": "https://seclists.org/bugtraq/2020/Jan/18" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", + "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17016.json b/2019/17xxx/CVE-2019-17016.json index 80512691dfd..686a724e4d2 100644 --- a/2019/17xxx/CVE-2019-17016.json +++ b/2019/17xxx/CVE-2019-17016.json @@ -103,6 +103,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0086", "url": "https://access.redhat.com/errata/RHSA-2020:0086" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", + "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17017.json b/2019/17xxx/CVE-2019-17017.json index 36bf0004310..688ff72b82e 100644 --- a/2019/17xxx/CVE-2019-17017.json +++ b/2019/17xxx/CVE-2019-17017.json @@ -103,6 +103,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0086", "url": "https://access.redhat.com/errata/RHSA-2020:0086" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", + "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17021.json b/2019/17xxx/CVE-2019-17021.json index 77f6c6e3764..6a55758b2cb 100644 --- a/2019/17xxx/CVE-2019-17021.json +++ b/2019/17xxx/CVE-2019-17021.json @@ -73,6 +73,11 @@ "refsource": "BUGTRAQ", "name": "20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01)", "url": "https://seclists.org/bugtraq/2020/Jan/18" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", + "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17022.json b/2019/17xxx/CVE-2019-17022.json index 28a0fe90ee6..50661cb56cf 100644 --- a/2019/17xxx/CVE-2019-17022.json +++ b/2019/17xxx/CVE-2019-17022.json @@ -103,6 +103,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0086", "url": "https://access.redhat.com/errata/RHSA-2020:0086" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", + "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17024.json b/2019/17xxx/CVE-2019-17024.json index bf67d1aa017..639ab402b37 100644 --- a/2019/17xxx/CVE-2019-17024.json +++ b/2019/17xxx/CVE-2019-17024.json @@ -103,6 +103,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0086", "url": "https://access.redhat.com/errata/RHSA-2020:0086" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", + "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" } ] }, diff --git a/2019/18xxx/CVE-2019-18859.json b/2019/18xxx/CVE-2019-18859.json index 023d67b6fca..1f9be1edb44 100644 --- a/2019/18xxx/CVE-2019-18859.json +++ b/2019/18xxx/CVE-2019-18859.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://gist.github.com/RNPG/e0d25ad51aa5c288b9005900f88a4f03", "url": "https://gist.github.com/RNPG/e0d25ad51aa5c288b9005900f88a4f03" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155926/Digi-AnywhereUSB-14-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/155926/Digi-AnywhereUSB-14-Cross-Site-Scripting.html" } ] } diff --git a/2019/19xxx/CVE-2019-19470.json b/2019/19xxx/CVE-2019-19470.json index 99296880474..f05a3b93767 100644 --- a/2019/19xxx/CVE-2019-19470.json +++ b/2019/19xxx/CVE-2019-19470.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An attacker who has already compromised the local system could use TinyWall Controller to gain additional privileges by attaching a debugger to the running process and modifying the code in memory. Vulnerability fixed in version 2.1.13." + "value": "Unsafe usage of .NET deserialization in Named Pipe message processing allows privilege escalation to NT AUTHORITY\\SYSTEM for a local attacker. Affected product is TinyWall, all versions up to and including 2.1.12. Fixed in version 2.1.13." } ] }, @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.wilderssecurity.com/threads/beta-testing-tinywall.309739/page-62#post-2882843", "url": "https://www.wilderssecurity.com/threads/beta-testing-tinywall.309739/page-62#post-2882843" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/pylorak/7df52c9325614676e07782dbe4e81582", + "url": "https://gist.github.com/pylorak/7df52c9325614676e07782dbe4e81582" } ] } diff --git a/2019/19xxx/CVE-2019-19781.json b/2019/19xxx/CVE-2019-19781.json index ae0f8c8b22c..77b04cb27bc 100644 --- a/2019/19xxx/CVE-2019-19781.json +++ b/2019/19xxx/CVE-2019-19781.json @@ -76,6 +76,21 @@ "refsource": "MISC", "name": "https://forms.gle/eDf3DXZAv96oosfj6", "url": "https://forms.gle/eDf3DXZAv96oosfj6" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html", + "url": "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html" } ] } diff --git a/2019/20xxx/CVE-2019-20145.json b/2019/20xxx/CVE-2019-20145.json index 916d9e8cafd..495363e2c41 100644 --- a/2019/20xxx/CVE-2019-20145.json +++ b/2019/20xxx/CVE-2019-20145.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20145", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20145", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1. It has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/", + "url": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/" } ] } diff --git a/2019/20xxx/CVE-2019-20146.json b/2019/20xxx/CVE-2019-20146.json index 5950e46dd82..eb4812689d5 100644 --- a/2019/20xxx/CVE-2019-20146.json +++ b/2019/20xxx/CVE-2019-20146.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20146", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20146", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/", + "url": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/" } ] } diff --git a/2019/20xxx/CVE-2019-20147.json b/2019/20xxx/CVE-2019-20147.json index 21c3718909d..7c52e3ac7f5 100644 --- a/2019/20xxx/CVE-2019-20147.json +++ b/2019/20xxx/CVE-2019-20147.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20147", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20147", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/", + "url": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/" } ] } diff --git a/2019/20xxx/CVE-2019-20148.json b/2019/20xxx/CVE-2019-20148.json index 7dbe60f008b..79c42165914 100644 --- a/2019/20xxx/CVE-2019-20148.json +++ b/2019/20xxx/CVE-2019-20148.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20148", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20148", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/", + "url": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/" } ] } diff --git a/2020/5xxx/CVE-2020-5197.json b/2020/5xxx/CVE-2020-5197.json index 0881b54025f..c70b3a80b47 100644 --- a/2020/5xxx/CVE-2020-5197.json +++ b/2020/5xxx/CVE-2020-5197.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5197", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5197", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/", + "url": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/" } ] } diff --git a/2020/6xxx/CVE-2020-6832.json b/2020/6xxx/CVE-2020-6832.json index 8f928a7f99b..83634b8c057 100644 --- a/2020/6xxx/CVE-2020-6832.json +++ b/2020/6xxx/CVE-2020-6832.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6832", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6832", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released/", + "url": "https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released/" } ] } diff --git a/2020/6xxx/CVE-2020-6950.json b/2020/6xxx/CVE-2020-6950.json new file mode 100644 index 00000000000..4ec9acd9cff --- /dev/null +++ b/2020/6xxx/CVE-2020-6950.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6950", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 6336e40cc873130800e96d29aa6b4ce5a0cf55f7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jan 2020 21:01:09 +0000 Subject: [PATCH 043/387] "-Synchronized-Data." --- 2019/19xxx/CVE-2019-19680.json | 56 +++++++++++++++++++++++++++---- 2019/20xxx/CVE-2019-20142.json | 61 ++++++++++++++++++++++++++++++---- 2019/20xxx/CVE-2019-20143.json | 61 ++++++++++++++++++++++++++++++---- 2019/20xxx/CVE-2019-20144.json | 61 ++++++++++++++++++++++++++++++---- 4 files changed, 215 insertions(+), 24 deletions(-) diff --git a/2019/19xxx/CVE-2019-19680.json b/2019/19xxx/CVE-2019-19680.json index 3d60d64ff6d..d01c475b2f8 100644 --- a/2019/19xxx/CVE-2019-19680.json +++ b/2019/19xxx/CVE-2019-19680.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19680", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19680", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A file-extension filtering vulnerability in ProofPoint Protection Server Email Firewall through 8.10 allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart email." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.proofpoint.com/us/security/cve-2019-19680", + "url": "https://www.proofpoint.com/us/security/cve-2019-19680" } ] } diff --git a/2019/20xxx/CVE-2019-20142.json b/2019/20xxx/CVE-2019-20142.json index f2e856a889e..bc4fc522a58 100644 --- a/2019/20xxx/CVE-2019-20142.json +++ b/2019/20xxx/CVE-2019-20142.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20142", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20142", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/", + "url": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/" } ] } diff --git a/2019/20xxx/CVE-2019-20143.json b/2019/20xxx/CVE-2019-20143.json index b82081223db..77d9cb80c5b 100644 --- a/2019/20xxx/CVE-2019-20143.json +++ b/2019/20xxx/CVE-2019-20143.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20143", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20143", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/", + "url": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/" } ] } diff --git a/2019/20xxx/CVE-2019-20144.json b/2019/20xxx/CVE-2019-20144.json index 33fcc3599ba..d3633a8ee21 100644 --- a/2019/20xxx/CVE-2019-20144.json +++ b/2019/20xxx/CVE-2019-20144.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20144", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20144", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/", + "url": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/" } ] } From 276eb1bd79ab3b77c4e575f0c699383df7c2e74c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jan 2020 22:01:06 +0000 Subject: [PATCH 044/387] "-Synchronized-Data." --- 2017/7xxx/CVE-2017-7418.json | 5 +++++ 2019/12xxx/CVE-2019-12815.json | 5 +++++ 2019/18xxx/CVE-2019-18217.json | 5 +++++ 2019/19xxx/CVE-2019-19269.json | 5 +++++ 2019/19xxx/CVE-2019-19270.json | 5 +++++ 2020/6xxx/CVE-2020-6951.json | 18 ++++++++++++++++++ 2020/6xxx/CVE-2020-6952.json | 18 ++++++++++++++++++ 2020/6xxx/CVE-2020-6953.json | 18 ++++++++++++++++++ 8 files changed, 79 insertions(+) create mode 100644 2020/6xxx/CVE-2020-6951.json create mode 100644 2020/6xxx/CVE-2020-6952.json create mode 100644 2020/6xxx/CVE-2020-6953.json diff --git a/2017/7xxx/CVE-2017-7418.json b/2017/7xxx/CVE-2017-7418.json index bfe78eaee11..328c2c5b166 100644 --- a/2017/7xxx/CVE-2017-7418.json +++ b/2017/7xxx/CVE-2017-7418.json @@ -86,6 +86,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1870", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0031", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html" } ] } diff --git a/2019/12xxx/CVE-2019-12815.json b/2019/12xxx/CVE-2019-12815.json index 53ab26e5300..a926f37db26 100644 --- a/2019/12xxx/CVE-2019-12815.json +++ b/2019/12xxx/CVE-2019-12815.json @@ -111,6 +111,11 @@ "refsource": "GENTOO", "name": "GLSA-201908-16", "url": "https://security.gentoo.org/glsa/201908-16" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0031", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html" } ] } diff --git a/2019/18xxx/CVE-2019-18217.json b/2019/18xxx/CVE-2019-18217.json index 78cc040fc79..9e0cd5fdb91 100644 --- a/2019/18xxx/CVE-2019-18217.json +++ b/2019/18xxx/CVE-2019-18217.json @@ -106,6 +106,11 @@ "refsource": "DEBIAN", "name": "DSA-4559", "url": "https://www.debian.org/security/2019/dsa-4559" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0031", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html" } ] } diff --git a/2019/19xxx/CVE-2019-19269.json b/2019/19xxx/CVE-2019-19269.json index cbc25b02352..cb7b2856316 100644 --- a/2019/19xxx/CVE-2019-19269.json +++ b/2019/19xxx/CVE-2019-19269.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-bfacf1e958", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QR65XUHPCRU3NXTSFVF2J4GWRIHC7AHW/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0031", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html" } ] } diff --git a/2019/19xxx/CVE-2019-19270.json b/2019/19xxx/CVE-2019-19270.json index 827f3065ed5..19416281a8f 100644 --- a/2019/19xxx/CVE-2019-19270.json +++ b/2019/19xxx/CVE-2019-19270.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-bfacf1e958", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QR65XUHPCRU3NXTSFVF2J4GWRIHC7AHW/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0031", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html" } ] } diff --git a/2020/6xxx/CVE-2020-6951.json b/2020/6xxx/CVE-2020-6951.json new file mode 100644 index 00000000000..541d3f7c58f --- /dev/null +++ b/2020/6xxx/CVE-2020-6951.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6951", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6952.json b/2020/6xxx/CVE-2020-6952.json new file mode 100644 index 00000000000..d8cff8656ab --- /dev/null +++ b/2020/6xxx/CVE-2020-6952.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6952", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6953.json b/2020/6xxx/CVE-2020-6953.json new file mode 100644 index 00000000000..5a584f82415 --- /dev/null +++ b/2020/6xxx/CVE-2020-6953.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6953", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From f6e977314788b2103234cf37843be6a92f1a4435 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jan 2020 23:01:04 +0000 Subject: [PATCH 045/387] "-Synchronized-Data." --- 2020/6xxx/CVE-2020-6954.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/6xxx/CVE-2020-6955.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/6xxx/CVE-2020-6956.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6957.json | 18 +++++++++++ 4 files changed, 160 insertions(+) create mode 100644 2020/6xxx/CVE-2020-6954.json create mode 100644 2020/6xxx/CVE-2020-6955.json create mode 100644 2020/6xxx/CVE-2020-6956.json create mode 100644 2020/6xxx/CVE-2020-6957.json diff --git a/2020/6xxx/CVE-2020-6954.json b/2020/6xxx/CVE-2020-6954.json new file mode 100644 index 00000000000..acde1d41515 --- /dev/null +++ b/2020/6xxx/CVE-2020-6954.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a media_folder.cgi?apply_mode=ping_server URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nileshsapariya.blogspot.com/2020/01/cayin-smp-pro4-signage-media-player.html", + "refsource": "MISC", + "name": "https://nileshsapariya.blogspot.com/2020/01/cayin-smp-pro4-signage-media-player.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6955.json b/2020/6xxx/CVE-2020-6955.json new file mode 100644 index 00000000000..05988672455 --- /dev/null +++ b/2020/6xxx/CVE-2020-6955.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Cayin SMP-PRO4 devices. They allow image_preview.html?filename= reflected XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nileshsapariya.blogspot.com/2020/01/cayin-smp-pro4-signage-media-player.html", + "refsource": "MISC", + "name": "https://nileshsapariya.blogspot.com/2020/01/cayin-smp-pro4-signage-media-player.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6956.json b/2020/6xxx/CVE-2020-6956.json new file mode 100644 index 00000000000..01b23c64fdb --- /dev/null +++ b/2020/6xxx/CVE-2020-6956.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6956", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6957.json b/2020/6xxx/CVE-2020-6957.json new file mode 100644 index 00000000000..015ab0ea602 --- /dev/null +++ b/2020/6xxx/CVE-2020-6957.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6957", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 5548b1fb96894de36a766399ccef1709c1fec1b7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Jan 2020 00:01:05 +0000 Subject: [PATCH 046/387] "-Synchronized-Data." --- 2020/6xxx/CVE-2020-6958.json | 72 ++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 2020/6xxx/CVE-2020-6958.json diff --git a/2020/6xxx/CVE-2020-6958.json b/2020/6xxx/CVE-2020-6958.json new file mode 100644 index 00000000000..a30703436e5 --- /dev/null +++ b/2020/6xxx/CVE-2020-6958.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/p/yajsw/bugs/166/", + "refsource": "MISC", + "name": "https://sourceforge.net/p/yajsw/bugs/166/" + }, + { + "url": "https://github.com/NationalSecurityAgency/ghidra/issues/943", + "refsource": "MISC", + "name": "https://github.com/NationalSecurityAgency/ghidra/issues/943" + }, + { + "url": "https://github.com/purpleracc00n/Exploits-and-PoC/blob/master/XXE%20in%20YAJSW%E2%80%99s%20JnlpSupport%20affects%20Ghidra%20Server.md", + "refsource": "MISC", + "name": "https://github.com/purpleracc00n/Exploits-and-PoC/blob/master/XXE%20in%20YAJSW%E2%80%99s%20JnlpSupport%20affects%20Ghidra%20Server.md" + } + ] + } +} \ No newline at end of file From 9a4cf6131fb3f289bf8a6e01e99511eb69588db9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Jan 2020 01:01:08 +0000 Subject: [PATCH 047/387] "-Synchronized-Data." --- 2017/17xxx/CVE-2017-17555.json | 5 +++++ 2018/13xxx/CVE-2018-13305.json | 5 +++++ 2019/10xxx/CVE-2019-10072.json | 5 +++++ 2019/11xxx/CVE-2019-11037.json | 5 +++++ 2019/11xxx/CVE-2019-11338.json | 5 +++++ 2019/11xxx/CVE-2019-11339.json | 5 +++++ 2019/12xxx/CVE-2019-12418.json | 5 +++++ 2019/13xxx/CVE-2019-13627.json | 5 +++++ 2019/15xxx/CVE-2019-15942.json | 5 +++++ 2019/16xxx/CVE-2019-16779.json | 7 ++++++- 2019/16xxx/CVE-2019-16884.json | 5 +++++ 2019/17xxx/CVE-2019-17563.json | 5 +++++ 2019/19xxx/CVE-2019-19191.json | 5 +++++ 2019/19xxx/CVE-2019-19451.json | 5 +++++ 2019/19xxx/CVE-2019-19577.json | 5 +++++ 2019/19xxx/CVE-2019-19578.json | 5 +++++ 2019/19xxx/CVE-2019-19579.json | 5 +++++ 2019/19xxx/CVE-2019-19580.json | 5 +++++ 2019/19xxx/CVE-2019-19581.json | 5 +++++ 2019/19xxx/CVE-2019-19582.json | 5 +++++ 2019/19xxx/CVE-2019-19583.json | 5 +++++ 21 files changed, 106 insertions(+), 1 deletion(-) diff --git a/2017/17xxx/CVE-2017-17555.json b/2017/17xxx/CVE-2017-17555.json index 7e2d89aaa5d..a4e720abb67 100644 --- a/2017/17xxx/CVE-2017-17555.json +++ b/2017/17xxx/CVE-2017-17555.json @@ -56,6 +56,11 @@ "name": "https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md", "refsource": "MISC", "url": "https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0024", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html" } ] } diff --git a/2018/13xxx/CVE-2018-13305.json b/2018/13xxx/CVE-2018-13305.json index 86d22b8eb31..a2c6b121eba 100644 --- a/2018/13xxx/CVE-2018-13305.json +++ b/2018/13xxx/CVE-2018-13305.json @@ -56,6 +56,11 @@ "name": "https://github.com/FFmpeg/FFmpeg/commit/d08d4a8c7387e758d439b0592782e4cfa2b4d6a4", "refsource": "MISC", "url": "https://github.com/FFmpeg/FFmpeg/commit/d08d4a8c7387e758d439b0592782e4cfa2b4d6a4" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0024", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html" } ] } diff --git a/2019/10xxx/CVE-2019-10072.json b/2019/10xxx/CVE-2019-10072.json index 4d1b29c4e9f..2fc9c495270 100644 --- a/2019/10xxx/CVE-2019-10072.json +++ b/2019/10xxx/CVE-2019-10072.json @@ -93,6 +93,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3931", "url": "https://access.redhat.com/errata/RHSA-2019:3931" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0038", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html" } ] }, diff --git a/2019/11xxx/CVE-2019-11037.json b/2019/11xxx/CVE-2019-11037.json index e099a550756..f05884bfec8 100644 --- a/2019/11xxx/CVE-2019-11037.json +++ b/2019/11xxx/CVE-2019-11037.json @@ -125,6 +125,11 @@ "refsource": "BUGTRAQ", "name": "20191126 [SECURITY] [DSA 4576-1] php-imagick security update", "url": "https://seclists.org/bugtraq/2019/Nov/39" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0014", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00016.html" } ] }, diff --git a/2019/11xxx/CVE-2019-11338.json b/2019/11xxx/CVE-2019-11338.json index fbcb08322c2..f74654424d8 100644 --- a/2019/11xxx/CVE-2019-11338.json +++ b/2019/11xxx/CVE-2019-11338.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190529 [SECURITY] [DLA 1809-1] libav security update", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00043.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0024", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html" } ] } diff --git a/2019/11xxx/CVE-2019-11339.json b/2019/11xxx/CVE-2019-11339.json index 12e0ff4ccfc..674f0a8e275 100644 --- a/2019/11xxx/CVE-2019-11339.json +++ b/2019/11xxx/CVE-2019-11339.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-3967-1", "url": "https://usn.ubuntu.com/3967-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0024", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html" } ] } diff --git a/2019/12xxx/CVE-2019-12418.json b/2019/12xxx/CVE-2019-12418.json index a6a17b85ddb..f67f27f4cc8 100644 --- a/2019/12xxx/CVE-2019-12418.json +++ b/2019/12xxx/CVE-2019-12418.json @@ -74,6 +74,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS", "url": "https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0038", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13627.json b/2019/13xxx/CVE-2019-13627.json index 3d65e488bec..6a2c603ae30 100644 --- a/2019/13xxx/CVE-2019-13627.json +++ b/2019/13xxx/CVE-2019-13627.json @@ -91,6 +91,11 @@ "refsource": "UBUNTU", "name": "USN-4236-1", "url": "https://usn.ubuntu.com/4236-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0022", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00018.html" } ] } diff --git a/2019/15xxx/CVE-2019-15942.json b/2019/15xxx/CVE-2019-15942.json index c33a687c4f8..a5b01ebe446 100644 --- a/2019/15xxx/CVE-2019-15942.json +++ b/2019/15xxx/CVE-2019-15942.json @@ -56,6 +56,11 @@ "url": "https://trac.ffmpeg.org/ticket/8093", "refsource": "MISC", "name": "https://trac.ffmpeg.org/ticket/8093" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0024", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html" } ] } diff --git a/2019/16xxx/CVE-2019-16779.json b/2019/16xxx/CVE-2019-16779.json index 47b57fa782f..a50c5476d6a 100644 --- a/2019/16xxx/CVE-2019-16779.json +++ b/2019/16xxx/CVE-2019-16779.json @@ -80,6 +80,11 @@ "name": "https://github.com/excon/excon/commit/ccb57d7a422f020dc74f1de4e8fb505ab46d8a29", "refsource": "MISC", "url": "https://github.com/excon/excon/commit/ccb57d7a422f020dc74f1de4e8fb505ab46d8a29" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0036", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00021.html" } ] }, @@ -93,4 +98,4 @@ "value": "Users can workaround the problem by disabling persistent connections, though this may cause performance implications." } ] -} +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16884.json b/2019/16xxx/CVE-2019-16884.json index a4aa0659266..ca0aa284c20 100644 --- a/2019/16xxx/CVE-2019-16884.json +++ b/2019/16xxx/CVE-2019-16884.json @@ -96,6 +96,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4269", "url": "https://access.redhat.com/errata/RHSA-2019:4269" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0045", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00010.html" } ] } diff --git a/2019/17xxx/CVE-2019-17563.json b/2019/17xxx/CVE-2019-17563.json index 72e833d91f1..aeb0eb162b1 100644 --- a/2019/17xxx/CVE-2019-17563.json +++ b/2019/17xxx/CVE-2019-17563.json @@ -69,6 +69,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200107-0001/", "url": "https://security.netapp.com/advisory/ntap-20200107-0001/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0038", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html" } ] }, diff --git a/2019/19xxx/CVE-2019-19191.json b/2019/19xxx/CVE-2019-19191.json index 45364f5dd5f..bf4a821389a 100644 --- a/2019/19xxx/CVE-2019-19191.json +++ b/2019/19xxx/CVE-2019-19191.json @@ -61,6 +61,11 @@ "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157471", "refsource": "MISC", "name": "https://bugzilla.suse.com/show_bug.cgi?id=1157471" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0020", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00017.html" } ] } diff --git a/2019/19xxx/CVE-2019-19451.json b/2019/19xxx/CVE-2019-19451.json index 0ee66685a2c..8e67ca9fd39 100644 --- a/2019/19xxx/CVE-2019-19451.json +++ b/2019/19xxx/CVE-2019-19451.json @@ -56,6 +56,11 @@ "url": "https://gitlab.gnome.org/GNOME/dia/issues/428", "refsource": "MISC", "name": "https://gitlab.gnome.org/GNOME/dia/issues/428" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0021", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00019.html" } ] } diff --git a/2019/19xxx/CVE-2019-19577.json b/2019/19xxx/CVE-2019-19577.json index 93044340c20..a9fe0577dc9 100644 --- a/2019/19xxx/CVE-2019-19577.json +++ b/2019/19xxx/CVE-2019-19577.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-2e12bd3a9a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0011", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html" } ] } diff --git a/2019/19xxx/CVE-2019-19578.json b/2019/19xxx/CVE-2019-19578.json index 96a590b654b..a89dfa2194d 100644 --- a/2019/19xxx/CVE-2019-19578.json +++ b/2019/19xxx/CVE-2019-19578.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-2e12bd3a9a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0011", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html" } ] } diff --git a/2019/19xxx/CVE-2019-19579.json b/2019/19xxx/CVE-2019-19579.json index befc6dd25f4..f56d3521435 100644 --- a/2019/19xxx/CVE-2019-19579.json +++ b/2019/19xxx/CVE-2019-19579.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-3d7105bd2a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJYT5FNGM7JSVHHW6B22TSAATBOAPFPD/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0011", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html" } ] } diff --git a/2019/19xxx/CVE-2019-19580.json b/2019/19xxx/CVE-2019-19580.json index ead195da3e3..d1e3c6f1917 100644 --- a/2019/19xxx/CVE-2019-19580.json +++ b/2019/19xxx/CVE-2019-19580.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-2e12bd3a9a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0011", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html" } ] } diff --git a/2019/19xxx/CVE-2019-19581.json b/2019/19xxx/CVE-2019-19581.json index 87c666abdaa..dcad68e7433 100644 --- a/2019/19xxx/CVE-2019-19581.json +++ b/2019/19xxx/CVE-2019-19581.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-2e12bd3a9a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0011", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html" } ] } diff --git a/2019/19xxx/CVE-2019-19582.json b/2019/19xxx/CVE-2019-19582.json index 309854c99e1..489f385ae5b 100644 --- a/2019/19xxx/CVE-2019-19582.json +++ b/2019/19xxx/CVE-2019-19582.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-2e12bd3a9a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0011", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html" } ] } diff --git a/2019/19xxx/CVE-2019-19583.json b/2019/19xxx/CVE-2019-19583.json index ebf9e9cf229..5e27110d213 100644 --- a/2019/19xxx/CVE-2019-19583.json +++ b/2019/19xxx/CVE-2019-19583.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-2e12bd3a9a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0011", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html" } ] } From b7b4653d7af41e515fb25efe48aa3b2cfdc9b9cf Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Jan 2020 03:01:05 +0000 Subject: [PATCH 048/387] "-Synchronized-Data." --- 2018/10xxx/CVE-2018-10536.json | 5 +++++ 2018/10xxx/CVE-2018-10537.json | 5 +++++ 2018/10xxx/CVE-2018-10538.json | 5 +++++ 2018/10xxx/CVE-2018-10539.json | 5 +++++ 2018/10xxx/CVE-2018-10540.json | 5 +++++ 2018/19xxx/CVE-2018-19840.json | 5 +++++ 2018/19xxx/CVE-2018-19841.json | 5 +++++ 2019/1010xxx/CVE-2019-1010315.json | 5 +++++ 2019/1010xxx/CVE-2019-1010317.json | 5 +++++ 2019/1010xxx/CVE-2019-1010319.json | 5 +++++ 2019/11xxx/CVE-2019-11498.json | 5 +++++ 11 files changed, 55 insertions(+) diff --git a/2018/10xxx/CVE-2018-10536.json b/2018/10xxx/CVE-2018-10536.json index 3a230a4a684..b19df5ad4df 100644 --- a/2018/10xxx/CVE-2018-10536.json +++ b/2018/10xxx/CVE-2018-10536.json @@ -91,6 +91,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html", "url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e55567b6be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" } ] } diff --git a/2018/10xxx/CVE-2018-10537.json b/2018/10xxx/CVE-2018-10537.json index c6a89ea92d1..a680c0809df 100644 --- a/2018/10xxx/CVE-2018-10537.json +++ b/2018/10xxx/CVE-2018-10537.json @@ -91,6 +91,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html", "url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e55567b6be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" } ] } diff --git a/2018/10xxx/CVE-2018-10538.json b/2018/10xxx/CVE-2018-10538.json index 39866cc1ffb..dc920c566b6 100644 --- a/2018/10xxx/CVE-2018-10538.json +++ b/2018/10xxx/CVE-2018-10538.json @@ -81,6 +81,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html", "url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e55567b6be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" } ] } diff --git a/2018/10xxx/CVE-2018-10539.json b/2018/10xxx/CVE-2018-10539.json index 433d3abe3c4..92693e011d9 100644 --- a/2018/10xxx/CVE-2018-10539.json +++ b/2018/10xxx/CVE-2018-10539.json @@ -81,6 +81,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html", "url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e55567b6be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" } ] } diff --git a/2018/10xxx/CVE-2018-10540.json b/2018/10xxx/CVE-2018-10540.json index 54c83f377e8..36f15a5d659 100644 --- a/2018/10xxx/CVE-2018-10540.json +++ b/2018/10xxx/CVE-2018-10540.json @@ -81,6 +81,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html", "url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e55567b6be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" } ] } diff --git a/2018/19xxx/CVE-2018-19840.json b/2018/19xxx/CVE-2018-19840.json index a74b676c08b..048dd44056b 100644 --- a/2018/19xxx/CVE-2018-19840.json +++ b/2018/19xxx/CVE-2018-19840.json @@ -96,6 +96,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html", "url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e55567b6be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" } ] } diff --git a/2018/19xxx/CVE-2018-19841.json b/2018/19xxx/CVE-2018-19841.json index e7e19862ea5..b031d298b84 100644 --- a/2018/19xxx/CVE-2018-19841.json +++ b/2018/19xxx/CVE-2018-19841.json @@ -96,6 +96,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html", "url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e55567b6be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" } ] } diff --git a/2019/1010xxx/CVE-2019-1010315.json b/2019/1010xxx/CVE-2019-1010315.json index 7c42a67e16c..c87522730d5 100644 --- a/2019/1010xxx/CVE-2019-1010315.json +++ b/2019/1010xxx/CVE-2019-1010315.json @@ -66,6 +66,11 @@ "refsource": "UBUNTU", "name": "USN-4062-1", "url": "https://usn.ubuntu.com/4062-1/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e55567b6be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" } ] } diff --git a/2019/1010xxx/CVE-2019-1010317.json b/2019/1010xxx/CVE-2019-1010317.json index 853dca0c07d..4d24ed94b21 100644 --- a/2019/1010xxx/CVE-2019-1010317.json +++ b/2019/1010xxx/CVE-2019-1010317.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-8eeb8f9d3f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IX3J2JML5A7KC2BLGBEFTIIZR3EM7LVJ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e55567b6be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" } ] } diff --git a/2019/1010xxx/CVE-2019-1010319.json b/2019/1010xxx/CVE-2019-1010319.json index fc1e628bb4c..97cacaa781b 100644 --- a/2019/1010xxx/CVE-2019-1010319.json +++ b/2019/1010xxx/CVE-2019-1010319.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-8eeb8f9d3f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IX3J2JML5A7KC2BLGBEFTIIZR3EM7LVJ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e55567b6be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" } ] } diff --git a/2019/11xxx/CVE-2019-11498.json b/2019/11xxx/CVE-2019-11498.json index 6923ad99f91..656d51788a2 100644 --- a/2019/11xxx/CVE-2019-11498.json +++ b/2019/11xxx/CVE-2019-11498.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-b8a704ff4b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SCK2YJXY6V5CKGKSF2PPN7RL2DXVOC6G/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e55567b6be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" } ] } From 1d3b68de31f2be4c71b451919255d560786779a6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Jan 2020 04:01:03 +0000 Subject: [PATCH 049/387] "-Synchronized-Data." --- 2018/12xxx/CVE-2018-12126.json | 5 +++++ 2018/12xxx/CVE-2018-12127.json | 5 +++++ 2018/12xxx/CVE-2018-12130.json | 5 +++++ 2018/12xxx/CVE-2018-12207.json | 5 +++++ 2019/11xxx/CVE-2019-11091.json | 5 +++++ 2019/11xxx/CVE-2019-11135.json | 5 +++++ 2019/17xxx/CVE-2019-17340.json | 5 +++++ 2019/17xxx/CVE-2019-17341.json | 5 +++++ 2019/17xxx/CVE-2019-17342.json | 5 +++++ 2019/17xxx/CVE-2019-17343.json | 5 +++++ 2019/17xxx/CVE-2019-17344.json | 5 +++++ 2019/17xxx/CVE-2019-17345.json | 5 +++++ 2019/17xxx/CVE-2019-17346.json | 5 +++++ 2019/17xxx/CVE-2019-17347.json | 5 +++++ 2019/17xxx/CVE-2019-17348.json | 5 +++++ 2019/17xxx/CVE-2019-17349.json | 5 +++++ 2019/17xxx/CVE-2019-17350.json | 5 +++++ 2019/18xxx/CVE-2019-18420.json | 5 +++++ 2019/18xxx/CVE-2019-18421.json | 5 +++++ 2019/18xxx/CVE-2019-18422.json | 5 +++++ 2019/18xxx/CVE-2019-18423.json | 5 +++++ 2019/18xxx/CVE-2019-18424.json | 5 +++++ 2019/18xxx/CVE-2019-18425.json | 5 +++++ 2019/19xxx/CVE-2019-19577.json | 5 +++++ 2019/19xxx/CVE-2019-19578.json | 5 +++++ 2019/19xxx/CVE-2019-19579.json | 5 +++++ 2019/19xxx/CVE-2019-19580.json | 5 +++++ 2019/19xxx/CVE-2019-19581.json | 5 +++++ 2019/19xxx/CVE-2019-19582.json | 5 +++++ 2019/19xxx/CVE-2019-19583.json | 5 +++++ 30 files changed, 150 insertions(+) diff --git a/2018/12xxx/CVE-2018-12126.json b/2018/12xxx/CVE-2018-12126.json index 360601dfb9b..257a797aeab 100644 --- a/2018/12xxx/CVE-2018-12126.json +++ b/2018/12xxx/CVE-2018-12126.json @@ -153,6 +153,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html", "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] }, diff --git a/2018/12xxx/CVE-2018-12127.json b/2018/12xxx/CVE-2018-12127.json index 4578da096b5..e6b20d388ef 100644 --- a/2018/12xxx/CVE-2018-12127.json +++ b/2018/12xxx/CVE-2018-12127.json @@ -153,6 +153,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html", "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] }, diff --git a/2018/12xxx/CVE-2018-12130.json b/2018/12xxx/CVE-2018-12130.json index 0c6bf01cc3f..224edbc8986 100644 --- a/2018/12xxx/CVE-2018-12130.json +++ b/2018/12xxx/CVE-2018-12130.json @@ -153,6 +153,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html", "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] }, diff --git a/2018/12xxx/CVE-2018-12207.json b/2018/12xxx/CVE-2018-12207.json index e1d14042832..195c55c6b44 100644 --- a/2018/12xxx/CVE-2018-12207.json +++ b/2018/12xxx/CVE-2018-12207.json @@ -98,6 +98,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0028", "url": "https://access.redhat.com/errata/RHSA-2020:0028" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] }, diff --git a/2019/11xxx/CVE-2019-11091.json b/2019/11xxx/CVE-2019-11091.json index 887b4724523..c57e9bc2014 100644 --- a/2019/11xxx/CVE-2019-11091.json +++ b/2019/11xxx/CVE-2019-11091.json @@ -138,6 +138,11 @@ "refsource": "BUGTRAQ", "name": "20191112 [SECURITY] [DSA 4564-1] linux security update", "url": "https://seclists.org/bugtraq/2019/Nov/15" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] }, diff --git a/2019/11xxx/CVE-2019-11135.json b/2019/11xxx/CVE-2019-11135.json index 18c8b6290da..d2e5732e029 100644 --- a/2019/11xxx/CVE-2019-11135.json +++ b/2019/11xxx/CVE-2019-11135.json @@ -138,6 +138,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0028", "url": "https://access.redhat.com/errata/RHSA-2020:0028" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] }, diff --git a/2019/17xxx/CVE-2019-17340.json b/2019/17xxx/CVE-2019-17340.json index d2fd6c97a67..99e74aa2969 100644 --- a/2019/17xxx/CVE-2019-17340.json +++ b/2019/17xxx/CVE-2019-17340.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Xen Security Advisory 284 v3 (CVE-2019-17340) - grant table transfer issues on large hosts", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/1" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/17xxx/CVE-2019-17341.json b/2019/17xxx/CVE-2019-17341.json index 755c87dad82..052229ef7bc 100644 --- a/2019/17xxx/CVE-2019-17341.json +++ b/2019/17xxx/CVE-2019-17341.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Xen Security Advisory 285 v3 (CVE-2019-17341) - race with pass-through device hotplug", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/6" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/17xxx/CVE-2019-17342.json b/2019/17xxx/CVE-2019-17342.json index 6b7096dab9e..c9faf7ab690 100644 --- a/2019/17xxx/CVE-2019-17342.json +++ b/2019/17xxx/CVE-2019-17342.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Xen Security Advisory 287 v3 (CVE-2019-17342) - x86: steal_page violates page_struct access discipline", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/2" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/17xxx/CVE-2019-17343.json b/2019/17xxx/CVE-2019-17343.json index fe726e08cfd..ac1d5b469f6 100644 --- a/2019/17xxx/CVE-2019-17343.json +++ b/2019/17xxx/CVE-2019-17343.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Xen Security Advisory 288 v3 (CVE-2019-17343) - x86: Inconsistent PV IOMMU discipline", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/10" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/17xxx/CVE-2019-17344.json b/2019/17xxx/CVE-2019-17344.json index 55b2c503218..278467db326 100644 --- a/2019/17xxx/CVE-2019-17344.json +++ b/2019/17xxx/CVE-2019-17344.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Xen Security Advisory 290 v3 (CVE-2019-17344) - missing preemption in x86 PV page table unvalidation", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/3" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/17xxx/CVE-2019-17345.json b/2019/17xxx/CVE-2019-17345.json index 754d43c413c..481c2ff5e34 100644 --- a/2019/17xxx/CVE-2019-17345.json +++ b/2019/17xxx/CVE-2019-17345.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Xen Security Advisory 291 v3 (CVE-2019-17345) - x86/PV: page type reference counting issue with failed IOMMU update", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/4" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/17xxx/CVE-2019-17346.json b/2019/17xxx/CVE-2019-17346.json index 06f29539e2f..69eaf0f8865 100644 --- a/2019/17xxx/CVE-2019-17346.json +++ b/2019/17xxx/CVE-2019-17346.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Xen Security Advisory 292 v3 (CVE-2019-17346) - x86: insufficient TLB flushing when using PCID", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/5" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/17xxx/CVE-2019-17347.json b/2019/17xxx/CVE-2019-17347.json index f65dc8b9633..1f34e3aa25f 100644 --- a/2019/17xxx/CVE-2019-17347.json +++ b/2019/17xxx/CVE-2019-17347.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Xen Security Advisory 293 v4 (CVE-2019-17347) - x86: PV kernel context switch corruption", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/8" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/17xxx/CVE-2019-17348.json b/2019/17xxx/CVE-2019-17348.json index 7cab3c29b11..949eff179c4 100644 --- a/2019/17xxx/CVE-2019-17348.json +++ b/2019/17xxx/CVE-2019-17348.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Xen Security Advisory 294 v3 (CVE-2019-17348) - x86 shadow: Insufficient TLB flushing when using PCID", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/7" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/17xxx/CVE-2019-17349.json b/2019/17xxx/CVE-2019-17349.json index 55200ae8284..f67d851232b 100644 --- a/2019/17xxx/CVE-2019-17349.json +++ b/2019/17xxx/CVE-2019-17349.json @@ -61,6 +61,11 @@ "url": "https://xenbits.xen.org/xsa/advisory-295.html", "refsource": "MISC", "name": "https://xenbits.xen.org/xsa/advisory-295.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/17xxx/CVE-2019-17350.json b/2019/17xxx/CVE-2019-17350.json index e2daf6c3c00..56c67f1df61 100644 --- a/2019/17xxx/CVE-2019-17350.json +++ b/2019/17xxx/CVE-2019-17350.json @@ -61,6 +61,11 @@ "url": "https://xenbits.xen.org/xsa/advisory-295.html", "refsource": "MISC", "name": "https://xenbits.xen.org/xsa/advisory-295.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/18xxx/CVE-2019-18420.json b/2019/18xxx/CVE-2019-18420.json index 6a0a170cafb..d8190ff3da1 100644 --- a/2019/18xxx/CVE-2019-18420.json +++ b/2019/18xxx/CVE-2019-18420.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-cbb732f760", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/18xxx/CVE-2019-18421.json b/2019/18xxx/CVE-2019-18421.json index 6e9e2c79653..f54f97d1197 100644 --- a/2019/18xxx/CVE-2019-18421.json +++ b/2019/18xxx/CVE-2019-18421.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-cbb732f760", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/18xxx/CVE-2019-18422.json b/2019/18xxx/CVE-2019-18422.json index e10e12794a9..fe772b1eb0e 100644 --- a/2019/18xxx/CVE-2019-18422.json +++ b/2019/18xxx/CVE-2019-18422.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-cbb732f760", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/18xxx/CVE-2019-18423.json b/2019/18xxx/CVE-2019-18423.json index 5e608a5c1ec..d819edbce49 100644 --- a/2019/18xxx/CVE-2019-18423.json +++ b/2019/18xxx/CVE-2019-18423.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-cbb732f760", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/18xxx/CVE-2019-18424.json b/2019/18xxx/CVE-2019-18424.json index bc2f28b40a0..472c087d19b 100644 --- a/2019/18xxx/CVE-2019-18424.json +++ b/2019/18xxx/CVE-2019-18424.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-cbb732f760", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/18xxx/CVE-2019-18425.json b/2019/18xxx/CVE-2019-18425.json index e6c1f0f67dc..3afc0038088 100644 --- a/2019/18xxx/CVE-2019-18425.json +++ b/2019/18xxx/CVE-2019-18425.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-cbb732f760", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/19xxx/CVE-2019-19577.json b/2019/19xxx/CVE-2019-19577.json index a9fe0577dc9..13ebce6a662 100644 --- a/2019/19xxx/CVE-2019-19577.json +++ b/2019/19xxx/CVE-2019-19577.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0011", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/19xxx/CVE-2019-19578.json b/2019/19xxx/CVE-2019-19578.json index a89dfa2194d..4c6a4072ecf 100644 --- a/2019/19xxx/CVE-2019-19578.json +++ b/2019/19xxx/CVE-2019-19578.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0011", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/19xxx/CVE-2019-19579.json b/2019/19xxx/CVE-2019-19579.json index f56d3521435..68fca09b7af 100644 --- a/2019/19xxx/CVE-2019-19579.json +++ b/2019/19xxx/CVE-2019-19579.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0011", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/19xxx/CVE-2019-19580.json b/2019/19xxx/CVE-2019-19580.json index d1e3c6f1917..c3f36b939e4 100644 --- a/2019/19xxx/CVE-2019-19580.json +++ b/2019/19xxx/CVE-2019-19580.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0011", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/19xxx/CVE-2019-19581.json b/2019/19xxx/CVE-2019-19581.json index dcad68e7433..86ca5487b88 100644 --- a/2019/19xxx/CVE-2019-19581.json +++ b/2019/19xxx/CVE-2019-19581.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0011", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/19xxx/CVE-2019-19582.json b/2019/19xxx/CVE-2019-19582.json index 489f385ae5b..ed23b319190 100644 --- a/2019/19xxx/CVE-2019-19582.json +++ b/2019/19xxx/CVE-2019-19582.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0011", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } diff --git a/2019/19xxx/CVE-2019-19583.json b/2019/19xxx/CVE-2019-19583.json index 5e27110d213..fa8bcb6e990 100644 --- a/2019/19xxx/CVE-2019-19583.json +++ b/2019/19xxx/CVE-2019-19583.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0011", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" } ] } From 171f118d71f74754d06748b3833a86f862f9445f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Jan 2020 10:01:05 +0000 Subject: [PATCH 050/387] "-Synchronized-Data." --- 2019/11xxx/CVE-2019-11244.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/11xxx/CVE-2019-11244.json b/2019/11xxx/CVE-2019-11244.json index 280e14a073e..e242634de41 100644 --- a/2019/11xxx/CVE-2019-11244.json +++ b/2019/11xxx/CVE-2019-11244.json @@ -129,6 +129,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3942", "url": "https://access.redhat.com/errata/RHSA-2019:3942" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0020", + "url": "https://access.redhat.com/errata/RHSA-2020:0020" } ] }, From 38a4639fdca14c08c675c61ab8fee58152c116f5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Jan 2020 11:01:25 +0000 Subject: [PATCH 051/387] "-Synchronized-Data." --- 2019/19xxx/CVE-2019-19880.json | 5 +++++ 2019/19xxx/CVE-2019-19923.json | 5 +++++ 2019/19xxx/CVE-2019-19924.json | 5 +++++ 2019/19xxx/CVE-2019-19925.json | 5 +++++ 2019/19xxx/CVE-2019-19926.json | 5 +++++ 2019/19xxx/CVE-2019-19956.json | 5 +++++ 6 files changed, 30 insertions(+) diff --git a/2019/19xxx/CVE-2019-19880.json b/2019/19xxx/CVE-2019-19880.json index 777ba7260f6..59da44dc070 100644 --- a/2019/19xxx/CVE-2019-19880.json +++ b/2019/19xxx/CVE-2019-19880.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54", "url": "https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200114-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200114-0001/" } ] } diff --git a/2019/19xxx/CVE-2019-19923.json b/2019/19xxx/CVE-2019-19923.json index bea4a80fe3f..0ca309d796c 100644 --- a/2019/19xxx/CVE-2019-19923.json +++ b/2019/19xxx/CVE-2019-19923.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35", "url": "https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200114-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200114-0003/" } ] } diff --git a/2019/19xxx/CVE-2019-19924.json b/2019/19xxx/CVE-2019-19924.json index f92e7d2305f..09c36cf0265 100644 --- a/2019/19xxx/CVE-2019-19924.json +++ b/2019/19xxx/CVE-2019-19924.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3", "url": "https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200114-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200114-0003/" } ] } diff --git a/2019/19xxx/CVE-2019-19925.json b/2019/19xxx/CVE-2019-19925.json index 801a15d7dc5..01520c80474 100644 --- a/2019/19xxx/CVE-2019-19925.json +++ b/2019/19xxx/CVE-2019-19925.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618", "url": "https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200114-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200114-0003/" } ] } diff --git a/2019/19xxx/CVE-2019-19926.json b/2019/19xxx/CVE-2019-19926.json index e13ab9300fa..84f60255c57 100644 --- a/2019/19xxx/CVE-2019-19926.json +++ b/2019/19xxx/CVE-2019-19926.json @@ -56,6 +56,11 @@ "url": "https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089", "refsource": "MISC", "name": "https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200114-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200114-0003/" } ] } diff --git a/2019/19xxx/CVE-2019-19956.json b/2019/19xxx/CVE-2019-19956.json index fb30cb3abed..f633b7904b3 100644 --- a/2019/19xxx/CVE-2019-19956.json +++ b/2019/19xxx/CVE-2019-19956.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191228 [SECURITY] [DLA 2048-1] libxml2 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200114-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200114-0002/" } ] } From 14bf395e4a7142ef9af226f393b5a9db89e36c19 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Jan 2020 12:01:06 +0000 Subject: [PATCH 052/387] "-Synchronized-Data." --- 2018/18xxx/CVE-2018-18281.json | 5 +++++ 2018/20xxx/CVE-2018-20856.json | 5 +++++ 2019/11xxx/CVE-2019-11599.json | 5 +++++ 2019/16xxx/CVE-2019-16276.json | 5 +++++ 2019/17xxx/CVE-2019-17596.json | 5 +++++ 5 files changed, 25 insertions(+) diff --git a/2018/18xxx/CVE-2018-18281.json b/2018/18xxx/CVE-2018-18281.json index 532e42e5adb..b29e9179a12 100644 --- a/2018/18xxx/CVE-2018-18281.json +++ b/2018/18xxx/CVE-2018-18281.json @@ -171,6 +171,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0036", "url": "https://access.redhat.com/errata/RHSA-2020:0036" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0100", + "url": "https://access.redhat.com/errata/RHSA-2020:0100" } ] } diff --git a/2018/20xxx/CVE-2018-20856.json b/2018/20xxx/CVE-2018-20856.json index 36829ac0735..8f4c21562a0 100644 --- a/2018/20xxx/CVE-2018-20856.json +++ b/2018/20xxx/CVE-2018-20856.json @@ -146,6 +146,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3217", "url": "https://access.redhat.com/errata/RHSA-2019:3217" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0100", + "url": "https://access.redhat.com/errata/RHSA-2020:0100" } ] } diff --git a/2019/11xxx/CVE-2019-11599.json b/2019/11xxx/CVE-2019-11599.json index fc186eb4b0d..bf503786c4a 100644 --- a/2019/11xxx/CVE-2019-11599.json +++ b/2019/11xxx/CVE-2019-11599.json @@ -216,6 +216,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3517", "url": "https://access.redhat.com/errata/RHSA-2019:3517" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0100", + "url": "https://access.redhat.com/errata/RHSA-2020:0100" } ] } diff --git a/2019/16xxx/CVE-2019-16276.json b/2019/16xxx/CVE-2019-16276.json index d7da92c332e..a61c58b92c4 100644 --- a/2019/16xxx/CVE-2019-16276.json +++ b/2019/16xxx/CVE-2019-16276.json @@ -91,6 +91,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191122-0004/", "url": "https://security.netapp.com/advisory/ntap-20191122-0004/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0101", + "url": "https://access.redhat.com/errata/RHSA-2020:0101" } ] } diff --git a/2019/17xxx/CVE-2019-17596.json b/2019/17xxx/CVE-2019-17596.json index 809b018adfe..47b6a1a54a6 100644 --- a/2019/17xxx/CVE-2019-17596.json +++ b/2019/17xxx/CVE-2019-17596.json @@ -91,6 +91,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191122-0005/", "url": "https://security.netapp.com/advisory/ntap-20191122-0005/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0101", + "url": "https://access.redhat.com/errata/RHSA-2020:0101" } ] } From 94f46885434d69dc2111dc6f042be2eddcf9894d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Jan 2020 14:01:07 +0000 Subject: [PATCH 053/387] "-Synchronized-Data." --- 2014/9xxx/CVE-2014-9211.json | 53 +++++++++++++++++++++++++++-- 2020/5xxx/CVE-2020-5194.json | 61 +++++++++++++++++++++++++++++---- 2020/5xxx/CVE-2020-5196.json | 66 ++++++++++++++++++++++++++++++++---- 2020/6xxx/CVE-2020-6959.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6960.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6961.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6962.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6963.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6964.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6965.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6966.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6967.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6968.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6969.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6970.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6971.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6972.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6973.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6974.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6975.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6976.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6977.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6978.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6979.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6980.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6981.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6982.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6983.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6984.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6985.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6986.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6987.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6988.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6989.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6990.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6991.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6992.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6993.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6994.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6995.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6996.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6997.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6998.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6999.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7000.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7001.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7002.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7003.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7004.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7005.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7006.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7007.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7008.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7009.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7010.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7011.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7012.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7013.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7014.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7015.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7016.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7017.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7018.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7019.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7020.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7021.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7022.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7023.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7024.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7025.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7026.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7027.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7028.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7029.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7030.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7031.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7032.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7033.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7034.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7035.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7036.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7037.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7038.json | 18 ++++++++++ 83 files changed, 1606 insertions(+), 14 deletions(-) create mode 100644 2020/6xxx/CVE-2020-6959.json create mode 100644 2020/6xxx/CVE-2020-6960.json create mode 100644 2020/6xxx/CVE-2020-6961.json create mode 100644 2020/6xxx/CVE-2020-6962.json create mode 100644 2020/6xxx/CVE-2020-6963.json create mode 100644 2020/6xxx/CVE-2020-6964.json create mode 100644 2020/6xxx/CVE-2020-6965.json create mode 100644 2020/6xxx/CVE-2020-6966.json create mode 100644 2020/6xxx/CVE-2020-6967.json create mode 100644 2020/6xxx/CVE-2020-6968.json create mode 100644 2020/6xxx/CVE-2020-6969.json create mode 100644 2020/6xxx/CVE-2020-6970.json create mode 100644 2020/6xxx/CVE-2020-6971.json create mode 100644 2020/6xxx/CVE-2020-6972.json create mode 100644 2020/6xxx/CVE-2020-6973.json create mode 100644 2020/6xxx/CVE-2020-6974.json create mode 100644 2020/6xxx/CVE-2020-6975.json create mode 100644 2020/6xxx/CVE-2020-6976.json create mode 100644 2020/6xxx/CVE-2020-6977.json create mode 100644 2020/6xxx/CVE-2020-6978.json create mode 100644 2020/6xxx/CVE-2020-6979.json create mode 100644 2020/6xxx/CVE-2020-6980.json create mode 100644 2020/6xxx/CVE-2020-6981.json create mode 100644 2020/6xxx/CVE-2020-6982.json create mode 100644 2020/6xxx/CVE-2020-6983.json create mode 100644 2020/6xxx/CVE-2020-6984.json create mode 100644 2020/6xxx/CVE-2020-6985.json create mode 100644 2020/6xxx/CVE-2020-6986.json create mode 100644 2020/6xxx/CVE-2020-6987.json create mode 100644 2020/6xxx/CVE-2020-6988.json create mode 100644 2020/6xxx/CVE-2020-6989.json create mode 100644 2020/6xxx/CVE-2020-6990.json create mode 100644 2020/6xxx/CVE-2020-6991.json create mode 100644 2020/6xxx/CVE-2020-6992.json create mode 100644 2020/6xxx/CVE-2020-6993.json create mode 100644 2020/6xxx/CVE-2020-6994.json create mode 100644 2020/6xxx/CVE-2020-6995.json create mode 100644 2020/6xxx/CVE-2020-6996.json create mode 100644 2020/6xxx/CVE-2020-6997.json create mode 100644 2020/6xxx/CVE-2020-6998.json create mode 100644 2020/6xxx/CVE-2020-6999.json create mode 100644 2020/7xxx/CVE-2020-7000.json create mode 100644 2020/7xxx/CVE-2020-7001.json create mode 100644 2020/7xxx/CVE-2020-7002.json create mode 100644 2020/7xxx/CVE-2020-7003.json create mode 100644 2020/7xxx/CVE-2020-7004.json create mode 100644 2020/7xxx/CVE-2020-7005.json create mode 100644 2020/7xxx/CVE-2020-7006.json create mode 100644 2020/7xxx/CVE-2020-7007.json create mode 100644 2020/7xxx/CVE-2020-7008.json create mode 100644 2020/7xxx/CVE-2020-7009.json create mode 100644 2020/7xxx/CVE-2020-7010.json create mode 100644 2020/7xxx/CVE-2020-7011.json create mode 100644 2020/7xxx/CVE-2020-7012.json create mode 100644 2020/7xxx/CVE-2020-7013.json create mode 100644 2020/7xxx/CVE-2020-7014.json create mode 100644 2020/7xxx/CVE-2020-7015.json create mode 100644 2020/7xxx/CVE-2020-7016.json create mode 100644 2020/7xxx/CVE-2020-7017.json create mode 100644 2020/7xxx/CVE-2020-7018.json create mode 100644 2020/7xxx/CVE-2020-7019.json create mode 100644 2020/7xxx/CVE-2020-7020.json create mode 100644 2020/7xxx/CVE-2020-7021.json create mode 100644 2020/7xxx/CVE-2020-7022.json create mode 100644 2020/7xxx/CVE-2020-7023.json create mode 100644 2020/7xxx/CVE-2020-7024.json create mode 100644 2020/7xxx/CVE-2020-7025.json create mode 100644 2020/7xxx/CVE-2020-7026.json create mode 100644 2020/7xxx/CVE-2020-7027.json create mode 100644 2020/7xxx/CVE-2020-7028.json create mode 100644 2020/7xxx/CVE-2020-7029.json create mode 100644 2020/7xxx/CVE-2020-7030.json create mode 100644 2020/7xxx/CVE-2020-7031.json create mode 100644 2020/7xxx/CVE-2020-7032.json create mode 100644 2020/7xxx/CVE-2020-7033.json create mode 100644 2020/7xxx/CVE-2020-7034.json create mode 100644 2020/7xxx/CVE-2020-7035.json create mode 100644 2020/7xxx/CVE-2020-7036.json create mode 100644 2020/7xxx/CVE-2020-7037.json create mode 100644 2020/7xxx/CVE-2020-7038.json diff --git a/2014/9xxx/CVE-2014-9211.json b/2014/9xxx/CVE-2014-9211.json index c7faffe8be1..08ef697c9dc 100644 --- a/2014/9xxx/CVE-2014-9211.json +++ b/2014/9xxx/CVE-2014-9211.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9211", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ClickDesk version 4.3 and below has persistent cross site scripting" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/65971", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/65971" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/author/11084/", + "url": "https://packetstormsecurity.com/files/author/11084/" } ] } diff --git a/2020/5xxx/CVE-2020-5194.json b/2020/5xxx/CVE-2020-5194.json index f4e5568659d..d39de8cc0e6 100644 --- a/2020/5xxx/CVE-2020-5194.json +++ b/2020/5xxx/CVE-2020-5194.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5194", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5194", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification occurs when calling the file/ajax_download_zip/zip_name endpoint. The result is that a user without permissions can zip and download files even if they do not have permission to view whether the file exists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements", + "refsource": "MISC", + "name": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements" + }, + { + "refsource": "MISC", + "name": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities", + "url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities" } ] } diff --git a/2020/5xxx/CVE-2020-5196.json b/2020/5xxx/CVE-2020-5196.json index 1790c84d960..48820c82913 100644 --- a/2020/5xxx/CVE-2020-5196.json +++ b/2020/5xxx/CVE-2020-5196.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5196", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5196", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements", + "refsource": "MISC", + "name": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements" + }, + { + "refsource": "MISC", + "name": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities", + "url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://www.cerberusftp.com/zip-unzip-permission-bypass-vulnerability-fixed-in-cerberus-ftp-server-versions-11-0-3-and-10-0-18/", + "url": "https://www.cerberusftp.com/zip-unzip-permission-bypass-vulnerability-fixed-in-cerberus-ftp-server-versions-11-0-3-and-10-0-18/" } ] } diff --git a/2020/6xxx/CVE-2020-6959.json b/2020/6xxx/CVE-2020-6959.json new file mode 100644 index 00000000000..ed743b88aa6 --- /dev/null +++ b/2020/6xxx/CVE-2020-6959.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6959", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6960.json b/2020/6xxx/CVE-2020-6960.json new file mode 100644 index 00000000000..3c4e0ae98c3 --- /dev/null +++ b/2020/6xxx/CVE-2020-6960.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6960", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6961.json b/2020/6xxx/CVE-2020-6961.json new file mode 100644 index 00000000000..09442999c0a --- /dev/null +++ b/2020/6xxx/CVE-2020-6961.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6961", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6962.json b/2020/6xxx/CVE-2020-6962.json new file mode 100644 index 00000000000..c1f032a8ed1 --- /dev/null +++ b/2020/6xxx/CVE-2020-6962.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6962", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6963.json b/2020/6xxx/CVE-2020-6963.json new file mode 100644 index 00000000000..907a05b87c2 --- /dev/null +++ b/2020/6xxx/CVE-2020-6963.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6963", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6964.json b/2020/6xxx/CVE-2020-6964.json new file mode 100644 index 00000000000..c8990f06e3f --- /dev/null +++ b/2020/6xxx/CVE-2020-6964.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6964", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6965.json b/2020/6xxx/CVE-2020-6965.json new file mode 100644 index 00000000000..0a53db0dd38 --- /dev/null +++ b/2020/6xxx/CVE-2020-6965.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6965", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6966.json b/2020/6xxx/CVE-2020-6966.json new file mode 100644 index 00000000000..a26fa98a6a6 --- /dev/null +++ b/2020/6xxx/CVE-2020-6966.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6966", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6967.json b/2020/6xxx/CVE-2020-6967.json new file mode 100644 index 00000000000..dc91cebb83d --- /dev/null +++ b/2020/6xxx/CVE-2020-6967.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6967", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6968.json b/2020/6xxx/CVE-2020-6968.json new file mode 100644 index 00000000000..f7d07456c20 --- /dev/null +++ b/2020/6xxx/CVE-2020-6968.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6968", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6969.json b/2020/6xxx/CVE-2020-6969.json new file mode 100644 index 00000000000..2d55439c0dd --- /dev/null +++ b/2020/6xxx/CVE-2020-6969.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6969", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6970.json b/2020/6xxx/CVE-2020-6970.json new file mode 100644 index 00000000000..d0e520f40e6 --- /dev/null +++ b/2020/6xxx/CVE-2020-6970.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6970", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6971.json b/2020/6xxx/CVE-2020-6971.json new file mode 100644 index 00000000000..d2f712f67c0 --- /dev/null +++ b/2020/6xxx/CVE-2020-6971.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6971", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6972.json b/2020/6xxx/CVE-2020-6972.json new file mode 100644 index 00000000000..cd76b5b354e --- /dev/null +++ b/2020/6xxx/CVE-2020-6972.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6972", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6973.json b/2020/6xxx/CVE-2020-6973.json new file mode 100644 index 00000000000..d6bb6f1eaed --- /dev/null +++ b/2020/6xxx/CVE-2020-6973.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6973", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6974.json b/2020/6xxx/CVE-2020-6974.json new file mode 100644 index 00000000000..4435e0b2099 --- /dev/null +++ b/2020/6xxx/CVE-2020-6974.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6974", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6975.json b/2020/6xxx/CVE-2020-6975.json new file mode 100644 index 00000000000..1c7fc00d56d --- /dev/null +++ b/2020/6xxx/CVE-2020-6975.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6975", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6976.json b/2020/6xxx/CVE-2020-6976.json new file mode 100644 index 00000000000..92df4487579 --- /dev/null +++ b/2020/6xxx/CVE-2020-6976.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6976", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6977.json b/2020/6xxx/CVE-2020-6977.json new file mode 100644 index 00000000000..3b6da9ce0e0 --- /dev/null +++ b/2020/6xxx/CVE-2020-6977.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6977", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6978.json b/2020/6xxx/CVE-2020-6978.json new file mode 100644 index 00000000000..ec1419552fc --- /dev/null +++ b/2020/6xxx/CVE-2020-6978.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6978", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6979.json b/2020/6xxx/CVE-2020-6979.json new file mode 100644 index 00000000000..7e9b39749fb --- /dev/null +++ b/2020/6xxx/CVE-2020-6979.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6979", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6980.json b/2020/6xxx/CVE-2020-6980.json new file mode 100644 index 00000000000..ee880b02bc4 --- /dev/null +++ b/2020/6xxx/CVE-2020-6980.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6980", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6981.json b/2020/6xxx/CVE-2020-6981.json new file mode 100644 index 00000000000..9b117f7cf74 --- /dev/null +++ b/2020/6xxx/CVE-2020-6981.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6981", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6982.json b/2020/6xxx/CVE-2020-6982.json new file mode 100644 index 00000000000..ce966e804a2 --- /dev/null +++ b/2020/6xxx/CVE-2020-6982.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6982", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6983.json b/2020/6xxx/CVE-2020-6983.json new file mode 100644 index 00000000000..ea6abfcaa61 --- /dev/null +++ b/2020/6xxx/CVE-2020-6983.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6983", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6984.json b/2020/6xxx/CVE-2020-6984.json new file mode 100644 index 00000000000..be2201da4bf --- /dev/null +++ b/2020/6xxx/CVE-2020-6984.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6984", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6985.json b/2020/6xxx/CVE-2020-6985.json new file mode 100644 index 00000000000..72382b17dfa --- /dev/null +++ b/2020/6xxx/CVE-2020-6985.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6985", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6986.json b/2020/6xxx/CVE-2020-6986.json new file mode 100644 index 00000000000..1ff9d0ccf1b --- /dev/null +++ b/2020/6xxx/CVE-2020-6986.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6986", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6987.json b/2020/6xxx/CVE-2020-6987.json new file mode 100644 index 00000000000..34f2b82cbc5 --- /dev/null +++ b/2020/6xxx/CVE-2020-6987.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6987", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6988.json b/2020/6xxx/CVE-2020-6988.json new file mode 100644 index 00000000000..83979b85986 --- /dev/null +++ b/2020/6xxx/CVE-2020-6988.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6988", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6989.json b/2020/6xxx/CVE-2020-6989.json new file mode 100644 index 00000000000..120fb0f25e1 --- /dev/null +++ b/2020/6xxx/CVE-2020-6989.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6989", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6990.json b/2020/6xxx/CVE-2020-6990.json new file mode 100644 index 00000000000..b8895564d4d --- /dev/null +++ b/2020/6xxx/CVE-2020-6990.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6990", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6991.json b/2020/6xxx/CVE-2020-6991.json new file mode 100644 index 00000000000..dbd0d4e9f8d --- /dev/null +++ b/2020/6xxx/CVE-2020-6991.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6991", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6992.json b/2020/6xxx/CVE-2020-6992.json new file mode 100644 index 00000000000..8e2bdf89727 --- /dev/null +++ b/2020/6xxx/CVE-2020-6992.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6992", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6993.json b/2020/6xxx/CVE-2020-6993.json new file mode 100644 index 00000000000..2b9c5045a56 --- /dev/null +++ b/2020/6xxx/CVE-2020-6993.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6993", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6994.json b/2020/6xxx/CVE-2020-6994.json new file mode 100644 index 00000000000..2ee16e3586d --- /dev/null +++ b/2020/6xxx/CVE-2020-6994.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6994", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6995.json b/2020/6xxx/CVE-2020-6995.json new file mode 100644 index 00000000000..94ba54567d1 --- /dev/null +++ b/2020/6xxx/CVE-2020-6995.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6995", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6996.json b/2020/6xxx/CVE-2020-6996.json new file mode 100644 index 00000000000..db0f6e2584f --- /dev/null +++ b/2020/6xxx/CVE-2020-6996.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6996", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6997.json b/2020/6xxx/CVE-2020-6997.json new file mode 100644 index 00000000000..3b0d8a35beb --- /dev/null +++ b/2020/6xxx/CVE-2020-6997.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6997", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6998.json b/2020/6xxx/CVE-2020-6998.json new file mode 100644 index 00000000000..66027bfa617 --- /dev/null +++ b/2020/6xxx/CVE-2020-6998.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6998", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6999.json b/2020/6xxx/CVE-2020-6999.json new file mode 100644 index 00000000000..ffc71fe75a1 --- /dev/null +++ b/2020/6xxx/CVE-2020-6999.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6999", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7000.json b/2020/7xxx/CVE-2020-7000.json new file mode 100644 index 00000000000..318b113b67c --- /dev/null +++ b/2020/7xxx/CVE-2020-7000.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7000", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7001.json b/2020/7xxx/CVE-2020-7001.json new file mode 100644 index 00000000000..adb8dc30ad1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7001.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7001", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7002.json b/2020/7xxx/CVE-2020-7002.json new file mode 100644 index 00000000000..b87db4d9b1f --- /dev/null +++ b/2020/7xxx/CVE-2020-7002.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7002", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7003.json b/2020/7xxx/CVE-2020-7003.json new file mode 100644 index 00000000000..a02097847b2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7003.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7003", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7004.json b/2020/7xxx/CVE-2020-7004.json new file mode 100644 index 00000000000..ab31f85c24a --- /dev/null +++ b/2020/7xxx/CVE-2020-7004.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7004", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7005.json b/2020/7xxx/CVE-2020-7005.json new file mode 100644 index 00000000000..bf401e4b649 --- /dev/null +++ b/2020/7xxx/CVE-2020-7005.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7005", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7006.json b/2020/7xxx/CVE-2020-7006.json new file mode 100644 index 00000000000..0c024fd2279 --- /dev/null +++ b/2020/7xxx/CVE-2020-7006.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7006", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7007.json b/2020/7xxx/CVE-2020-7007.json new file mode 100644 index 00000000000..4df8d592ae1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7007.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7007", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7008.json b/2020/7xxx/CVE-2020-7008.json new file mode 100644 index 00000000000..42d4f722cb0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7008.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7008", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7009.json b/2020/7xxx/CVE-2020-7009.json new file mode 100644 index 00000000000..9809d6dfde2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7009.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7009", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7010.json b/2020/7xxx/CVE-2020-7010.json new file mode 100644 index 00000000000..2f36bbb948c --- /dev/null +++ b/2020/7xxx/CVE-2020-7010.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7010", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7011.json b/2020/7xxx/CVE-2020-7011.json new file mode 100644 index 00000000000..0458078d163 --- /dev/null +++ b/2020/7xxx/CVE-2020-7011.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7011", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7012.json b/2020/7xxx/CVE-2020-7012.json new file mode 100644 index 00000000000..35e1ea5c7d0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7012.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7012", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7013.json b/2020/7xxx/CVE-2020-7013.json new file mode 100644 index 00000000000..9d3768df8e7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7013.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7013", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7014.json b/2020/7xxx/CVE-2020-7014.json new file mode 100644 index 00000000000..a6288862908 --- /dev/null +++ b/2020/7xxx/CVE-2020-7014.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7014", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7015.json b/2020/7xxx/CVE-2020-7015.json new file mode 100644 index 00000000000..8d321ca3845 --- /dev/null +++ b/2020/7xxx/CVE-2020-7015.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7015", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7016.json b/2020/7xxx/CVE-2020-7016.json new file mode 100644 index 00000000000..b59e0e1a9b6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7016.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7016", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7017.json b/2020/7xxx/CVE-2020-7017.json new file mode 100644 index 00000000000..f008e79af7c --- /dev/null +++ b/2020/7xxx/CVE-2020-7017.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7017", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7018.json b/2020/7xxx/CVE-2020-7018.json new file mode 100644 index 00000000000..c172a92f464 --- /dev/null +++ b/2020/7xxx/CVE-2020-7018.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7018", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7019.json b/2020/7xxx/CVE-2020-7019.json new file mode 100644 index 00000000000..bc2321ca583 --- /dev/null +++ b/2020/7xxx/CVE-2020-7019.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7019", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7020.json b/2020/7xxx/CVE-2020-7020.json new file mode 100644 index 00000000000..1f0d2b1f9a8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7020.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7020", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7021.json b/2020/7xxx/CVE-2020-7021.json new file mode 100644 index 00000000000..1cfdb93009b --- /dev/null +++ b/2020/7xxx/CVE-2020-7021.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7021", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7022.json b/2020/7xxx/CVE-2020-7022.json new file mode 100644 index 00000000000..a3430bda1ce --- /dev/null +++ b/2020/7xxx/CVE-2020-7022.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7022", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7023.json b/2020/7xxx/CVE-2020-7023.json new file mode 100644 index 00000000000..16810c2ee20 --- /dev/null +++ b/2020/7xxx/CVE-2020-7023.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7023", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7024.json b/2020/7xxx/CVE-2020-7024.json new file mode 100644 index 00000000000..1139f545007 --- /dev/null +++ b/2020/7xxx/CVE-2020-7024.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7024", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7025.json b/2020/7xxx/CVE-2020-7025.json new file mode 100644 index 00000000000..ba39c559d84 --- /dev/null +++ b/2020/7xxx/CVE-2020-7025.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7025", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7026.json b/2020/7xxx/CVE-2020-7026.json new file mode 100644 index 00000000000..74cb1cf3214 --- /dev/null +++ b/2020/7xxx/CVE-2020-7026.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7026", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7027.json b/2020/7xxx/CVE-2020-7027.json new file mode 100644 index 00000000000..32d26142396 --- /dev/null +++ b/2020/7xxx/CVE-2020-7027.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7027", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7028.json b/2020/7xxx/CVE-2020-7028.json new file mode 100644 index 00000000000..611c41597d2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7028.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7028", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7029.json b/2020/7xxx/CVE-2020-7029.json new file mode 100644 index 00000000000..a4d7a582686 --- /dev/null +++ b/2020/7xxx/CVE-2020-7029.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7029", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7030.json b/2020/7xxx/CVE-2020-7030.json new file mode 100644 index 00000000000..a70ade5ec75 --- /dev/null +++ b/2020/7xxx/CVE-2020-7030.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7030", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7031.json b/2020/7xxx/CVE-2020-7031.json new file mode 100644 index 00000000000..acea84e1473 --- /dev/null +++ b/2020/7xxx/CVE-2020-7031.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7031", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7032.json b/2020/7xxx/CVE-2020-7032.json new file mode 100644 index 00000000000..118ec9d8752 --- /dev/null +++ b/2020/7xxx/CVE-2020-7032.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7032", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7033.json b/2020/7xxx/CVE-2020-7033.json new file mode 100644 index 00000000000..8dd3ce33eaf --- /dev/null +++ b/2020/7xxx/CVE-2020-7033.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7033", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7034.json b/2020/7xxx/CVE-2020-7034.json new file mode 100644 index 00000000000..e3b340d61e2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7034.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7034", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7035.json b/2020/7xxx/CVE-2020-7035.json new file mode 100644 index 00000000000..40c9a0c263b --- /dev/null +++ b/2020/7xxx/CVE-2020-7035.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7035", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7036.json b/2020/7xxx/CVE-2020-7036.json new file mode 100644 index 00000000000..de1501b6679 --- /dev/null +++ b/2020/7xxx/CVE-2020-7036.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7036", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7037.json b/2020/7xxx/CVE-2020-7037.json new file mode 100644 index 00000000000..0329501586e --- /dev/null +++ b/2020/7xxx/CVE-2020-7037.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7037", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7038.json b/2020/7xxx/CVE-2020-7038.json new file mode 100644 index 00000000000..a794aaf51bf --- /dev/null +++ b/2020/7xxx/CVE-2020-7038.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7038", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 5a99c6b776986b8440bafcc866303eff5dcb95b5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Jan 2020 15:01:06 +0000 Subject: [PATCH 054/387] "-Synchronized-Data." --- 2013/2xxx/CVE-2013-2773.json | 48 +++++++++++++++++++- 2013/7xxx/CVE-2013-7185.json | 53 +++++++++++++++++++++- 2019/0xxx/CVE-2019-0219.json | 63 +++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12399.json | 83 ++++++++++++++++++++++++++++++++-- 2019/20xxx/CVE-2019-20041.json | 5 ++ 2020/7xxx/CVE-2020-7039.json | 18 ++++++++ 6 files changed, 256 insertions(+), 14 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7039.json diff --git a/2013/2xxx/CVE-2013-2773.json b/2013/2xxx/CVE-2013-2773.json index 8bb311bc9f6..272428979fb 100644 --- a/2013/2xxx/CVE-2013-2773.json +++ b/2013/2xxx/CVE-2013-2773.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2773", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitrary Code Execution" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/58928", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/58928" } ] } diff --git a/2013/7xxx/CVE-2013-7185.json b/2013/7xxx/CVE-2013-7185.json index 2bdae837c0c..cd8b05edd47 100644 --- a/2013/7xxx/CVE-2013-7185.json +++ b/2013/7xxx/CVE-2013-7185.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7185", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PotPlayer 1.5.40688: .avi File Memory Corruption" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.exploit-db.com/exploits/30413", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/30413" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89981", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89981" } ] } diff --git a/2019/0xxx/CVE-2019-0219.json b/2019/0xxx/CVE-2019-0219.json index 03d12469e89..85c6b68f2b3 100644 --- a/2019/0xxx/CVE-2019-0219.json +++ b/2019/0xxx/CVE-2019-0219.json @@ -1,17 +1,66 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0219", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0219", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Cordova", + "version": { + "version_data": [ + { + "version_value": "Cordova Android applications using the InAppBrowser plugin ( cordova-plugin-inappbrowser version 3.0.0 and below )" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[oss-security] 20191127 CVE-2019-0219: Apache Cordova InAppBrowser Privilege Escalation (Android)", + "url": "http://www.openwall.com/lists/oss-security/2019/11/28/1" + }, + { + "refsource": "MLIST", + "name": "[cordova-dev] 20191128 CVE-2019-0219: Apache Cordova InAppBrowser Privilege Escalation (Android)", + "url": "https://lists.apache.org/thread.html/197482d5ab80c0bff4a5ec16e1b0466df38389d9a4b5331d777f14fc%40%3Cdev.cordova.apache.org%3E" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI." } ] } diff --git a/2019/12xxx/CVE-2019-12399.json b/2019/12xxx/CVE-2019-12399.json index 7486b454f7f..c730e1f10ad 100644 --- a/2019/12xxx/CVE-2019-12399.json +++ b/2019/12xxx/CVE-2019-12399.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-12399", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Kafka", + "version": { + "version_data": [ + { + "version_value": "Apache Kafka 2.0.0" + }, + { + "version_value": "2.0.1" + }, + { + "version_value": "2.1.0" + }, + { + "version_value": "2.1.1" + }, + { + "version_value": "2.2.0" + }, + { + "version_value": "2.2.1" + }, + { + "version_value": "2.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[kafka-users] 20200113 CVE-2019-12399: Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint", + "url": "https://lists.apache.org/thread.html/r6af5ed95726874e9add022955be83c192428c248d1c9a1914aff89d9@%3Cusers.kafka.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200113 CVE-2019-12399: Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint", + "url": "http://www.openwall.com/lists/oss-security/2020/01/14/1" + }, + { + "refsource": "MLIST", + "name": "[announce] 20200113 CVE-2019-12399: Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint", + "url": "https://lists.apache.org/thread.html/r6af5ed95726874e9add022955be83c192428c248d1c9a1914aff89d9@%3Cannounce.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[kafka-dev] 20200113 CVE-2019-12399: Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint", + "url": "https://lists.apache.org/thread.html/r6af5ed95726874e9add022955be83c192428c248d1c9a1914aff89d9%40%3Cdev.kafka.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables." } ] } diff --git a/2019/20xxx/CVE-2019-20041.json b/2019/20xxx/CVE-2019-20041.json index fce7f796eb1..58577af2991 100644 --- a/2019/20xxx/CVE-2019-20041.json +++ b/2019/20xxx/CVE-2019-20041.json @@ -71,6 +71,11 @@ "refsource": "DEBIAN", "name": "DSA-4599", "url": "https://www.debian.org/security/2020/dsa-4599" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200114 [SECURITY] [DLA 2067-1] wordpress security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00010.html" } ] } diff --git a/2020/7xxx/CVE-2020-7039.json b/2020/7xxx/CVE-2020-7039.json new file mode 100644 index 00000000000..7c49b055a69 --- /dev/null +++ b/2020/7xxx/CVE-2020-7039.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7039", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From c1a937cea9a9a8e47d2caa83c2f57cc2765c995a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Jan 2020 16:01:03 +0000 Subject: [PATCH 055/387] "-Synchronized-Data." --- 2014/4xxx/CVE-2014-4609.json | 58 ++++++++++++++++++++++++++++++++-- 2014/4xxx/CVE-2014-4610.json | 58 ++++++++++++++++++++++++++++++++-- 2014/5xxx/CVE-2014-5138.json | 48 ++++++++++++++++++++++++++-- 2014/5xxx/CVE-2014-5238.json | 58 ++++++++++++++++++++++++++++++++-- 2015/8xxx/CVE-2015-8366.json | 58 ++++++++++++++++++++++++++++++++-- 2015/8xxx/CVE-2015-8367.json | 58 ++++++++++++++++++++++++++++++++-- 2019/13xxx/CVE-2019-13627.json | 5 +++ 2020/5xxx/CVE-2020-5851.json | 50 +++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7040.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7041.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7042.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7043.json | 18 +++++++++++ 12 files changed, 450 insertions(+), 15 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7040.json create mode 100644 2020/7xxx/CVE-2020-7041.json create mode 100644 2020/7xxx/CVE-2020-7042.json create mode 100644 2020/7xxx/CVE-2020-7043.json diff --git a/2014/4xxx/CVE-2014-4609.json b/2014/4xxx/CVE-2014-4609.json index ab47a9df339..524872c49b1 100644 --- a/2014/4xxx/CVE-2014-4609.json +++ b/2014/4xxx/CVE-2014-4609.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4609", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", + "url": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/06/26/22", + "url": "http://www.openwall.com/lists/oss-security/2014/06/26/22" + }, + { + "refsource": "MISC", + "name": "https://libav.org/news/#2014-06-27", + "url": "https://libav.org/news/#2014-06-27" } ] } diff --git a/2014/4xxx/CVE-2014-4610.json b/2014/4xxx/CVE-2014-4610.json index 77a7c431726..cf8d9366196 100644 --- a/2014/4xxx/CVE-2014-4610.json +++ b/2014/4xxx/CVE-2014-4610.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4610", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", + "url": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/06/26/23", + "url": "http://www.openwall.com/lists/oss-security/2014/06/26/23" + }, + { + "refsource": "MISC", + "name": "https://www.ffmpeg.org/security.html", + "url": "https://www.ffmpeg.org/security.html" } ] } diff --git a/2014/5xxx/CVE-2014-5138.json b/2014/5xxx/CVE-2014-5138.json index 6be5a671aa0..7d5acd240eb 100644 --- a/2014/5xxx/CVE-2014-5138.json +++ b/2014/5xxx/CVE-2014-5138.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5138", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Innovative Interfaces Sierra Library Services Platform 1.2_3 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/128053/Sierra-Library-Services-Platform-1.2_3-XSS-Enumeration.html", + "url": "https://packetstormsecurity.com/files/128053/Sierra-Library-Services-Platform-1.2_3-XSS-Enumeration.html" } ] } diff --git a/2014/5xxx/CVE-2014-5238.json b/2014/5xxx/CVE-2014-5238.json index bae9ba74ae7..31b0267db72 100644 --- a/2014/5xxx/CVE-2014-5238.json +++ b/2014/5xxx/CVE-2014-5238.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5238", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", + "url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", + "url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf" } ] } diff --git a/2015/8xxx/CVE-2015-8366.json b/2015/8xxx/CVE-2015-8366.json index b5efce21d11..bf868523fa9 100644 --- a/2015/8xxx/CVE-2015-8366.json +++ b/2015/8xxx/CVE-2015-8366.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8366", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html", + "url": "http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html" + }, + { + "refsource": "MISC", + "name": "http://www.libraw.org/news/libraw-0-17-1", + "url": "http://www.libraw.org/news/libraw-0-17-1" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Nov/108", + "url": "http://seclists.org/fulldisclosure/2015/Nov/108" } ] } diff --git a/2015/8xxx/CVE-2015-8367.json b/2015/8xxx/CVE-2015-8367.json index 7bf58eb2a95..87bc083140f 100644 --- a/2015/8xxx/CVE-2015-8367.json +++ b/2015/8xxx/CVE-2015-8367.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8367", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html", + "url": "http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html" + }, + { + "refsource": "MISC", + "name": "http://www.libraw.org/news/libraw-0-17-1", + "url": "http://www.libraw.org/news/libraw-0-17-1" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Nov/108", + "url": "http://seclists.org/fulldisclosure/2015/Nov/108" } ] } diff --git a/2019/13xxx/CVE-2019-13627.json b/2019/13xxx/CVE-2019-13627.json index 6a2c603ae30..2850b56afa0 100644 --- a/2019/13xxx/CVE-2019-13627.json +++ b/2019/13xxx/CVE-2019-13627.json @@ -96,6 +96,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0022", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00018.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4236-2", + "url": "https://usn.ubuntu.com/4236-2/" } ] } diff --git a/2020/5xxx/CVE-2020-5851.json b/2020/5xxx/CVE-2020-5851.json index ff872b58140..58cbac0b7f6 100644 --- a/2020/5xxx/CVE-2020-5851.json +++ b/2020/5xxx/CVE-2020-5851.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5851", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "Hotfix-BIGIP-14.1.0.2.0.45.4-ENG, Hotfix-BIGIP-14.1.0.2.0.62.4-ENG" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Compromise detection failure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K91171450", + "url": "https://support.f5.com/csp/article/K91171450" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components. This issue only impacts specific engineering hotfixes and platforms. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.0.2.0.45.4-ENG Hotfix-BIGIP-14.1.0.2.0.62.4-ENG" } ] } diff --git a/2020/7xxx/CVE-2020-7040.json b/2020/7xxx/CVE-2020-7040.json new file mode 100644 index 00000000000..ac5353fd0c1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7040.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7040", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7041.json b/2020/7xxx/CVE-2020-7041.json new file mode 100644 index 00000000000..4c29c53d5b2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7041.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7041", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7042.json b/2020/7xxx/CVE-2020-7042.json new file mode 100644 index 00000000000..2278922595c --- /dev/null +++ b/2020/7xxx/CVE-2020-7042.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7042", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7043.json b/2020/7xxx/CVE-2020-7043.json new file mode 100644 index 00000000000..ecb7111058f --- /dev/null +++ b/2020/7xxx/CVE-2020-7043.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7043", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From e9710cc7f1ccf77735aff7f987190039dcdd858e Mon Sep 17 00:00:00 2001 From: Omar Gani Date: Tue, 14 Jan 2020 17:56:27 +0100 Subject: [PATCH 056/387] juniper-2020-01-08 CVE publications, for more information see https://advisory.juniper.net --- 2020/1xxx/CVE-2020-1600.json | 201 ++++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1601.json | 200 +++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1602.json | 235 +++++++++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1603.json | 194 +++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1604.json | 180 +++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1605.json | 227 +++++++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1606.json | 216 ++++++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1607.json | 216 ++++++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1608.json | 200 +++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1609.json | 227 +++++++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1611.json | 106 ++++++++++++++++ 11 files changed, 2202 insertions(+) create mode 100644 2020/1xxx/CVE-2020-1600.json create mode 100644 2020/1xxx/CVE-2020-1601.json create mode 100644 2020/1xxx/CVE-2020-1602.json create mode 100644 2020/1xxx/CVE-2020-1603.json create mode 100644 2020/1xxx/CVE-2020-1604.json create mode 100644 2020/1xxx/CVE-2020-1605.json create mode 100644 2020/1xxx/CVE-2020-1606.json create mode 100644 2020/1xxx/CVE-2020-1607.json create mode 100644 2020/1xxx/CVE-2020-1608.json create mode 100644 2020/1xxx/CVE-2020-1609.json create mode 100644 2020/1xxx/CVE-2020-1611.json diff --git a/2020/1xxx/CVE-2020-1600.json b/2020/1xxx/CVE-2020-1600.json new file mode 100644 index 00000000000..019c1294b7d --- /dev/null +++ b/2020/1xxx/CVE-2020-1600.json @@ -0,0 +1,201 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1600", + "STATE": "READY", + "TITLE": "Junos OS: A specific SNMP command can trigger a high CPU usage Denial of Service in the RPD daemon." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12.3X48", + "version_value": "12.3X48-D90" + }, + { + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D238, 15.1X53-D592" + }, + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R7-S5" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S11" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S11, 17.1R3-S1" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R3-S7" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S4, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S5" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3" + }, + { + "version_affected": "<", + "version_name": "18.2X75", + "version_value": "18.2X75-D50" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R2" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R2" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R2" + }, + { + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R1" + }, + { + "version_affected": "<", + "version_name": "15.1X49", + "version_value": "15.1X49-D200" + }, + { + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S6" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "The following minimal configuration is required. The community \"public\" is minimal; other communities are impacted as well.\n\n [snmp community public]\n [logical-systems logical-system-name protocols mpls label-switched-path lsp-name]\n [protocols mpls label-switched-path]" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition.\n\nThis issue affects both SNMP over IPv4 and IPv6. \n\nThis issue affects:\nJuniper Networks Junos OS:\n12.3X48 versions prior to 12.3X48-D90;\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D238, 15.1X53-D592; \n16.1 versions prior to 16.1R7-S5;\n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R3-S1;\n17.2 versions prior to 17.2R3-S2;\n17.3 versions prior to 17.3R3-S7;\n17.4 versions prior to 17.4R2-S4, 17.4R3;\n18.1 versions prior to 18.1R3-S5;\n18.2 versions prior to 18.2R3;\n18.2X75 versions prior to 18.2X75-D50;\n18.3 versions prior to 18.3R2;\n18.4 versions prior to 18.4R2;\n19.1 versions prior to 19.1R2.\n" + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1402185", + "refsource": "MISC", + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1402185" + }, + { + "name": "https://kb.juniper.net/JSA10979", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10979" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 12.3X48-D90, 15.1X49-D200, 15.1R7-S6, 15.1X53-D238, 15.1X53-D592, 16.1R7-S5, 16.2R2-S11, 17.1R3-S1, 17.2R3-S2, 17.3R3-S7, 17.4R2-S4, 17.4R3, 18.1R3-S5, 18.2R3, 18.2X75-D50, 18.3R2, 18.4R2, 19.1R2, 19.2R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10979", + "defect": [ + "1402185" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "If SNMP is not needed, remove SNMP from the system, otherwise, there are no available workarounds for this issue. SNMP is disabled by default.\n\nAdditional steps which may reduce the risk of exploitation include: \nUtilizing edge filtering with source-address validation (uRPF, etc.), access control lists (ACLs), and/or SNMPv3 authentication to limit access to the device only from trusted hosts." + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1601.json b/2020/1xxx/CVE-2020-1601.json new file mode 100644 index 00000000000..01e663a1da5 --- /dev/null +++ b/2020/1xxx/CVE-2020-1601.json @@ -0,0 +1,200 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1601", + "STATE": "READY", + "TITLE": "Junos OS: Upon receipt of certain types of malformed PCEP packets the pccd process may crash." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1F6-S13, 15.1R7-S4" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "15.1X49", + "version_value": "15.1X49-D180" + }, + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R7-S4" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S9" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S11, 17.1R3" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R1-S9, 17.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R3-S3" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S2, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S2" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3" + }, + { + "version_affected": "<", + "version_name": "18.2X75", + "version_value": "18.2X75-D40" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.2R2-S6, 18.3R2" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R1-S2, 18.4R2" + }, + { + "version_affected": ">=", + "version_name": "17.2", + "version_value": "17.2R2" + }, + { + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D238, 15.1X53-D496, 15.1X53-D592" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "The following minimal configuration is required: \n [protocols pcep pce pce-id destination-ipv4-address ipv4-address]" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS).\n\nContinued receipt of this family of malformed PCEP packets will cause an extended Denial of Service (DoS) condition.\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1F6-S13, 15.1R7-S4;\n15.1X49 versions prior to 15.1X49-D180 on SRX Series;\n15.1X53 versions prior to 15.1X53-D238, 15.1X53-D496, 15.1X53-D592; \n16.1 versions prior to 16.1R7-S4;\n16.2 versions prior to 16.2R2-S9;\n17.1 versions prior to 17.1R2-S11, 17.1R3;\n17.2 versions prior to 17.2R1-S9;\n17.2 version 17.2R2 and later prior to 17.2R3-S2;\n17.3 versions prior to 17.3R3-S3;\n17.4 versions prior to 17.4R2-S2, 17.4R3;\n18.1 versions prior to 18.1R3-S2;\n18.2 versions prior to 18.2R2-S6, 18.2R3;\n18.2X75 versions prior to 18.2X75-D40;\n18.3 versions prior to 18.3R2;\n18.4 versions prior to 18.4R1-S2, 18.4R2.\n\nThis issue does not affect releases of Junos OS prior to 15.1R1. \n" + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "253 - Incorrect Check of Function Return Value" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1395205", + "refsource": "MISC", + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1395205" + }, + { + "name": "https://kb.juniper.net/JSA10980", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10980" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 15.1F6-S13, 15.1R7-S4, 15.1X49-D180, 15.1X53-D238, 15.1X53-D496, 15.1X53-D592, 16.1R7-S4, 16.2R2-S9, 17.1R2-S11, 17.1R3, 17.2R1-S9, 17.2R3-S2, 17.3R3-S3, 17.4R2-S2, 17.4R2-S4, 17.4R3, 18.1R3-S2, 18.2R2-S6, 18.2R3, 18.2X75-D40, 18.3R2, 18.4R1-S2, 18.4R2, 19.1R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10980", + "defect": [ + "1395205" + ], + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no viable workarounds for this issue." + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1602.json b/2020/1xxx/CVE-2020-1602.json new file mode 100644 index 00000000000..c0c36db0d7c --- /dev/null +++ b/2020/1xxx/CVE-2020-1602.json @@ -0,0 +1,235 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1602", + "STATE": "READY", + "TITLE": "Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets may take over the code execution of the JDHCPD process." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S6" + }, + { + "version_affected": "<", + "version_name": "15.1X49", + "version_value": "15.1X49-D200" + }, + { + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D592" + }, + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R7-S6" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S11" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S11, 17.1R3-S1" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R2-S8, 17.2R3-S3" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R3-S6" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S7, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S8" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R1-S6, 18.3R2-S2, 18.3R3" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R1-S5, 18.4R2-S3, 18.4R3" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R1-S3, 19.1R2" + }, + { + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R1-S3, 19.2R2" + }, + { + "version_affected": "<", + "version_name": "19.3", + "version_value": "19.3R1, 19.3R2" + }, + { + "version_affected": "<", + "version_name": "18.2X75", + "version_value": "18.2X75-D60" + } + ] + } + }, + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "platform": "Junos Evolved", + "version_affected": "<", + "version_value": "19.3R1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "The following minimal configuration is required: \n [forwarding-options dhcp-relay]" + } + ], + "credit": [ + { + "lang": "eng", + "value": "Longfei Fan from Codesafe Team of Legendsec at Qi'anxin Group" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. \n\nThis issue affect IPv4 JDHCPD services. \n\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D592;\n16.1 versions prior to 16.1R7-S6;\n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R2-S8, 17.2R3-S3;\n17.3 versions prior to 17.3R3-S6;\n17.4 versions prior to 17.4R2-S7, 17.4R3;\n18.1 versions prior to 18.1R3-S8;\n18.2 versions prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D60;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S3, 19.2R2*.\n \nand\n\nAll versions prior to 19.3R1 on Junos OS Evolved.\n\nThis issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.\n" + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Execution of Process" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-416 Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10981", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10981" + }, + { + "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353", + "refsource": "MISC", + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 15.1R7-S6, 15.1X49-D200, 15.1X53-D592, 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S6, 17.4R2-S7, 17.4R3, 18.1R3-S8, 18.2R3-S2, 18.2X75-D60, 18.3R1-S6, 18.3R2-S2, 18.3R3, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S3, 19.2R2*, 19.3R1, and all subsequent releases.\n\nJunos OS Evolved: 19.3R1, and all subsequent releases.\n\n*pending publication" + } + ], + "source": { + "advisory": "JSA10981", + "defect": [ + "1449353" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "If JDHCPD is not needed then disable the service in the device configuration. \nThere are no other viable workarounds for this issue." + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1603.json b/2020/1xxx/CVE-2020-1603.json new file mode 100644 index 00000000000..daff4a35159 --- /dev/null +++ b/2020/1xxx/CVE-2020-1603.json @@ -0,0 +1,194 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1603", + "STATE": "READY", + "TITLE": "Junos OS: Improper handling of specific IPv6 packets sent by clients eventually kernel crash (vmcore) the device." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R7-S6" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S11" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S11, 17.1R3-S1" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R1-S9, 17.2R2-S8, 17.2R3-S3" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R3-S6" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S9, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S7" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "18.2X75", + "version_value": "18.2X75-D50, 18.2X75-D410" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R1-S6, 18.3R2-S2, 18.3R3" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R1-S6, 18.4R2-S2, 18.4R3" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R1-S3, 19.1R2" + }, + { + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R1-S2, 19.2R2" + }, + { + "version_affected": ">=", + "version_name": "16.1", + "version_value": "16.1X70-D10" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "This issue may occur when an interface is configured with IPv6.\nFor example: \n [interfaces fe-1/2/0 unit 1 family inet6 address 2001:db8:0:1::/64] " + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. These IPv6 packets are designed to be blocked by the RE from egressing the RE. Instead, the RE allows these specific IPv6 packets to egress the RE, at which point a mbuf memory leak occurs within the Juniper Networks Junos OS device. This memory leak eventually leads to a kernel crash (vmcore), or the device hanging and requiring a power cycle to restore service, creating a Denial of Service (DoS) condition. \n\nDuring the time where mbufs are rising, yet not fully filled, some traffic from client devices may begin to be black holed. To be black holed, this traffic must match the condition where this traffic must be processed by the RE. \nContinued receipt and attempted egress of these specific IPv6 packets from the Routing Engine (RE) will create an extended Denial of Service (DoS) condition. \n\nScenarios which have been observed are: \n1. In a single chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario the device needs to be power cycled.\n2. In a single chassis, dual RE scenario, the device master RE will fail over to the backup RE. In this scenario, the master and the backup REs need to be reset from time to time when they vmcore. There is no need to power cycle the device.\n3. In a dual chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario, the two chassis' design relies upon some type of network level redundancy - VRRP, GRES, NSR, etc. - \n3.a In a commanded switchover, where nonstop active routing (NSR) is enabled no session loss is observed.\n4. In a dual chassis, dual chassis scenario, rely upon the RE to RE failover as stated in the second scenario. In the unlikely event that the device does not switch RE to RE gracefully, then the fallback position is to the network level services scenario in the third scenario.\n\n \n \n\n\n\n\n\nThis issue affects:\nJuniper Networks Junos OS\n16.1 versions prior to 16.1R7-S6;\n16.1 version 16.1X70-D10 and later; \n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3;\n17.3 versions prior to 17.3R3-S6;\n17.4 versions prior to 17.4R2-S9, 17.4R3;\n18.1 versions prior to 18.1R3-S7;\n18.2 versions prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D50, 18.2X75-D410;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3;\n18.4 versions prior to 18.4R1-S6, 18.4R2-S2, 18.4R3;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S2, 19.2R2.\n\nThis issue does not affect releases prior to Junos OS 16.1R1.\n" + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-710 Improper Adherence to Coding Standards" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10982", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10982" + }, + { + "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1443576", + "refsource": "MISC", + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1443576" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S1, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.3R3-S6, 17.4R2-S9, 17.4R3, 18.1R3-S7, 18.2R3-S2, 18.2X75-D50, 18.2X75-D410, 18.3R1-S6, 18.3R2-S2, 18.3R3, 18.4R1-S6, 18.4R2-S2, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2, 19.3R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10982", + "defect": [ + "1443576" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "Remove 'family inet6' from interfaces. Otherwise, there are no available workarounds for this issue.\n\nIndicators of compromise can be found by reviewing RE logs for entries which match in \" \" :\n\"/kernel: Mbuf: High Utililization Level\"\n\nAdditionally, you may issue the follow command from time to time to determine if your mbufs are climbing or are being released by reviewing across two separate times.\n\nThe required privilege level to run the command is: view.\nshow system buffers" + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1604.json b/2020/1xxx/CVE-2020-1604.json new file mode 100644 index 00000000000..63e7a85eb7e --- /dev/null +++ b/2020/1xxx/CVE-2020-1604.json @@ -0,0 +1,180 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1604", + "STATE": "READY", + "TITLE": "Junos OS: EX4300/EX4600/QFX3500/QFX5100 Series: Stateless IP firewall filter may fail to evaluate certain packets" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "platform": "QFX5100 Series and EX4600 Series", + "version_affected": "<", + "version_name": "14.1X53", + "version_value": "14.1X53-D12" + }, + { + "platform": "QFX3500 Series", + "version_affected": "<", + "version_name": "14.1X53", + "version_value": "14.1X53-D52" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "14.1X53", + "version_value": "14.1X53-D48" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S3" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R7" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R3" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R3" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R2-S5, 17.3R3" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R2" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "This issue affects Junos OS device with stateless IPv4 or IPv6 firewall filter configured:\n [firewall family inet filter]\n [firewall family inet6 filter]" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail.\n\nThis issue only affects firewall filter evaluation of certain packets destined to the device Routing Engine (RE).\nThis issue does not affect the Layer 2 firewall filter evaluation nor does it affect the Layer 3 firewall filter evaluation destined to connected hosts.\n\nThis issue may occur when evaluating both IPv4 or IPv6 packets.\nThis issue affects Juniper Networks Junos OS:\n14.1X53 versions prior to 14.1X53-D12 on QFX5100 Series and EX4600 Series;\n14.1X53 versions prior to 14.1X53-D52 on QFX3500 Series;\n14.1X53 versions prior to 14.1X53-D48 on EX4300 Series;\n15.1 versions prior to 15.1R7-S3 on EX4300 Series;\n16.1 versions prior to 16.1R7 on EX4300 Series;\n17.1 versions prior to 17.1R3 on EX4300 Series;\n17.2 versions prior to 17.2R3 on EX4300 Series;\n17.3 versions prior to 17.3R2-S5, 17.3R3 on EX4300 Series;\n17.4 versions prior to 17.4R2 on EX4300 Series;\n18.1 versions prior to 18.1R3 on EX4300 Series;\n18.2 versions prior to 18.2R2 on EX4300 Series." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10983", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10983" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "For QFX5100 Series and EX4600 Series:\nThe following software releases have been updated to resolve this specific issue: 14.1X53-D12 and all subsequent releases.\n\nFor QFX3500 Series:\nThe following software releases have been updated to resolve this specific issue: 14.1X53-D52 and all subsequent releases.\n\nFor EX4300 Series: \nThe following software releases have been updated to resolve this specific issue: 14.1X53-D48, 15.1R7-S3, 16.1R7, 17.1R3, 17.2R3, 17.3R2-S5, 17.3R3, 17.4R2, 18.1R3, 18.2R2, 18.3R1 and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10983", + "defect": [ + "1026708", + "1458027", + "1343402", + "1377189" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue.\n\n" + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1605.json b/2020/1xxx/CVE-2020-1605.json new file mode 100644 index 00000000000..ac3f0d67431 --- /dev/null +++ b/2020/1xxx/CVE-2020-1605.json @@ -0,0 +1,227 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1605", + "STATE": "READY", + "TITLE": "Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets and arbitrarily execute commands on the target device." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S6" + }, + { + "version_affected": "<", + "version_name": "15.1X49", + "version_value": "15.1X49-D200" + }, + { + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D592" + }, + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R7-S6" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S11" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S11, 17.1R3-S1" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R2-S8, 17.2R3-S3" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R3-S6" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S7, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S8" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R1-S6, 18.3R2-S2, 18.3R3" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R1-S5, 18.4R2-S3, 18.4R3" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R1-S3, 19.1R2" + }, + { + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R1-S3, 19.2R2" + }, + { + "version_affected": "<", + "version_name": "19.3", + "version_value": "19.3R1, 19.3R2" + }, + { + "version_affected": "<", + "version_name": "18.2X75", + "version_value": "18.2X75-D60" + } + ] + } + }, + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "platform": "Junos Evolved", + "version_affected": "<", + "version_value": "19.3R1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "The following minimal configuration is required: \n [forwarding-options dhcp-relay]" + } + ], + "credit": [ + { + "lang": "eng", + "value": "Longfei Fan from Codesafe Team of Legendsec at Qi'anxin Group" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device.\n\nThis issue affects IPv4 JDHCPD services. \n\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D592;\n16.1 versions prior to 16.1R7-S6;\n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R2-S8, 17.2R3-S3;\n17.3 versions prior to 17.3R3-S6;\n17.4 versions prior to 17.4R2-S7, 17.4R3;\n18.1 versions prior to 18.1R3-S8;\n18.2 versions prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D60;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S3, 19.2R2*.\n \nand\n\nAll versions prior to 19.3R1 on Junos OS Evolved.\n\nThis issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.\n" + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10981", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10981" + }, + { + "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353", + "refsource": "MISC", + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 15.1R7-S6, 15.1X49-D200, 15.1X53-D592, 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S6, 17.4R2-S7, 17.4R3, 18.1R3-S8, 18.2R3-S2, 18.2X75-D60, 18.3R1-S6, 18.3R2-S2, 18.3R3, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S3, 19.2R2*, 19.3R1, and all subsequent releases.\n\nJunos OS Evolved: 19.3R1, and all subsequent releases.\n\n*pending publication" + } + ], + "source": { + "advisory": "JSA10981", + "defect": [ + "1449353" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "If JDHCPD is not needed then disable the service in the device configuration. \nThere are no other viable workarounds for this issue." + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1606.json b/2020/1xxx/CVE-2020-1606.json new file mode 100644 index 00000000000..3d98da22a27 --- /dev/null +++ b/2020/1xxx/CVE-2020-1606.json @@ -0,0 +1,216 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1606", + "STATE": "READY", + "TITLE": "Junos OS: Path traversal vulnerability in J-Web" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12.3", + "version_value": "12.3R12-S13" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "12.3X48", + "version_value": "12.3X48-D85" + }, + { + "version_affected": "<", + "version_name": "14.1X53", + "version_value": "14.1X53-D51" + }, + { + "version_affected": "<", + "version_name": "15.1F6", + "version_value": "15.1F6-S13" + }, + { + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S5" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "15.1X49", + "version_value": "15.1X49-D180" + }, + { + "platform": "QFX5200/QFX5110 Series", + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D238" + }, + { + "platform": "EX2300/EX3400 Series", + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D592" + }, + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R4-S13, 16.1R7-S5" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S10" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R3-S1" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R1-S9, 17.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R2-S5, 17.3R3-S5" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S9, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S8" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R2-S3, 18.3R3" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R2" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R1-S4, 19.1R2" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "This issue requires J-Web to be enabled on the device.\n\nThe examples of the config stanza affected by this issue:\n [system services web-management http]\n [system services web-management https]" + } + ], + "credit": [ + { + "lang": "eng", + "value": "Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission.\nThis issue does not affect system files that can be accessed only by root user.\n\nThis issue affects Juniper Networks Junos OS:\n12.3 versions prior to 12.3R12-S13;\n12.3X48 versions prior to 12.3X48-D85 on SRX Series;\n14.1X53 versions prior to 14.1X53-D51;\n15.1F6 versions prior to 15.1F6-S13;\n15.1 versions prior to 15.1R7-S5;\n15.1X49 versions prior to 15.1X49-D180 on SRX Series;\n15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series;\n16.1 versions prior to 16.1R4-S13, 16.1R7-S5;\n16.2 versions prior to 16.2R2-S10;\n17.1 versions prior to 17.1R3-S1;\n17.2 versions prior to 17.2R1-S9, 17.2R3-S2;\n17.3 versions prior to 17.3R2-S5, 17.3R3-S5;\n17.4 versions prior to 17.4R2-S9, 17.4R3;\n18.1 versions prior to 18.1R3-S8;\n18.2 versions prior to 18.2R3;\n18.3 versions prior to 18.3R2-S3, 18.3R3;\n18.4 versions prior to 18.4R2;\n19.1 versions prior to 19.1R1-S4, 19.1R2." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10985", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10985" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S13, 12.3X48-D85, 14.1X53-D51, 15.1F6-S13, 15.1R7-S5, 15.1X49-D180, 15.1X53-D238, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10, 17.1R3-S1, 17.2R1-S9, 17.2R3-S2, 17.3R2-S5, 17.3R3-S5, 17.4R2-S9, 17.4R3, 18.1R3-S8, 18.2R3, 18.3R2-S3, 18.3R3, 18.4R2, 19.1R1-S4, 19.1R2, 19.2R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10985", + "defect": [ + "1431298" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Limit access to the J-Web interface to only trusted users to reduce risks of exploitation of this vulnerability." + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1607.json b/2020/1xxx/CVE-2020-1607.json new file mode 100644 index 00000000000..e53e7d7e842 --- /dev/null +++ b/2020/1xxx/CVE-2020-1607.json @@ -0,0 +1,216 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1607", + "STATE": "READY", + "TITLE": "Junos OS: Cross-Site Scripting (XSS) in J-Web" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12.3", + "version_value": "12.3R12-S15" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "12.3X48", + "version_value": "12.3X48-D86, 12.3X48-D90" + }, + { + "platform": "EX and QFX Series", + "version_affected": "<", + "version_name": "14.1X53", + "version_value": "14.1X53-D51" + }, + { + "version_affected": "<", + "version_name": "15.1F6", + "version_value": "15.1F6-S13" + }, + { + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S5" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "15.1X49", + "version_value": "15.1X49-D181, 15.1X49-D190" + }, + { + "platform": "QFX5200/QFX5110 Series", + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D238" + }, + { + "platform": "EX2300/EX3400 Series", + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D592" + }, + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R4-S13, 16.1R7-S5" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S10" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S11, 17.1R3-S1" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R1-S9, 17.2R3-S2" + }, + { + "version_affected": "=", + "version_name": "17.2", + "version_value": "17.2R2" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R2-S5, 17.3R3-S5" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S6, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S7" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R2-S5, 18.2R3" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R1-S6, 18.3R2-S1, 18.3R3" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R1-S5, 18.4R2" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R1-S2, 19.1R2" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "This issue requires J-Web to be enabled on the device.\n\nThe examples of the config stanza affected by this issue:\n system services web-management http\n system services web-management https" + } + ], + "credit": [ + { + "lang": "eng", + "value": "Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. \n\n\nThis issue affects Juniper Networks Junos OS\n12.3 versions prior to 12.3R12-S15;\n12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90 on SRX Series;\n14.1X53 versions prior to 14.1X53-D51 on EX and QFX Series;\n15.1F6 versions prior to 15.1F6-S13;\n15.1 versions prior to 15.1R7-S5;\n15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 on SRX Series;\n15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series;\n15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400 Series;\n16.1 versions prior to 16.1R4-S13, 16.1R7-S5;\n16.2 versions prior to 16.2R2-S10;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R1-S9, 17.2R3-S2;\n17.3 versions prior to 17.3R2-S5, 17.3R3-S5;\n17.4 versions prior to 17.4R2-S6, 17.4R3;\n18.1 versions prior to 18.1R3-S7;\n18.2 versions prior to 18.2R2-S5, 18.2R3;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S1, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R2;\n19.1 versions prior to 19.1R1-S2, 19.1R2." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10986", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10986" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S15, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1F6-S13,15.1R7-S5, 15.1X49-D181, 15.1X49-D190, 15.1X53-D238, 15.1X53-D592, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10,17.1R2-S11, 17.1R3-S1, 17.2R1-S9, 17.2R3-S2, 17.3R2-S5, 17.3R3-S5, 17.4R2-S6, 17.4R3, 18.1R3-S7,18.2R2-S5, 18.2R3, 18.3R1-S6, 18.3R2-S1, 18.3R3, 18.4R1-S5, 18.4R2, 19.1R1-S2, 19.1R2, 19.2R1, and all subsequent releases." + } + ], + "source": { + "advisory": "JSA10986", + "defect": [ + "1434553" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Access the J-Web service from trusted hosts which may not be compromised by cross-site scripting attacks, for example, deploying jump hosts with no internet access. \nAlternatively, disable J-Web. \n" + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1608.json b/2020/1xxx/CVE-2020-1608.json new file mode 100644 index 00000000000..01276107a2e --- /dev/null +++ b/2020/1xxx/CVE-2020-1608.json @@ -0,0 +1,200 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1608", + "STATE": "READY", + "TITLE": "Junos OS: MX Series: In BBE configurations, receipt of a specific MPLS or IPv6 packet causes a Denial of Service" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "platform": "MX Series", + "version_affected": ">=", + "version_name": "17.2", + "version_value": "17.2R2-S6, 17.2R3 " + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R3-S3" + }, + { + "platform": "MX Series", + "version_affected": ">=", + "version_name": "17.3", + "version_value": "17.3R2-S4, 17.3R3-S2" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R2-S5, 17.3R3-S5" + }, + { + "platform": "MX Series", + "version_affected": ">=", + "version_name": "17.4", + "version_value": "17.4R2" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S7,17.4R3" + }, + { + "platform": "MX Series", + "version_affected": ">=", + "version_name": "18.1", + "version_value": "18.1R2-S3, 18.1R3" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S6" + }, + { + "platform": "MX Series", + "version_affected": ">=", + "version_name": "18.2", + "version_value": "18.2R1-S1, 18.2R2" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3-S2 " + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "18.2X75", + "version_value": "18.2X75-D51, 18.2X75-D60" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R3" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R2" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R1-S3, 19.1R2" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R1-S2, 19.2R2" + }, + { + "platform": "MX Series", + "version_affected": "!<", + "version_value": "17.2R1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot.\n\nThe issue is specific to the processing of packets destined to BBE clients connected to MX Series subscriber management platforms.\n\n\nThis issue affects MX Series running Juniper Networks Junos OS:\n17.2 versions starting from17.2R2-S6, 17.2R3 and later releases, prior to 17.2R3-S3;\n17.3 versions starting from 17.3R2-S4, 17.3R3-S2 and later releases, prior to 17.3R2-S5, 17.3R3-S5;\n17.4 versions starting from 17.4R2 and later releases, prior to 17.4R2-S7,17.4R3;\n18.1 versions starting from 18.1R2-S3, 18.1R3 and later releases, prior to 18.1R3-S6;\n18.2 versions starting from18.2R1-S1, 18.2R2 and later releases, prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D51, 18.2X75-D60;\n18.3 versions prior to 18.3R3;\n18.4 versions prior to 18.4R2;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S2, 19.2R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 17.2R2-S6." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10987", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10987" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 17.2R3-S3, 17.3R2-S5, 17.3R3-S5, 17.4R2-S7, 17.4R3, 18.1R3-S6, 18.2R3-S2, 18.2X75-D51, 18.2X75-D60, 18.3R3, 18.4R2, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2, 19.3R1, and all subsequent releases.\n\n" + } + ], + "source": { + "advisory": "JSA10987", + "defect": [ + "1432957" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue." + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1609.json b/2020/1xxx/CVE-2020-1609.json new file mode 100644 index 00000000000..f5541906000 --- /dev/null +++ b/2020/1xxx/CVE-2020-1609.json @@ -0,0 +1,227 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1609", + "STATE": "READY", + "TITLE": "Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv6 packets and arbitrarily execute commands on the target device." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S6" + }, + { + "version_affected": "<", + "version_name": "15.1X49", + "version_value": "15.1X49-D200" + }, + { + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D592" + }, + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R7-S6" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S11" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S11, 17.1R3-S1" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R2-S8, 17.2R3-S3" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R3-S6" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S7, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S8" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R1-S6, 18.3R2-S2, 18.3R3" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R1-S5, 18.4R2-S3, 18.4R3" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R1-S3, 19.1R2" + }, + { + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R1-S3, 19.2R2" + }, + { + "version_affected": "<", + "version_name": "19.3", + "version_value": "19.3R1, 19.3R2" + }, + { + "version_affected": "<", + "version_name": "18.2X75", + "version_value": "18.2X75-D60" + } + ] + } + }, + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "platform": "Junos Evolved", + "version_affected": "<", + "version_value": "19.3R1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "The following minimal configuration is required: \n [forwarding-options dhcp-relay]" + } + ], + "credit": [ + { + "lang": "eng", + "value": "Longfei Fan from Codesafe Team of Legendsec at Qi'anxin Group" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device.\n\nThis issue affects IPv6 JDHCPD services. \n\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D592;\n16.1 versions prior to 16.1R7-S6;\n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R2-S8, 17.2R3-S3;\n17.3 versions prior to 17.3R3-S6;\n17.4 versions prior to 17.4R2-S7, 17.4R3;\n18.1 versions prior to 18.1R3-S8;\n18.2 versions prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D60;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S3, 19.2R2*.\n \nand\n\nAll versions prior to 19.3R1 on Junos OS Evolved.\n\nThis issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.\n" + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10981", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10981" + }, + { + "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353", + "refsource": "MISC", + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 15.1R7-S6, 15.1X49-D200, 15.1X53-D592, 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S6, 17.4R2-S7, 17.4R3, 18.1R3-S8, 18.2R3-S2, 18.2X75-D60, 18.3R1-S6, 18.3R2-S2, 18.3R3, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S3, 19.2R2*, 19.3R1, and all subsequent releases.\n\nJunos OS Evolved: 19.3R1, and all subsequent releases.\n\n*pending publication" + } + ], + "source": { + "advisory": "JSA10981", + "defect": [ + "1449353" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "If JDHCPD is not needed then disable the service in the device configuration. \nThere are no other viable workarounds for this issue." + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1611.json b/2020/1xxx/CVE-2020-1611.json new file mode 100644 index 00000000000..771db91e487 --- /dev/null +++ b/2020/1xxx/CVE-2020-1611.json @@ -0,0 +1,106 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1611", + "STATE": "READY", + "TITLE": "Junos Space: Malicious HTTP packets sent to Junos Space allow an attacker to view all files on the device." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos Space", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "19.4R1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets.\nThis issue affects:\nJuniper Networks Junos Space\nversions prior to 19.4R1." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local file inclusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10993" + }, + { + "refsource": "MISC", + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449224" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: Junos Space 19.4R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10993", + "defect": [ + "1449224" + ], + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation of these issues, use access lists or firewall filters to limit access to Junos Space to only trusted administrative networks, hosts and users." + } + ] +} \ No newline at end of file From b0e733f40387734302c7e9a84e72a517e917e628 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Jan 2020 17:01:06 +0000 Subject: [PATCH 057/387] "-Synchronized-Data." --- 2014/2xxx/CVE-2014-2271.json | 68 ++++++++++++++++++++++++++++++++- 2014/7xxx/CVE-2014-7844.json | 70 ++++++++++++++++++++++++++++++++-- 2015/0xxx/CVE-2015-0558.json | 58 +++++++++++++++++++++++++++- 2015/2xxx/CVE-2015-2325.json | 63 +++++++++++++++++++++++++++++- 2015/2xxx/CVE-2015-2326.json | 63 +++++++++++++++++++++++++++++- 2018/3xxx/CVE-2018-3977.json | 5 +++ 2019/10xxx/CVE-2019-10995.json | 55 ++++++++++++++++++++++++-- 2019/12xxx/CVE-2019-12216.json | 5 +++ 2019/12xxx/CVE-2019-12217.json | 5 +++ 2019/12xxx/CVE-2019-12218.json | 5 +++ 2019/12xxx/CVE-2019-12219.json | 5 +++ 2019/12xxx/CVE-2019-12220.json | 5 +++ 2019/12xxx/CVE-2019-12221.json | 5 +++ 2019/12xxx/CVE-2019-12222.json | 5 +++ 2019/12xxx/CVE-2019-12398.json | 60 +++++++++++++++++++++++++++-- 2019/13xxx/CVE-2019-13616.json | 10 +++++ 2019/5xxx/CVE-2019-5051.json | 5 +++ 2019/5xxx/CVE-2019-5052.json | 5 +++ 2019/7xxx/CVE-2019-7635.json | 5 +++ 2020/5xxx/CVE-2020-5852.json | 56 +++++++++++++++++++++++++-- 2020/5xxx/CVE-2020-5853.json | 62 ++++++++++++++++++++++++++++-- 21 files changed, 597 insertions(+), 23 deletions(-) diff --git a/2014/2xxx/CVE-2014-2271.json b/2014/2xxx/CVE-2014-2271.json index 92a6ea34883..68797c90ede 100644 --- a/2014/2xxx/CVE-2014-2271.json +++ b/2014/2xxx/CVE-2014-2271.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2271", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm", + "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/71381", + "url": "http://www.securityfocus.com/bid/71381" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99089", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99089" + }, + { + "refsource": "MISC", + "name": "https://labs.f-secure.com/advisories/kingsoft-office-remote-code-execution/", + "url": "https://labs.f-secure.com/advisories/kingsoft-office-remote-code-execution/" + }, + { + "refsource": "MISC", + "name": "https://labs.f-secure.com/assets/763/original/mwri_advisory_huawei_kingsoft-office.pdf", + "url": "https://labs.f-secure.com/assets/763/original/mwri_advisory_huawei_kingsoft-office.pdf" } ] } diff --git a/2014/7xxx/CVE-2014-7844.json b/2014/7xxx/CVE-2014-7844.json index 2605bc81c9f..13361dfa59a 100644 --- a/2014/7xxx/CVE-2014-7844.json +++ b/2014/7xxx/CVE-2014-7844.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-7844", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Metacharacters" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "BSD", + "product": { + "product_data": [ + { + "product_name": "mailx", + "version": { + "version_data": [ + { + "version_value": "8.1.2 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2014/q4/1066", + "url": "http://seclists.org/oss-sec/2014/q4/1066" + }, + { + "refsource": "MISC", + "name": "http://linux.oracle.com/errata/ELSA-2014-1999.html", + "url": "http://linux.oracle.com/errata/ELSA-2014-1999.html" + }, + { + "refsource": "MISC", + "name": "http://www.debian.org/security/2014/dsa-3104", + "url": "http://www.debian.org/security/2014/dsa-3104" + }, + { + "refsource": "MISC", + "name": "http://www.debian.org/security/2014/dsa-3105", + "url": "http://www.debian.org/security/2014/dsa-3105" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-1999.html", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html" } ] } diff --git a/2015/0xxx/CVE-2015-0558.json b/2015/0xxx/CVE-2015-0558.json index 184486e8f66..7576e17c9bf 100644 --- a/2015/0xxx/CVE-2015-0558.json +++ b/2015/0xxx/CVE-2015-0558.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-0558", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses \"1236790\" and the MAC address to generate the WPA key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/129817/Pirelli-Router-P.DG-A4001N-WPA-Key-Reverse-Engineering.html", + "url": "http://packetstormsecurity.com/files/129817/Pirelli-Router-P.DG-A4001N-WPA-Key-Reverse-Engineering.html" + }, + { + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/35721", + "url": "http://www.exploit-db.com/exploits/35721" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99682", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99682" } ] } diff --git a/2015/2xxx/CVE-2015-2325.json b/2015/2xxx/CVE-2015-2325.json index 1924513ff11..6a840b25d14 100644 --- a/2015/2xxx/CVE-2015-2325.json +++ b/2015/2xxx/CVE-2015-2325.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2325", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html", + "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html" + }, + { + "refsource": "MISC", + "name": "https://bugs.exim.org/show_bug.cgi?id=1591", + "url": "https://bugs.exim.org/show_bug.cgi?id=1591" + }, + { + "refsource": "CONFIRM", + "name": "https://www.pcre.org/original/changelog.txt", + "url": "https://www.pcre.org/original/changelog.txt" + }, + { + "refsource": "MISC", + "name": "https://fortiguard.com/zeroday/FG-VD-15-015", + "url": "https://fortiguard.com/zeroday/FG-VD-15-015" } ] } diff --git a/2015/2xxx/CVE-2015-2326.json b/2015/2xxx/CVE-2015-2326.json index 4bf1e179c79..028fcee3b41 100644 --- a/2015/2xxx/CVE-2015-2326.json +++ b/2015/2xxx/CVE-2015-2326.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2326", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\\1))/\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugs.exim.org/show_bug.cgi?id=1592", + "url": "https://bugs.exim.org/show_bug.cgi?id=1592" + }, + { + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html", + "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.pcre.org/original/changelog.txt", + "url": "https://www.pcre.org/original/changelog.txt" + }, + { + "refsource": "MISC", + "name": "https://fortiguard.com/zeroday/FG-VD-15-016", + "url": "https://fortiguard.com/zeroday/FG-VD-15-016" } ] } diff --git a/2018/3xxx/CVE-2018-3977.json b/2018/3xxx/CVE-2018-3977.json index 62ca82c2575..8a50ad56517 100644 --- a/2018/3xxx/CVE-2018-3977.json +++ b/2018/3xxx/CVE-2018-3977.json @@ -72,6 +72,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/10xxx/CVE-2019-10995.json b/2019/10xxx/CVE-2019-10995.json index 5c515567930..df7ef22bff6 100644 --- a/2019/10xxx/CVE-2019-10995.json +++ b/2019/10xxx/CVE-2019-10995.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10995", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ABB CP651 HMI products", + "version": { + "version_data": [ + { + "version_value": "BSP UN30 v1.76 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "USE OF HARD-CODED CREDENTIALS CWE-798" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "108928", + "url": "http://www.securityfocus.com/bid/108928" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-178-02", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-02" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface." } ] } diff --git a/2019/12xxx/CVE-2019-12216.json b/2019/12xxx/CVE-2019-12216.json index 053507b38c6..8d902077992 100644 --- a/2019/12xxx/CVE-2019-12216.json +++ b/2019/12xxx/CVE-2019-12216.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a6bc0fb143", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12217.json b/2019/12xxx/CVE-2019-12217.json index 035ad11669a..09808eb446e 100644 --- a/2019/12xxx/CVE-2019-12217.json +++ b/2019/12xxx/CVE-2019-12217.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a6bc0fb143", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12218.json b/2019/12xxx/CVE-2019-12218.json index 33cbbd0538f..365bae998bf 100644 --- a/2019/12xxx/CVE-2019-12218.json +++ b/2019/12xxx/CVE-2019-12218.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a6bc0fb143", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12219.json b/2019/12xxx/CVE-2019-12219.json index 792f3995a16..6445b0d2cf9 100644 --- a/2019/12xxx/CVE-2019-12219.json +++ b/2019/12xxx/CVE-2019-12219.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a6bc0fb143", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12220.json b/2019/12xxx/CVE-2019-12220.json index a427b17824c..dd5b2e5ce26 100644 --- a/2019/12xxx/CVE-2019-12220.json +++ b/2019/12xxx/CVE-2019-12220.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a6bc0fb143", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12221.json b/2019/12xxx/CVE-2019-12221.json index 6443246856e..22fe3e06058 100644 --- a/2019/12xxx/CVE-2019-12221.json +++ b/2019/12xxx/CVE-2019-12221.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a6bc0fb143", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12222.json b/2019/12xxx/CVE-2019-12222.json index b4cb53afb1d..a13baf53fbb 100644 --- a/2019/12xxx/CVE-2019-12222.json +++ b/2019/12xxx/CVE-2019-12222.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a6bc0fb143", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12398.json b/2019/12xxx/CVE-2019-12398.json index 34545e8cc40..1b8e3f74dfc 100644 --- a/2019/12xxx/CVE-2019-12398.json +++ b/2019/12xxx/CVE-2019-12398.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-12398", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Airflow", + "version": { + "version_data": [ + { + "version_value": "Apache Airflow <= 1.10.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stored XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[airflow-dev] 20200114 [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI", + "url": "https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b@%3Cdev.airflow.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200114 [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI", + "url": "http://www.openwall.com/lists/oss-security/2020/01/14/2" + }, + { + "refsource": "MLIST", + "name": "[airflow-users] 20200114 [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI", + "url": "https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cusers.airflow.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apache Airflow before 1.10.5 when running with the \"classic\" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new \"RBAC\" UI is unaffected." } ] } diff --git a/2019/13xxx/CVE-2019-13616.json b/2019/13xxx/CVE-2019-13616.json index 8cd005d9447..9d81fbcd882 100644 --- a/2019/13xxx/CVE-2019-13616.json +++ b/2019/13xxx/CVE-2019-13616.json @@ -116,6 +116,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:3951", "url": "https://access.redhat.com/errata/RHSA-2019:3951" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3950", + "url": "https://access.redhat.com/errata/RHSA-2019:3950" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/5xxx/CVE-2019-5051.json b/2019/5xxx/CVE-2019-5051.json index 56314162894..3e6652707bc 100644 --- a/2019/5xxx/CVE-2019-5051.json +++ b/2019/5xxx/CVE-2019-5051.json @@ -63,6 +63,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] }, diff --git a/2019/5xxx/CVE-2019-5052.json b/2019/5xxx/CVE-2019-5052.json index 7388559d65b..9a75fc79c61 100644 --- a/2019/5xxx/CVE-2019-5052.json +++ b/2019/5xxx/CVE-2019-5052.json @@ -78,6 +78,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] }, diff --git a/2019/7xxx/CVE-2019-7635.json b/2019/7xxx/CVE-2019-7635.json index a7a8408ed4a..5ea14ec32ae 100644 --- a/2019/7xxx/CVE-2019-7635.json +++ b/2019/7xxx/CVE-2019-7635.json @@ -136,6 +136,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2020/5xxx/CVE-2020-5852.json b/2020/5xxx/CVE-2020-5852.json index 8d0e43e3229..eaf40761f45 100644 --- a/2020/5xxx/CVE-2020-5852.json +++ b/2020/5xxx/CVE-2020-5852.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5852", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "F5", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "Hotfix-BIGIP-14.1.2.1.0.83.4-ENG" + }, + { + "version_value": "Hotfix-BIGIP-12.1.4.1.0.97.6-ENG" + }, + { + "version_value": "Hotfix-BIGIP-11.5.4.2.74.291-HF2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K53590702", + "url": "https://support.f5.com/csp/article/K53590702" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM). This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. This issue only impacts specific engineering hotfixes. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.2.1.0.83.4-ENG Hotfix-BIGIP-12.1.4.1.0.97.6-ENG Hotfix-BIGIP-11.5.4.2.74.291-HF2" } ] } diff --git a/2020/5xxx/CVE-2020-5853.json b/2020/5xxx/CVE-2020-5853.json index c8416b092ab..d7f43a1243f 100644 --- a/2020/5xxx/CVE-2020-5853.json +++ b/2020/5xxx/CVE-2020-5853.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5853", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "F5", + "product": { + "product_data": [ + { + "product_name": "BIG-IP APM", + "version": { + "version_data": [ + { + "version_value": "15.0.0-15.1.0" + }, + { + "version_value": "14.0.0-14.1.2.3" + }, + { + "version_value": "13.1.0-13.1.3.2" + }, + { + "version_value": "12.1.0-12.1.5" + }, + { + "version_value": "11.5.2-11.6.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K73183618", + "url": "https://support.f5.com/csp/article/K73183618" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, when backend servers serve HTTP pages with special JavaScript code, this can lead to internal portal access name conflict." } ] } From 40ffa90a87ac28cf4a651da6257129e674a3d039 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Jan 2020 18:01:05 +0000 Subject: [PATCH 058/387] "-Synchronized-Data." --- 2015/1xxx/CVE-2015-1869.json | 65 +++++++++++- 2015/3xxx/CVE-2015-3147.json | 70 ++++++++++++- 2015/3xxx/CVE-2015-3150.json | 70 ++++++++++++- 2015/3xxx/CVE-2015-3151.json | 75 +++++++++++++- 2015/3xxx/CVE-2015-3159.json | 60 ++++++++++- 2015/4xxx/CVE-2015-4107.json | 14 +-- 2019/19xxx/CVE-2019-19548.json | 50 +++++++++- 2019/19xxx/CVE-2019-19781.json | 5 + 2019/3xxx/CVE-2019-3929.json | 5 + 2020/5xxx/CVE-2020-5193.json | 56 +++++++++-- 2020/6xxx/CVE-2020-6303.json | 63 +++++++++++- 2020/6xxx/CVE-2020-6304.json | 175 ++++++++++++++++++++++++++++++++- 2020/6xxx/CVE-2020-6305.json | 71 ++++++++++++- 2020/6xxx/CVE-2020-6306.json | 102 ++++++++++++++++++- 2020/6xxx/CVE-2020-6307.json | 99 ++++++++++++++++++- 2020/7xxx/CVE-2020-7044.json | 18 ++++ 2020/7xxx/CVE-2020-7045.json | 18 ++++ 2020/7xxx/CVE-2020-7046.json | 18 ++++ 2020/7xxx/CVE-2020-7047.json | 18 ++++ 2020/7xxx/CVE-2020-7048.json | 18 ++++ 2020/7xxx/CVE-2020-7049.json | 18 ++++ 2020/7xxx/CVE-2020-7050.json | 18 ++++ 2020/7xxx/CVE-2020-7051.json | 18 ++++ 23 files changed, 1078 insertions(+), 46 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7044.json create mode 100644 2020/7xxx/CVE-2020-7045.json create mode 100644 2020/7xxx/CVE-2020-7046.json create mode 100644 2020/7xxx/CVE-2020-7047.json create mode 100644 2020/7xxx/CVE-2020-7048.json create mode 100644 2020/7xxx/CVE-2020-7049.json create mode 100644 2020/7xxx/CVE-2020-7050.json create mode 100644 2020/7xxx/CVE-2020-7051.json diff --git a/2015/1xxx/CVE-2015-1869.json b/2015/1xxx/CVE-2015-1869.json index 103040b4fc3..5e038a75d42 100644 --- a/2015/1xxx/CVE-2015-1869.json +++ b/2015/1xxx/CVE-2015-1869.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-1869", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Symbolic Link Following" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ABRT", + "product": { + "product_data": [ + { + "product_name": "ABRT", + "version": { + "version_data": [ + { + "version_value": "before 7417505e1d93cc95ec648b74e3c801bc67aacb9f" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/04/17/5", + "url": "http://www.openwall.com/lists/oss-security/2015/04/17/5" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1212861", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212861" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca", + "url": "https://github.com/abrt/abrt/commit/3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/7417505e1d93cc95ec648b74e3c801bc67aacb9f", + "url": "https://github.com/abrt/abrt/commit/7417505e1d93cc95ec648b74e3c801bc67aacb9f" } ] } diff --git a/2015/3xxx/CVE-2015-3147.json b/2015/3xxx/CVE-2015-3147.json index 806243f5f9a..21054a35ca4 100644 --- a/2015/3xxx/CVE-2015-3147.json +++ b/2015/3xxx/CVE-2015-3147.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3147", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Symbolic Link Following" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ABRT", + "product": { + "product_data": [ + { + "product_name": "ABRT", + "version": { + "version_data": [ + { + "version_value": "before 2.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/04/17/5", + "url": "http://www.openwall.com/lists/oss-security/2015/04/17/5" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1212953", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212953" + }, + { + "refsource": "MISC", + "name": "https://github.com/abrt/abrt/pull/955", + "url": "https://github.com/abrt/abrt/pull/955" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2015-1083.html", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1083.html" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091", + "url": "https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091" } ] } diff --git a/2015/3xxx/CVE-2015-3150.json b/2015/3xxx/CVE-2015-3150.json index 1564e32d101..de8e1203fa3 100644 --- a/2015/3xxx/CVE-2015-3150.json +++ b/2015/3xxx/CVE-2015-3150.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3150", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ABRT", + "product": { + "product_data": [ + { + "product_name": "ABRT", + "version": { + "version_data": [ + { + "version_value": "before 1951e7282043dfe1268d492aea056b554baedb75" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1214457", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214457" + }, + { + "refsource": "MISC", + "name": "https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8", + "url": "https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8" + }, + { + "refsource": "MISC", + "name": "https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1", + "url": "https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1" + }, + { + "refsource": "MISC", + "name": "https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7", + "url": "https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7" + }, + { + "refsource": "MISC", + "name": "https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75", + "url": "https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75" } ] } diff --git a/2015/3xxx/CVE-2015-3151.json b/2015/3xxx/CVE-2015-3151.json index 160e8cd5e40..1abe39a126f 100644 --- a/2015/3xxx/CVE-2015-3151.json +++ b/2015/3xxx/CVE-2015-3151.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3151", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,76 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal (Local File Inclusion)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ABRT", + "product": { + "product_data": [ + { + "product_name": "ABRT", + "version": { + "version_data": [ + { + "version_value": "before 7a47f57975be0d285a2f20758e4572dca6d9cdd3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932", + "url": "https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b", + "url": "https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364", + "url": "https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277", + "url": "https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3", + "url": "https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3" } ] } diff --git a/2015/3xxx/CVE-2015-3159.json b/2015/3xxx/CVE-2015-3159.json index 5371ba2218c..06203ba9b00 100644 --- a/2015/3xxx/CVE-2015-3159.json +++ b/2015/3xxx/CVE-2015-3159.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3159", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ABRT", + "product": { + "product_data": [ + { + "product_name": "ABRT", + "version": { + "version_data": [ + { + "version_value": "before 9a4100678fea4d60ec93d35f4c5de2e9ad054f3a" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1216962", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216962" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b", + "url": "https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a", + "url": "https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a" } ] } diff --git a/2015/4xxx/CVE-2015-4107.json b/2015/4xxx/CVE-2015-4107.json index 054cb30b1ae..ec80b56657b 100644 --- a/2015/4xxx/CVE-2015-4107.json +++ b/2015/4xxx/CVE-2015-4107.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-4107", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-4107", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was intended functionality. Notes: none." } ] } diff --git a/2019/19xxx/CVE-2019-19548.json b/2019/19xxx/CVE-2019-19548.json index 308bdf7abff..9f7b97625e9 100644 --- a/2019/19xxx/CVE-2019-19548.json +++ b/2019/19xxx/CVE-2019-19548.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19548", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Symantec", + "product": { + "product_data": [ + { + "product_name": "Norton Power Eraser", + "version": { + "version_data": [ + { + "version_value": "Prior to 5.3.0.67" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.symantec.com/us/en/article.SYMSA1503.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1503.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Norton Power Eraser, prior to 5.3.0.67, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user." } ] } diff --git a/2019/19xxx/CVE-2019-19781.json b/2019/19xxx/CVE-2019-19781.json index 77b04cb27bc..2429cac376d 100644 --- a/2019/19xxx/CVE-2019-19781.json +++ b/2019/19xxx/CVE-2019-19781.json @@ -91,6 +91,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html", "url": "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html" } ] } diff --git a/2019/3xxx/CVE-2019-3929.json b/2019/3xxx/CVE-2019-3929.json index ba57ee4e908..9d873c5efbf 100644 --- a/2019/3xxx/CVE-2019-3929.json +++ b/2019/3xxx/CVE-2019-3929.json @@ -88,6 +88,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.html", "url": "http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155948/Barco-WePresent-file_transfer.cgi-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/155948/Barco-WePresent-file_transfer.cgi-Command-Injection.html" } ] }, diff --git a/2020/5xxx/CVE-2020-5193.json b/2020/5xxx/CVE-2020-5193.json index 8125d87ea53..a34d70eb9dd 100644 --- a/2020/5xxx/CVE-2020-5193.json +++ b/2020/5xxx/CVE-2020-5193.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5193", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5193", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155929/Hospital-Management-System-4.0-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/155929/Hospital-Management-System-4.0-Cross-Site-Scripting.html" } ] } diff --git a/2020/6xxx/CVE-2020-6303.json b/2020/6xxx/CVE-2020-6303.json index 90b12e72fc4..cbf22ac656c 100644 --- a/2020/6xxx/CVE-2020-6303.json +++ b/2020/6xxx/CVE-2020-6303.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6303", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Disclosure Management", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "10.1" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://launchpad.support.sap.com/#/notes/2772325", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2772325" + }, + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771" } ] } diff --git a/2020/6xxx/CVE-2020-6304.json b/2020/6xxx/CVE-2020-6304.json index ee5f125bbdc..24d69cbfd78 100644 --- a/2020/6xxx/CVE-2020-6304.json +++ b/2020/6xxx/CVE-2020-6304.json @@ -4,14 +4,183 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6304", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver Internet Communication Manager (KRNL32NUC)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.21" + }, + { + "version_name": "<", + "version_value": "7.21EXT" + }, + { + "version_name": "<", + "version_value": "7.22" + }, + { + "version_name": "<", + "version_value": "7.22EXT" + } + ] + } + }, + { + "product_name": "SAP NetWeaver Internet Communication Manager (KRNL32UC)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.21" + }, + { + "version_name": "<", + "version_value": "7.21EXT" + }, + { + "version_name": "<", + "version_value": "7.22" + }, + { + "version_name": "<", + "version_value": "7.22EXT" + } + ] + } + }, + { + "product_name": "SAP NetWeaver Internet Communication Manager (KRNL64NUC)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.21" + }, + { + "version_name": "<", + "version_value": "7.21EXT" + }, + { + "version_name": "<", + "version_value": "7.22" + }, + { + "version_name": "<", + "version_value": "7.22EXT" + }, + { + "version_name": "<", + "version_value": "7.49" + } + ] + } + }, + { + "product_name": "SAP NetWeaver Internet Communication Manager (KRNL64UC)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.21" + }, + { + "version_name": "<", + "version_value": "7.21EXT" + }, + { + "version_name": "<", + "version_value": "7.22" + }, + { + "version_name": "<", + "version_value": "7.22EXT" + }, + { + "version_name": "<", + "version_value": "7.49" + } + ] + } + }, + { + "product_name": "SAP NetWeaver Internet Communication Manager (KERNEL)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.21" + }, + { + "version_name": "<", + "version_value": "7.22" + }, + { + "version_name": "<", + "version_value": "7.49" + }, + { + "version_name": "<", + "version_value": "7.53" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.9", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2848498", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2848498" } ] } diff --git a/2020/6xxx/CVE-2020-6305.json b/2020/6xxx/CVE-2020-6305.json index c3817548616..2457eb62e08 100644 --- a/2020/6xxx/CVE-2020-6305.json +++ b/2020/6xxx/CVE-2020-6305.json @@ -4,14 +4,79 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6305", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Process Integration - Rest Adapter (SAP_XIAF)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.31" + }, + { + "version_name": "<", + "version_value": "7.40" + }, + { + "version_name": "<", + "version_value": "7.50" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7.31, 7.40, 7.50) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2863743", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2863743" } ] } diff --git a/2020/6xxx/CVE-2020-6306.json b/2020/6xxx/CVE-2020-6306.json index cb838ba1a4e..c0173b98f73 100644 --- a/2020/6xxx/CVE-2020-6306.json +++ b/2020/6xxx/CVE-2020-6306.json @@ -4,14 +4,110 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6306", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Leasing (SAP_Appl)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "6.18" + } + ] + } + }, + { + "product_name": "SAP Leasing (EA_Appl)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "6.0" + }, + { + "version_name": "<", + "version_value": "6.02" + }, + { + "version_name": "<", + "version_value": "6.03" + }, + { + "version_name": "<", + "version_value": "6.04" + }, + { + "version_name": "<", + "version_value": "6.05" + }, + { + "version_name": "<", + "version_value": "6.06" + }, + { + "version_name": "<", + "version_value": "6.16" + }, + { + "version_name": "<", + "version_value": "6.17" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing authorization check in a transaction within SAP Leasing (update provided in SAP_APPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "2.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authorization Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2865348", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2865348" } ] } diff --git a/2020/6xxx/CVE-2020-6307.json b/2020/6xxx/CVE-2020-6307.json index d0615cfdc7c..99c37cde4b1 100644 --- a/2020/6xxx/CVE-2020-6307.json +++ b/2020/6xxx/CVE-2020-6307.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6307", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "Automated Note Search Tool (SAP Basis)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.0" + }, + { + "version_name": "<", + "version_value": "7.01" + }, + { + "version_name": "<", + "version_value": "7.02" + }, + { + "version_name": "<", + "version_value": "7.31" + }, + { + "version_name": "<", + "version_value": "7.4" + }, + { + "version_name": "<", + "version_value": "7.5" + }, + { + "version_name": "<", + "version_value": "7.51" + }, + { + "version_name": "<", + "version_value": "7.52" + }, + { + "version_name": "<", + "version_value": "7.53" + }, + { + "version_name": "<", + "version_value": "7.54" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authorization Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2863397", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2863397" } ] } diff --git a/2020/7xxx/CVE-2020-7044.json b/2020/7xxx/CVE-2020-7044.json new file mode 100644 index 00000000000..5e0f3142964 --- /dev/null +++ b/2020/7xxx/CVE-2020-7044.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7044", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7045.json b/2020/7xxx/CVE-2020-7045.json new file mode 100644 index 00000000000..f52e9cc605c --- /dev/null +++ b/2020/7xxx/CVE-2020-7045.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7045", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7046.json b/2020/7xxx/CVE-2020-7046.json new file mode 100644 index 00000000000..aee66cf6ac7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7046.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7046", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7047.json b/2020/7xxx/CVE-2020-7047.json new file mode 100644 index 00000000000..8d726e6cf63 --- /dev/null +++ b/2020/7xxx/CVE-2020-7047.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7047", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7048.json b/2020/7xxx/CVE-2020-7048.json new file mode 100644 index 00000000000..dd183a96aa7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7048.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7048", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7049.json b/2020/7xxx/CVE-2020-7049.json new file mode 100644 index 00000000000..0bde58e845a --- /dev/null +++ b/2020/7xxx/CVE-2020-7049.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7049", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7050.json b/2020/7xxx/CVE-2020-7050.json new file mode 100644 index 00000000000..5e2daa9bfdd --- /dev/null +++ b/2020/7xxx/CVE-2020-7050.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7050", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7051.json b/2020/7xxx/CVE-2020-7051.json new file mode 100644 index 00000000000..5a3689796d1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7051.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7051", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 5e11727f1050595e05d0aa82528883cfd432e698 Mon Sep 17 00:00:00 2001 From: Adrian Taylor Date: Tue, 14 Jan 2020 10:55:28 -0800 Subject: [PATCH 059/387] Chrome CVE. --- 2019/13xxx/CVE-2019-13722.json | 68 ++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 2019/13xxx/CVE-2019-13722.json diff --git a/2019/13xxx/CVE-2019-13722.json b/2019/13xxx/CVE-2019-13722.json new file mode 100644 index 00000000000..f9d3ef3b0b7 --- /dev/null +++ b/2019/13xxx/CVE-2019-13722.json @@ -0,0 +1,68 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-13722", + "ASSIGNER": "security@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "79.0.3945.79", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1025089", + "refsource": "MISC", + "name": "https://crbug.com/1025089" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." + } + ] + } +} From 95448339fa2447a7fa74422c31ad7ec7b215a7bf Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Jan 2020 19:01:17 +0000 Subject: [PATCH 060/387] "-Synchronized-Data." --- 2019/13xxx/CVE-2019-13537.json | 67 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17571.json | 5 +++ 2019/3xxx/CVE-2019-3981.json | 58 +++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5844.json | 5 +++ 2019/5xxx/CVE-2019-5845.json | 5 +++ 2019/5xxx/CVE-2019-5846.json | 5 +++ 2020/5xxx/CVE-2020-5180.json | 56 +++++++++++++++++++++++++--- 2020/5xxx/CVE-2020-5505.json | 56 +++++++++++++++++++++++++--- 2020/5xxx/CVE-2020-5509.json | 56 +++++++++++++++++++++++++--- 2020/6xxx/CVE-2020-6173.json | 61 ++++++++++++++++++++++++++++--- 2020/6xxx/CVE-2020-6377.json | 5 +++ 2020/7xxx/CVE-2020-7052.json | 18 +++++++++ 12 files changed, 366 insertions(+), 31 deletions(-) create mode 100644 2019/13xxx/CVE-2019-13537.json create mode 100644 2020/7xxx/CVE-2020-7052.json diff --git a/2019/13xxx/CVE-2019-13537.json b/2019/13xxx/CVE-2019-13537.json new file mode 100644 index 00000000000..9022dd4d338 --- /dev/null +++ b/2019/13xxx/CVE-2019-13537.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-13537", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AVEVA", + "product": { + "product_data": [ + { + "product_name": "Vijeo Citect and Citect SCADA", + "version": { + "version_data": [ + { + "version_value": "IEC870IP driver v4.14.02 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STACK-BASED BUFFER OVERFLOW CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-290-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-290-01" + }, + { + "refsource": "CONFIRM", + "name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec139.pdf", + "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec139.pdf" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IEC870IP driver for AVEVA\u2019s Vijeo Citect and Citect SCADA and Schneider Electric\u2019s Power SCADA Operation has a buffer overflow vulnerability that could result in a server-side crash." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17571.json b/2019/17xxx/CVE-2019-17571.json index 8bfc70af9b1..b805637e6c1 100644 --- a/2019/17xxx/CVE-2019-17571.json +++ b/2019/17xxx/CVE-2019-17571.json @@ -183,6 +183,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200112 [SECURITY] [DLA 2065-1] apache-log4j1.2 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00008.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0051", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00022.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3981.json b/2019/3xxx/CVE-2019-3981.json index b6bb4d72b2f..9e696ab2be9 100644 --- a/2019/3xxx/CVE-2019-3981.json +++ b/2019/3xxx/CVE-2019-3981.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3981", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3981", + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MikroTik", + "product": { + "product_data": [ + { + "product_name": "WinBox", + "version": { + "version_data": [ + { + "version_value": "Winbox 3.20 and below." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-300" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-01", + "url": "https://www.tenable.com/security/research/tra-2020-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password." } ] } diff --git a/2019/5xxx/CVE-2019-5844.json b/2019/5xxx/CVE-2019-5844.json index 054abaa2893..79b0b01cfbd 100644 --- a/2019/5xxx/CVE-2019-5844.json +++ b/2019/5xxx/CVE-2019-5844.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0009", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0053", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html" } ] }, diff --git a/2019/5xxx/CVE-2019-5845.json b/2019/5xxx/CVE-2019-5845.json index 761b4fc2393..0c6e115bc21 100644 --- a/2019/5xxx/CVE-2019-5845.json +++ b/2019/5xxx/CVE-2019-5845.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0009", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0053", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html" } ] }, diff --git a/2019/5xxx/CVE-2019-5846.json b/2019/5xxx/CVE-2019-5846.json index 63affbcdb2b..54a503bc336 100644 --- a/2019/5xxx/CVE-2019-5846.json +++ b/2019/5xxx/CVE-2019-5846.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0009", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0053", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html" } ] }, diff --git a/2020/5xxx/CVE-2020-5180.json b/2020/5xxx/CVE-2020-5180.json index eca86803063..13ed3490fa6 100644 --- a/2020/5xxx/CVE-2020-5180.json +++ b/2020/5xxx/CVE-2020-5180.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5180", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5180", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. (When a VPN connection is initiated using a TLS/SSL client profile, the privileges are dropped, and the library will be loaded, resulting in arbitrary code execution as a user with limited privileges. This greatly reduces the impact of the vulnerability.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.sparklabs.com/blog/", + "url": "https://www.sparklabs.com/blog/" } ] } diff --git a/2020/5xxx/CVE-2020-5505.json b/2020/5xxx/CVE-2020-5505.json index 9ad66247adc..8113f1519cc 100644 --- a/2020/5xxx/CVE-2020-5505.json +++ b/2020/5xxx/CVE-2020-5505.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5505", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5505", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Freelancy v1.0.0 allows remote command execution via the \"file\":\"data:application/x-php;base64 substring (in conjunction with \"type\":\"application/x-php\"} to the /api/files/ URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155922/Freelancy-1.0.0-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/155922/Freelancy-1.0.0-Remote-Code-Execution.html" } ] } diff --git a/2020/5xxx/CVE-2020-5509.json b/2020/5xxx/CVE-2020-5509.json index 5e3c85ec0b7..2ae9cdd1295 100644 --- a/2020/5xxx/CVE-2020-5509.json +++ b/2020/5xxx/CVE-2020-5509.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5509", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5509", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155925/Car-Rental-Project-1.0-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/155925/Car-Rental-Project-1.0-Remote-Code-Execution.html" } ] } diff --git a/2020/6xxx/CVE-2020-6173.json b/2020/6xxx/CVE-2020-6173.json index a34e44cec89..5b04cd3bbf1 100644 --- a/2020/6xxx/CVE-2020-6173.json +++ b/2020/6xxx/CVE-2020-6173.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6173", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6173", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/theupdateframework/tuf/commits/develop", + "refsource": "MISC", + "name": "https://github.com/theupdateframework/tuf/commits/develop" + }, + { + "refsource": "MISC", + "name": "https://github.com/theupdateframework/tuf/issues/973", + "url": "https://github.com/theupdateframework/tuf/issues/973" } ] } diff --git a/2020/6xxx/CVE-2020-6377.json b/2020/6xxx/CVE-2020-6377.json index fdbae3e89ed..3d495d4219d 100644 --- a/2020/6xxx/CVE-2020-6377.json +++ b/2020/6xxx/CVE-2020-6377.json @@ -74,6 +74,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0084", "url": "https://access.redhat.com/errata/RHSA-2020:0084" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0053", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html" } ] }, diff --git a/2020/7xxx/CVE-2020-7052.json b/2020/7xxx/CVE-2020-7052.json new file mode 100644 index 00000000000..ae42ffb03d5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7052.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7052", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 2c0e81cc85c4a7299e2f5addd03981f52b0488f1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Jan 2020 20:01:02 +0000 Subject: [PATCH 061/387] "-Synchronized-Data." --- 2011/3xxx/CVE-2011-3203.json | 50 ++++++++++++++++++++++++++++++++-- 2018/10xxx/CVE-2018-10853.json | 5 ++++ 2018/18xxx/CVE-2018-18281.json | 5 ++++ 2018/20xxx/CVE-2018-20856.json | 5 ++++ 2019/11xxx/CVE-2019-11599.json | 5 ++++ 2019/6xxx/CVE-2019-6974.json | 5 ++++ 6 files changed, 72 insertions(+), 3 deletions(-) diff --git a/2011/3xxx/CVE-2011-3203.json b/2011/3xxx/CVE-2011-3203.json index cc974c9f07f..d983c96fcbe 100644 --- a/2011/3xxx/CVE-2011-3203.json +++ b/2011/3xxx/CVE-2011-3203.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3203", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jcow CMS", + "version": { + "version_data": [ + { + "version_value": "4.x to 4.2 and 5.x to 5.2" + } + ] + } + } + ] + }, + "vendor_name": "Jcow" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/08/30/6", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/08/30/6" } ] } diff --git a/2018/10xxx/CVE-2018-10853.json b/2018/10xxx/CVE-2018-10853.json index b3116de134d..79000ce28a2 100644 --- a/2018/10xxx/CVE-2018-10853.json +++ b/2018/10xxx/CVE-2018-10853.json @@ -126,6 +126,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0036", "url": "https://access.redhat.com/errata/RHSA-2020:0036" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0103", + "url": "https://access.redhat.com/errata/RHSA-2020:0103" } ] } diff --git a/2018/18xxx/CVE-2018-18281.json b/2018/18xxx/CVE-2018-18281.json index b29e9179a12..372ad8273c3 100644 --- a/2018/18xxx/CVE-2018-18281.json +++ b/2018/18xxx/CVE-2018-18281.json @@ -176,6 +176,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0100", "url": "https://access.redhat.com/errata/RHSA-2020:0100" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0103", + "url": "https://access.redhat.com/errata/RHSA-2020:0103" } ] } diff --git a/2018/20xxx/CVE-2018-20856.json b/2018/20xxx/CVE-2018-20856.json index 8f4c21562a0..7d5bdde5ca5 100644 --- a/2018/20xxx/CVE-2018-20856.json +++ b/2018/20xxx/CVE-2018-20856.json @@ -151,6 +151,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0100", "url": "https://access.redhat.com/errata/RHSA-2020:0100" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0103", + "url": "https://access.redhat.com/errata/RHSA-2020:0103" } ] } diff --git a/2019/11xxx/CVE-2019-11599.json b/2019/11xxx/CVE-2019-11599.json index bf503786c4a..8adb657665a 100644 --- a/2019/11xxx/CVE-2019-11599.json +++ b/2019/11xxx/CVE-2019-11599.json @@ -221,6 +221,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0100", "url": "https://access.redhat.com/errata/RHSA-2020:0100" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0103", + "url": "https://access.redhat.com/errata/RHSA-2020:0103" } ] } diff --git a/2019/6xxx/CVE-2019-6974.json b/2019/6xxx/CVE-2019-6974.json index 6b0e4db84d1..1e0916ad5f2 100644 --- a/2019/6xxx/CVE-2019-6974.json +++ b/2019/6xxx/CVE-2019-6974.json @@ -186,6 +186,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3967", "url": "https://access.redhat.com/errata/RHSA-2019:3967" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0103", + "url": "https://access.redhat.com/errata/RHSA-2020:0103" } ] } From 4676ef95f60ffb124e33baf943bde0685fcd2071 Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Thu, 19 Dec 2019 11:36:55 -0700 Subject: [PATCH 062/387] add CVE-2019-16784 for GHSA-7fcj-pq9j-wh2r --- 2019/16xxx/CVE-2019-16784.json | 90 ++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 2019/16xxx/CVE-2019-16784.json diff --git a/2019/16xxx/CVE-2019-16784.json b/2019/16xxx/CVE-2019-16784.json new file mode 100644 index 00000000000..bc6a23eeeae --- /dev/null +++ b/2019/16xxx/CVE-2019-16784.json @@ -0,0 +1,90 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", + "ID": "CVE-2019-16784", + "STATE": "PUBLIC", + "TITLE": "Local Privilege Escalation present only on the Windows version of PyInstaller" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PyInstaller", + "version": { + "version_data": [ + { + "platform": "windows", + "version_value": "< 3.6" + } + ] + } + } + ] + }, + "vendor_name": "PyInstaller" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability was discovered and reported by Farid AYOUJIL (@faridtsl), David HA, Florent LE NIGER and Yann GASCUEL (@lnv42) from Alter Solutions (@AlterSolutions) and fixed in collaboration with Hartmut Goebel (@htgoebel)." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in \"onefile\" mode is launched by a privileged user (at least more than the current one) which have his \"TempPath\" resolving to a world writable directory.\n\nThis is the case for example if the software is launched as a service or as a scheduled task using a system account (TempPath will be C:\\Windows\\Temp).\nIn order to be exploitable the software has to be (re)started after the attacker launch the exploit program, so for a service launched at startup, a service restart is needed (e.g. after a crash or an upgrade)." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-250 Execution with Unnecessary Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/pyinstaller/pyinstaller/security/advisories/GHSA-7fcj-pq9j-wh2r", + "refsource": "CONFIRM", + "url": "https://github.com/pyinstaller/pyinstaller/security/advisories/GHSA-7fcj-pq9j-wh2r" + } + ] + }, + "source": { + "advisory": "GHSA-7fcj-pq9j-wh2r", + "discovery": "UNKNOWN" + } +} From 16354630a9106ec9e1fde241506e3e167448f96f Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Tue, 14 Jan 2020 15:08:40 -0500 Subject: [PATCH 063/387] CVE-2018-1002104 --- 2018/1002xxx/CVE-2018-1002104.json | 93 ++++++++++++++++++++++++++++-- 1 file changed, 88 insertions(+), 5 deletions(-) diff --git a/2018/1002xxx/CVE-2018-1002104.json b/2018/1002xxx/CVE-2018-1002104.json index b19f709f74a..fbfc0c6dfea 100644 --- a/2018/1002xxx/CVE-2018-1002104.json +++ b/2018/1002xxx/CVE-2018-1002104.json @@ -1,10 +1,41 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "DATE_ASSIGNED": "2018-09-26", + "ASSIGNER": "jordan@liggitt.net", + "DATE_PUBLIC": "2018-09-25", "ID": "CVE-2018-1002104", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "k8s.gcr.io/defaultbackend", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "defaultbackend", + "version_value": "1.5" + } + ] + } + } + ] + }, + "vendor_name": "Kubernetes" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Alexandre Malucelli" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -12,8 +43,60 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-215 Information Exposure Through Debug Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kubernetes/ingress-nginx/pull/3125", + "refsource": "CONFIRM", + "url": "https://github.com/kubernetes/ingress-nginx/pull/3125" + } + ] + }, + "source": { + "defect": [ + "https://github.com/kubernetes/ingress-nginx/issues/1733" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "Mask the /metrics endpoint with an Ingress rule so that metrics aren't exposed publicly. See https://github.com/kubernetes/ingress-nginx/issues/1733#issuecomment-358492359" + } + ] } \ No newline at end of file From 78e0a21c120a5ebf69c71dab2da9bbd658058c60 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Jan 2020 21:01:21 +0000 Subject: [PATCH 064/387] "-Synchronized-Data." --- 2011/2xxx/CVE-2011-2706.json | 55 ++++++++++++++++++++-- 2011/2xxx/CVE-2011-2933.json | 50 ++++++++++++++++++-- 2011/2xxx/CVE-2011-2934.json | 50 ++++++++++++++++++-- 2011/3xxx/CVE-2011-3183.json | 50 ++++++++++++++++++-- 2011/3xxx/CVE-2011-3202.json | 50 ++++++++++++++++++-- 2016/6xxx/CVE-2016-6592.json | 75 ++++++++++++++++++++++++++++-- 2018/1002xxx/CVE-2018-1002104.json | 2 +- 2019/16xxx/CVE-2019-16784.json | 4 +- 2020/7xxx/CVE-2020-7053.json | 72 ++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7054.json | 62 ++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7055.json | 18 +++++++ 11 files changed, 467 insertions(+), 21 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7053.json create mode 100644 2020/7xxx/CVE-2020-7054.json create mode 100644 2020/7xxx/CVE-2020-7055.json diff --git a/2011/2xxx/CVE-2011-2706.json b/2011/2xxx/CVE-2011-2706.json index 51ddf6214dc..c418a3cddcd 100644 --- a/2011/2xxx/CVE-2011-2706.json +++ b/2011/2xxx/CVE-2011-2706.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2706", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "sNews", + "version": { + "version_data": [ + { + "version_value": "1.7.1" + } + ] + } + } + ] + }, + "vendor_name": "sNews" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Scripting (XSS) vulnerability exists in the reorder administrator functions in sNews 1.71." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/07/20/17", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/07/20/17" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2011/May/300", + "url": "https://seclists.org/fulldisclosure/2011/May/300" } ] } diff --git a/2011/2xxx/CVE-2011-2933.json b/2011/2xxx/CVE-2011-2933.json index 2981dcb3493..d2351873579 100644 --- a/2011/2xxx/CVE-2011-2933.json +++ b/2011/2xxx/CVE-2011-2933.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2933", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebsiteBaker", + "version": { + "version_data": [ + { + "version_value": "through 2.8.1" + } + ] + } + } + ] + }, + "vendor_name": "WebsiteBaker" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary File Upload" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/08/19/12", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/08/19/12" } ] } diff --git a/2011/2xxx/CVE-2011-2934.json b/2011/2xxx/CVE-2011-2934.json index e48597cc564..b5f462a7e7b 100644 --- a/2011/2xxx/CVE-2011-2934.json +++ b/2011/2xxx/CVE-2011-2934.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2934", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebsiteBaker", + "version": { + "version_data": [ + { + "version_value": "through 2.8.1" + } + ] + } + } + ] + }, + "vendor_name": "WebsiteBaker" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CSRF" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/08/19/13", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/08/19/13" } ] } diff --git a/2011/3xxx/CVE-2011-3183.json b/2011/3xxx/CVE-2011-3183.json index 56b45a4f45e..8c382f5484f 100644 --- a/2011/3xxx/CVE-2011-3183.json +++ b/2011/3xxx/CVE-2011-3183.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3183", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Concrete CMS", + "version": { + "version_data": [ + { + "version_value": "through 5.4.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Concrete CMS" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/08/22/11", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/08/22/11" } ] } diff --git a/2011/3xxx/CVE-2011-3202.json b/2011/3xxx/CVE-2011-3202.json index 178d93819b9..35b300a4b80 100644 --- a/2011/3xxx/CVE-2011-3202.json +++ b/2011/3xxx/CVE-2011-3202.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3202", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jcow CMS", + "version": { + "version_data": [ + { + "version_value": "4.2" + } + ] + } + } + ] + }, + "vendor_name": "Jcow" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/08/30/5", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/08/30/5" } ] } diff --git a/2016/6xxx/CVE-2016-6592.json b/2016/6xxx/CVE-2016-6592.json index 0183e1bfae6..75b5ee9ebb4 100644 --- a/2016/6xxx/CVE-2016-6592.json +++ b/2016/6xxx/CVE-2016-6592.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secure@symantec.com", "ID": "CVE-2016-6592", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Norton Download Manager", + "version": { + "version_data": [ + { + "version_value": "2016" + } + ] + } + } + ] + }, + "vendor_name": "Symantec" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,53 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6. A remote user can create a specially crafted DLL file that, when placed on the target user's system, will cause the Norton Download Manager component to load the remote user's DLL instead of the intended DLL and execute arbitrary code when the Norton Download Manager component is run by the target user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/94695", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94695" + }, + { + "url": "http://www.securityfocus.com/bid/95444", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/95444" + }, + { + "url": "http://www.securitytracker.com/id/1037622", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1037622" + }, + { + "url": "http://www.securitytracker.com/id/1037623", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1037623" + }, + { + "url": "http://www.securitytracker.com/id/1037624", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1037624" + }, + { + "refsource": "CONFIRM", + "name": "https://support.symantec.com/us/en/article.SYMSA1394.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1394.html" } ] } diff --git a/2018/1002xxx/CVE-2018-1002104.json b/2018/1002xxx/CVE-2018-1002104.json index fbfc0c6dfea..1c10a1a861a 100644 --- a/2018/1002xxx/CVE-2018-1002104.json +++ b/2018/1002xxx/CVE-2018-1002104.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "jordan@liggitt.net", + "ASSIGNER": "security@kubernetes.io", "DATE_PUBLIC": "2018-09-25", "ID": "CVE-2018-1002104", "STATE": "PUBLIC" diff --git a/2019/16xxx/CVE-2019-16784.json b/2019/16xxx/CVE-2019-16784.json index bc6a23eeeae..de55d8f0879 100644 --- a/2019/16xxx/CVE-2019-16784.json +++ b/2019/16xxx/CVE-2019-16784.json @@ -42,7 +42,7 @@ "description_data": [ { "lang": "eng", - "value": "In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in \"onefile\" mode is launched by a privileged user (at least more than the current one) which have his \"TempPath\" resolving to a world writable directory.\n\nThis is the case for example if the software is launched as a service or as a scheduled task using a system account (TempPath will be C:\\Windows\\Temp).\nIn order to be exploitable the software has to be (re)started after the attacker launch the exploit program, so for a service launched at startup, a service restart is needed (e.g. after a crash or an upgrade)." + "value": "In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in \"onefile\" mode is launched by a privileged user (at least more than the current one) which have his \"TempPath\" resolving to a world writable directory. This is the case for example if the software is launched as a service or as a scheduled task using a system account (TempPath will be C:\\Windows\\Temp). In order to be exploitable the software has to be (re)started after the attacker launch the exploit program, so for a service launched at startup, a service restart is needed (e.g. after a crash or an upgrade)." } ] }, @@ -87,4 +87,4 @@ "advisory": "GHSA-7fcj-pq9j-wh2r", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7053.json b/2020/7xxx/CVE-2020-7053.json new file mode 100644 index 00000000000..46080b0c092 --- /dev/null +++ b/2020/7xxx/CVE-2020-7053.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lore.kernel.org/stable/20200114183937.12224-1-tyhicks@canonical.com", + "refsource": "MISC", + "name": "https://lore.kernel.org/stable/20200114183937.12224-1-tyhicks@canonical.com" + }, + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2" + }, + { + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7dc40713618c884bf07c030d1ab1f47a9dc1f310", + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7dc40713618c884bf07c030d1ab1f47a9dc1f310" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7054.json b/2020/7xxx/CVE-2020-7054.json new file mode 100644 index 00000000000..32478340ce0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7054.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mz-automation/libiec61850/issues/200", + "refsource": "MISC", + "name": "https://github.com/mz-automation/libiec61850/issues/200" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7055.json b/2020/7xxx/CVE-2020-7055.json new file mode 100644 index 00000000000..3fae0270607 --- /dev/null +++ b/2020/7xxx/CVE-2020-7055.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7055", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From ff766fc91837253683fbb7207005e187d4e840cd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Jan 2020 22:01:09 +0000 Subject: [PATCH 065/387] "-Synchronized-Data." --- 2011/2xxx/CVE-2011-2714.json | 60 ++++++++++++++++++++++++++++++-- 2011/2xxx/CVE-2011-2715.json | 55 ++++++++++++++++++++++++++++-- 2019/12xxx/CVE-2019-12922.json | 5 +++ 2019/17xxx/CVE-2019-17016.json | 5 +++ 2019/17xxx/CVE-2019-17017.json | 5 +++ 2019/17xxx/CVE-2019-17022.json | 5 +++ 2019/17xxx/CVE-2019-17024.json | 5 +++ 2019/18xxx/CVE-2019-18622.json | 5 +++ 2019/19xxx/CVE-2019-19724.json | 5 +++ 2020/5xxx/CVE-2020-5504.json | 5 +++ 2020/7xxx/CVE-2020-7056.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7057.json | 62 ++++++++++++++++++++++++++++++++++ 12 files changed, 229 insertions(+), 6 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7056.json create mode 100644 2020/7xxx/CVE-2020-7057.json diff --git a/2011/2xxx/CVE-2011-2714.json b/2011/2xxx/CVE-2011-2714.json index 9bfd0ae8c68..28d23494daf 100644 --- a/2011/2xxx/CVE-2011-2714.json +++ b/2011/2xxx/CVE-2011-2714.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2714", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Drupal", + "product": { + "product_data": [ + { + "product_name": "Data-module", + "version": { + "version_data": [ + { + "version_value": "6.x-1.0-alpha14" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/07/26/8", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/07/26/8" + }, + { + "refsource": "MISC", + "name": "https://www.drupal.org/node/1056470", + "url": "https://www.drupal.org/node/1056470" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2011/Feb/219", + "url": "https://seclists.org/fulldisclosure/2011/Feb/219" } ] } diff --git a/2011/2xxx/CVE-2011-2715.json b/2011/2xxx/CVE-2011-2715.json index ed84903c11f..d6cbd6a936b 100644 --- a/2011/2xxx/CVE-2011-2715.json +++ b/2011/2xxx/CVE-2011-2715.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2715", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Drupal", + "product": { + "product_data": [ + { + "product_name": "Data-module", + "version": { + "version_data": [ + { + "version_value": "6.x-1.0-alpha14" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/07/26/8", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/07/26/8" + }, + { + "refsource": "MISC", + "name": "https://www.drupal.org/node/1056470", + "url": "https://www.drupal.org/node/1056470" } ] } diff --git a/2019/12xxx/CVE-2019-12922.json b/2019/12xxx/CVE-2019-12922.json index dc4af5e8fed..b328978bb08 100644 --- a/2019/12xxx/CVE-2019-12922.json +++ b/2019/12xxx/CVE-2019-12922.json @@ -96,6 +96,11 @@ "refsource": "MISC", "name": "https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b", "url": "https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0056", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html" } ] } diff --git a/2019/17xxx/CVE-2019-17016.json b/2019/17xxx/CVE-2019-17016.json index 686a724e4d2..c5aaa1b80fe 100644 --- a/2019/17xxx/CVE-2019-17016.json +++ b/2019/17xxx/CVE-2019-17016.json @@ -108,6 +108,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0111", + "url": "https://access.redhat.com/errata/RHSA-2020:0111" } ] }, diff --git a/2019/17xxx/CVE-2019-17017.json b/2019/17xxx/CVE-2019-17017.json index 688ff72b82e..7a4a1fce863 100644 --- a/2019/17xxx/CVE-2019-17017.json +++ b/2019/17xxx/CVE-2019-17017.json @@ -108,6 +108,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0111", + "url": "https://access.redhat.com/errata/RHSA-2020:0111" } ] }, diff --git a/2019/17xxx/CVE-2019-17022.json b/2019/17xxx/CVE-2019-17022.json index 50661cb56cf..6152132b3fd 100644 --- a/2019/17xxx/CVE-2019-17022.json +++ b/2019/17xxx/CVE-2019-17022.json @@ -108,6 +108,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0111", + "url": "https://access.redhat.com/errata/RHSA-2020:0111" } ] }, diff --git a/2019/17xxx/CVE-2019-17024.json b/2019/17xxx/CVE-2019-17024.json index 639ab402b37..3a723d9004f 100644 --- a/2019/17xxx/CVE-2019-17024.json +++ b/2019/17xxx/CVE-2019-17024.json @@ -108,6 +108,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0111", + "url": "https://access.redhat.com/errata/RHSA-2020:0111" } ] }, diff --git a/2019/18xxx/CVE-2019-18622.json b/2019/18xxx/CVE-2019-18622.json index 03244635dc8..6568d5bef65 100644 --- a/2019/18xxx/CVE-2019-18622.json +++ b/2019/18xxx/CVE-2019-18622.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2599", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0056", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html" } ] } diff --git a/2019/19xxx/CVE-2019-19724.json b/2019/19xxx/CVE-2019-19724.json index bd34cf4c3bf..d0ebdb1e9a0 100644 --- a/2019/19xxx/CVE-2019-19724.json +++ b/2019/19xxx/CVE-2019-19724.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://github.com/sylabs/singularity/releases/tag/v3.5.2", "url": "https://github.com/sylabs/singularity/releases/tag/v3.5.2" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0057", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html" } ] } diff --git a/2020/5xxx/CVE-2020-5504.json b/2020/5xxx/CVE-2020-5504.json index 57b69576323..904c4467cfa 100644 --- a/2020/5xxx/CVE-2020-5504.json +++ b/2020/5xxx/CVE-2020-5504.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://www.phpmyadmin.net/security/PMASA-2020-1/", "url": "https://www.phpmyadmin.net/security/PMASA-2020-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0056", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html" } ] } diff --git a/2020/7xxx/CVE-2020-7056.json b/2020/7xxx/CVE-2020-7056.json new file mode 100644 index 00000000000..203919e9982 --- /dev/null +++ b/2020/7xxx/CVE-2020-7056.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7056", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7057.json b/2020/7xxx/CVE-2020-7057.json new file mode 100644 index 00000000000..95bad64a02a --- /dev/null +++ b/2020/7xxx/CVE-2020-7057.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://34.205.168.58/2020/01/13/hikvision-dvr-ds-7204hghi-user-enumeration/", + "refsource": "MISC", + "name": "http://34.205.168.58/2020/01/13/hikvision-dvr-ds-7204hghi-user-enumeration/" + } + ] + } +} \ No newline at end of file From b3262a50b63860edee50d3be0730280fdad6b103 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Jan 2020 23:01:07 +0000 Subject: [PATCH 066/387] "-Synchronized-Data." --- 2017/5xxx/CVE-2017-5645.json | 5 +++++ 2018/12xxx/CVE-2018-12126.json | 5 +++++ 2018/12xxx/CVE-2018-12127.json | 5 +++++ 2018/12xxx/CVE-2018-12130.json | 5 +++++ 2018/12xxx/CVE-2018-12207.json | 5 +++++ 2019/11xxx/CVE-2019-11091.json | 5 +++++ 2019/11xxx/CVE-2019-11135.json | 5 +++++ 2019/17xxx/CVE-2019-17340.json | 5 +++++ 2019/17xxx/CVE-2019-17341.json | 5 +++++ 2019/17xxx/CVE-2019-17342.json | 5 +++++ 2019/17xxx/CVE-2019-17343.json | 5 +++++ 2019/17xxx/CVE-2019-17344.json | 5 +++++ 2019/17xxx/CVE-2019-17345.json | 5 +++++ 2019/17xxx/CVE-2019-17346.json | 5 +++++ 2019/17xxx/CVE-2019-17347.json | 5 +++++ 2019/17xxx/CVE-2019-17348.json | 5 +++++ 2019/17xxx/CVE-2019-17349.json | 5 +++++ 2019/17xxx/CVE-2019-17350.json | 5 +++++ 2019/17xxx/CVE-2019-17571.json | 5 +++++ 2019/18xxx/CVE-2019-18420.json | 5 +++++ 2019/18xxx/CVE-2019-18421.json | 5 +++++ 2019/18xxx/CVE-2019-18422.json | 5 +++++ 2019/18xxx/CVE-2019-18423.json | 5 +++++ 2019/18xxx/CVE-2019-18424.json | 5 +++++ 2019/18xxx/CVE-2019-18425.json | 5 +++++ 2019/19xxx/CVE-2019-19577.json | 5 +++++ 2019/19xxx/CVE-2019-19578.json | 5 +++++ 2019/19xxx/CVE-2019-19579.json | 5 +++++ 2019/19xxx/CVE-2019-19580.json | 5 +++++ 2019/19xxx/CVE-2019-19581.json | 5 +++++ 2019/19xxx/CVE-2019-19582.json | 5 +++++ 2019/19xxx/CVE-2019-19583.json | 5 +++++ 2020/7xxx/CVE-2020-7057.json | 4 ++-- 33 files changed, 162 insertions(+), 2 deletions(-) diff --git a/2017/5xxx/CVE-2017-5645.json b/2017/5xxx/CVE-2017-5645.json index 2479e8b63d3..0fa1fef0de6 100644 --- a/2017/5xxx/CVE-2017-5645.json +++ b/2017/5xxx/CVE-2017-5645.json @@ -306,6 +306,11 @@ "refsource": "MLIST", "name": "[tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", "url": "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3Cdev.tika.apache.org%3E" } ] } diff --git a/2018/12xxx/CVE-2018-12126.json b/2018/12xxx/CVE-2018-12126.json index 257a797aeab..87ceea2bdac 100644 --- a/2018/12xxx/CVE-2018-12126.json +++ b/2018/12xxx/CVE-2018-12126.json @@ -158,6 +158,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] }, diff --git a/2018/12xxx/CVE-2018-12127.json b/2018/12xxx/CVE-2018-12127.json index e6b20d388ef..bb2dd36313e 100644 --- a/2018/12xxx/CVE-2018-12127.json +++ b/2018/12xxx/CVE-2018-12127.json @@ -158,6 +158,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] }, diff --git a/2018/12xxx/CVE-2018-12130.json b/2018/12xxx/CVE-2018-12130.json index 224edbc8986..44688fe0ac2 100644 --- a/2018/12xxx/CVE-2018-12130.json +++ b/2018/12xxx/CVE-2018-12130.json @@ -158,6 +158,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] }, diff --git a/2018/12xxx/CVE-2018-12207.json b/2018/12xxx/CVE-2018-12207.json index 195c55c6b44..e5f2580c716 100644 --- a/2018/12xxx/CVE-2018-12207.json +++ b/2018/12xxx/CVE-2018-12207.json @@ -103,6 +103,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] }, diff --git a/2019/11xxx/CVE-2019-11091.json b/2019/11xxx/CVE-2019-11091.json index c57e9bc2014..5406962cf83 100644 --- a/2019/11xxx/CVE-2019-11091.json +++ b/2019/11xxx/CVE-2019-11091.json @@ -143,6 +143,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] }, diff --git a/2019/11xxx/CVE-2019-11135.json b/2019/11xxx/CVE-2019-11135.json index d2e5732e029..67145483301 100644 --- a/2019/11xxx/CVE-2019-11135.json +++ b/2019/11xxx/CVE-2019-11135.json @@ -143,6 +143,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] }, diff --git a/2019/17xxx/CVE-2019-17340.json b/2019/17xxx/CVE-2019-17340.json index 99e74aa2969..a2dd6af1469 100644 --- a/2019/17xxx/CVE-2019-17340.json +++ b/2019/17xxx/CVE-2019-17340.json @@ -71,6 +71,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/17xxx/CVE-2019-17341.json b/2019/17xxx/CVE-2019-17341.json index 052229ef7bc..f501960004a 100644 --- a/2019/17xxx/CVE-2019-17341.json +++ b/2019/17xxx/CVE-2019-17341.json @@ -71,6 +71,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/17xxx/CVE-2019-17342.json b/2019/17xxx/CVE-2019-17342.json index c9faf7ab690..7cf8a744c27 100644 --- a/2019/17xxx/CVE-2019-17342.json +++ b/2019/17xxx/CVE-2019-17342.json @@ -71,6 +71,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/17xxx/CVE-2019-17343.json b/2019/17xxx/CVE-2019-17343.json index ac1d5b469f6..e884fe73661 100644 --- a/2019/17xxx/CVE-2019-17343.json +++ b/2019/17xxx/CVE-2019-17343.json @@ -71,6 +71,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/17xxx/CVE-2019-17344.json b/2019/17xxx/CVE-2019-17344.json index 278467db326..0085e9d2465 100644 --- a/2019/17xxx/CVE-2019-17344.json +++ b/2019/17xxx/CVE-2019-17344.json @@ -71,6 +71,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/17xxx/CVE-2019-17345.json b/2019/17xxx/CVE-2019-17345.json index 481c2ff5e34..262fb736cb3 100644 --- a/2019/17xxx/CVE-2019-17345.json +++ b/2019/17xxx/CVE-2019-17345.json @@ -71,6 +71,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/17xxx/CVE-2019-17346.json b/2019/17xxx/CVE-2019-17346.json index 69eaf0f8865..458af3118d9 100644 --- a/2019/17xxx/CVE-2019-17346.json +++ b/2019/17xxx/CVE-2019-17346.json @@ -71,6 +71,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/17xxx/CVE-2019-17347.json b/2019/17xxx/CVE-2019-17347.json index 1f34e3aa25f..5139e88b1f0 100644 --- a/2019/17xxx/CVE-2019-17347.json +++ b/2019/17xxx/CVE-2019-17347.json @@ -71,6 +71,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/17xxx/CVE-2019-17348.json b/2019/17xxx/CVE-2019-17348.json index 949eff179c4..2812cf27ffa 100644 --- a/2019/17xxx/CVE-2019-17348.json +++ b/2019/17xxx/CVE-2019-17348.json @@ -71,6 +71,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/17xxx/CVE-2019-17349.json b/2019/17xxx/CVE-2019-17349.json index f67d851232b..1df010a75c8 100644 --- a/2019/17xxx/CVE-2019-17349.json +++ b/2019/17xxx/CVE-2019-17349.json @@ -66,6 +66,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/17xxx/CVE-2019-17350.json b/2019/17xxx/CVE-2019-17350.json index 56c67f1df61..9b8f40819dd 100644 --- a/2019/17xxx/CVE-2019-17350.json +++ b/2019/17xxx/CVE-2019-17350.json @@ -66,6 +66,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/17xxx/CVE-2019-17571.json b/2019/17xxx/CVE-2019-17571.json index b805637e6c1..8dbb2465404 100644 --- a/2019/17xxx/CVE-2019-17571.json +++ b/2019/17xxx/CVE-2019-17571.json @@ -188,6 +188,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0051", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00022.html" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3Cdev.tika.apache.org%3E" } ] }, diff --git a/2019/18xxx/CVE-2019-18420.json b/2019/18xxx/CVE-2019-18420.json index d8190ff3da1..50464061f19 100644 --- a/2019/18xxx/CVE-2019-18420.json +++ b/2019/18xxx/CVE-2019-18420.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/18xxx/CVE-2019-18421.json b/2019/18xxx/CVE-2019-18421.json index f54f97d1197..50101e4c446 100644 --- a/2019/18xxx/CVE-2019-18421.json +++ b/2019/18xxx/CVE-2019-18421.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/18xxx/CVE-2019-18422.json b/2019/18xxx/CVE-2019-18422.json index fe772b1eb0e..f12671f42b7 100644 --- a/2019/18xxx/CVE-2019-18422.json +++ b/2019/18xxx/CVE-2019-18422.json @@ -81,6 +81,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/18xxx/CVE-2019-18423.json b/2019/18xxx/CVE-2019-18423.json index d819edbce49..c1100d28d21 100644 --- a/2019/18xxx/CVE-2019-18423.json +++ b/2019/18xxx/CVE-2019-18423.json @@ -81,6 +81,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/18xxx/CVE-2019-18424.json b/2019/18xxx/CVE-2019-18424.json index 472c087d19b..6650e2c0e60 100644 --- a/2019/18xxx/CVE-2019-18424.json +++ b/2019/18xxx/CVE-2019-18424.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/18xxx/CVE-2019-18425.json b/2019/18xxx/CVE-2019-18425.json index 3afc0038088..54e5a7a19c4 100644 --- a/2019/18xxx/CVE-2019-18425.json +++ b/2019/18xxx/CVE-2019-18425.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/19xxx/CVE-2019-19577.json b/2019/19xxx/CVE-2019-19577.json index 13ebce6a662..5431f7f2151 100644 --- a/2019/19xxx/CVE-2019-19577.json +++ b/2019/19xxx/CVE-2019-19577.json @@ -76,6 +76,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/19xxx/CVE-2019-19578.json b/2019/19xxx/CVE-2019-19578.json index 4c6a4072ecf..1e73bc4f879 100644 --- a/2019/19xxx/CVE-2019-19578.json +++ b/2019/19xxx/CVE-2019-19578.json @@ -76,6 +76,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/19xxx/CVE-2019-19579.json b/2019/19xxx/CVE-2019-19579.json index 68fca09b7af..491789d0e3d 100644 --- a/2019/19xxx/CVE-2019-19579.json +++ b/2019/19xxx/CVE-2019-19579.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/19xxx/CVE-2019-19580.json b/2019/19xxx/CVE-2019-19580.json index c3f36b939e4..727cc28cf18 100644 --- a/2019/19xxx/CVE-2019-19580.json +++ b/2019/19xxx/CVE-2019-19580.json @@ -76,6 +76,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/19xxx/CVE-2019-19581.json b/2019/19xxx/CVE-2019-19581.json index 86ca5487b88..59ed50b74e1 100644 --- a/2019/19xxx/CVE-2019-19581.json +++ b/2019/19xxx/CVE-2019-19581.json @@ -76,6 +76,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/19xxx/CVE-2019-19582.json b/2019/19xxx/CVE-2019-19582.json index ed23b319190..f1938af0f08 100644 --- a/2019/19xxx/CVE-2019-19582.json +++ b/2019/19xxx/CVE-2019-19582.json @@ -76,6 +76,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/19xxx/CVE-2019-19583.json b/2019/19xxx/CVE-2019-19583.json index fa8bcb6e990..fec7d0c72d1 100644 --- a/2019/19xxx/CVE-2019-19583.json +++ b/2019/19xxx/CVE-2019-19583.json @@ -76,6 +76,11 @@ "refsource": "DEBIAN", "name": "DSA-4602", "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2020/7xxx/CVE-2020-7057.json b/2020/7xxx/CVE-2020-7057.json index 95bad64a02a..3d653cc2331 100644 --- a/2020/7xxx/CVE-2020-7057.json +++ b/2020/7xxx/CVE-2020-7057.json @@ -53,9 +53,9 @@ "references": { "reference_data": [ { - "url": "http://34.205.168.58/2020/01/13/hikvision-dvr-ds-7204hghi-user-enumeration/", "refsource": "MISC", - "name": "http://34.205.168.58/2020/01/13/hikvision-dvr-ds-7204hghi-user-enumeration/" + "name": "https://sku11army.blogspot.com/2020/01/hikvision-dvr-ds-7204hghi-user.html", + "url": "https://sku11army.blogspot.com/2020/01/hikvision-dvr-ds-7204hghi-user.html" } ] } From 388ad69b5bf17551d2e8d3c471796424d9eb124b Mon Sep 17 00:00:00 2001 From: MSRC Date: Tue, 14 Jan 2020 15:06:59 -0800 Subject: [PATCH 067/387] January 2020 Patch Tuesday --- 2020/0xxx/CVE-2020-0601.json | 198 ++++++++++ 2020/0xxx/CVE-2020-0602.json | 66 ++++ 2020/0xxx/CVE-2020-0603.json | 66 ++++ 2020/0xxx/CVE-2020-0605.json | 685 +++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0606.json | 678 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0607.json | 231 ++++++++++++ 2020/0xxx/CVE-2020-0608.json | 249 +++++++++++++ 2020/0xxx/CVE-2020-0609.json | 69 ++++ 2020/0xxx/CVE-2020-0610.json | 69 ++++ 2020/0xxx/CVE-2020-0611.json | 234 ++++++++++++ 2020/0xxx/CVE-2020-0612.json | 63 ++++ 2020/0xxx/CVE-2020-0613.json | 213 +++++++++++ 2020/0xxx/CVE-2020-0614.json | 213 +++++++++++ 2020/0xxx/CVE-2020-0615.json | 249 +++++++++++++ 2020/0xxx/CVE-2020-0616.json | 159 ++++++++ 2020/0xxx/CVE-2020-0617.json | 94 +++++ 2020/0xxx/CVE-2020-0620.json | 249 +++++++++++++ 2020/0xxx/CVE-2020-0621.json | 100 +++++ 2020/0xxx/CVE-2020-0622.json | 103 ++++++ 2020/0xxx/CVE-2020-0623.json | 213 +++++++++++ 2020/0xxx/CVE-2020-0624.json | 130 +++++++ 2020/0xxx/CVE-2020-0625.json | 249 +++++++++++++ 2020/0xxx/CVE-2020-0626.json | 249 +++++++++++++ 2020/0xxx/CVE-2020-0627.json | 249 +++++++++++++ 2020/0xxx/CVE-2020-0628.json | 249 +++++++++++++ 2020/0xxx/CVE-2020-0629.json | 249 +++++++++++++ 2020/0xxx/CVE-2020-0630.json | 246 +++++++++++++ 2020/0xxx/CVE-2020-0631.json | 249 +++++++++++++ 2020/0xxx/CVE-2020-0632.json | 249 +++++++++++++ 2020/0xxx/CVE-2020-0633.json | 192 ++++++++++ 2020/0xxx/CVE-2020-0634.json | 249 +++++++++++++ 2020/0xxx/CVE-2020-0635.json | 249 +++++++++++++ 2020/0xxx/CVE-2020-0636.json | 130 +++++++ 2020/0xxx/CVE-2020-0637.json | 87 +++++ 2020/0xxx/CVE-2020-0638.json | 180 +++++++++ 2020/0xxx/CVE-2020-0639.json | 249 +++++++++++++ 2020/0xxx/CVE-2020-0640.json | 216 +++++++++++ 2020/0xxx/CVE-2020-0641.json | 219 +++++++++++ 2020/0xxx/CVE-2020-0642.json | 249 +++++++++++++ 2020/0xxx/CVE-2020-0643.json | 249 +++++++++++++ 2020/0xxx/CVE-2020-0644.json | 219 +++++++++++ 2020/0xxx/CVE-2020-0646.json | 675 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0647.json | 60 +++ 2020/0xxx/CVE-2020-0650.json | 110 ++++++ 2020/0xxx/CVE-2020-0651.json | 110 ++++++ 2020/0xxx/CVE-2020-0652.json | 97 +++++ 2020/0xxx/CVE-2020-0653.json | 63 ++++ 2020/0xxx/CVE-2020-0654.json | 60 +++ 2020/0xxx/CVE-2020-0656.json | 60 +++ 49 files changed, 10043 insertions(+) create mode 100644 2020/0xxx/CVE-2020-0601.json create mode 100644 2020/0xxx/CVE-2020-0602.json create mode 100644 2020/0xxx/CVE-2020-0603.json create mode 100644 2020/0xxx/CVE-2020-0605.json create mode 100644 2020/0xxx/CVE-2020-0606.json create mode 100644 2020/0xxx/CVE-2020-0607.json create mode 100644 2020/0xxx/CVE-2020-0608.json create mode 100644 2020/0xxx/CVE-2020-0609.json create mode 100644 2020/0xxx/CVE-2020-0610.json create mode 100644 2020/0xxx/CVE-2020-0611.json create mode 100644 2020/0xxx/CVE-2020-0612.json create mode 100644 2020/0xxx/CVE-2020-0613.json create mode 100644 2020/0xxx/CVE-2020-0614.json create mode 100644 2020/0xxx/CVE-2020-0615.json create mode 100644 2020/0xxx/CVE-2020-0616.json create mode 100644 2020/0xxx/CVE-2020-0617.json create mode 100644 2020/0xxx/CVE-2020-0620.json create mode 100644 2020/0xxx/CVE-2020-0621.json create mode 100644 2020/0xxx/CVE-2020-0622.json create mode 100644 2020/0xxx/CVE-2020-0623.json create mode 100644 2020/0xxx/CVE-2020-0624.json create mode 100644 2020/0xxx/CVE-2020-0625.json create mode 100644 2020/0xxx/CVE-2020-0626.json create mode 100644 2020/0xxx/CVE-2020-0627.json create mode 100644 2020/0xxx/CVE-2020-0628.json create mode 100644 2020/0xxx/CVE-2020-0629.json create mode 100644 2020/0xxx/CVE-2020-0630.json create mode 100644 2020/0xxx/CVE-2020-0631.json create mode 100644 2020/0xxx/CVE-2020-0632.json create mode 100644 2020/0xxx/CVE-2020-0633.json create mode 100644 2020/0xxx/CVE-2020-0634.json create mode 100644 2020/0xxx/CVE-2020-0635.json create mode 100644 2020/0xxx/CVE-2020-0636.json create mode 100644 2020/0xxx/CVE-2020-0637.json create mode 100644 2020/0xxx/CVE-2020-0638.json create mode 100644 2020/0xxx/CVE-2020-0639.json create mode 100644 2020/0xxx/CVE-2020-0640.json create mode 100644 2020/0xxx/CVE-2020-0641.json create mode 100644 2020/0xxx/CVE-2020-0642.json create mode 100644 2020/0xxx/CVE-2020-0643.json create mode 100644 2020/0xxx/CVE-2020-0644.json create mode 100644 2020/0xxx/CVE-2020-0646.json create mode 100644 2020/0xxx/CVE-2020-0647.json create mode 100644 2020/0xxx/CVE-2020-0650.json create mode 100644 2020/0xxx/CVE-2020-0651.json create mode 100644 2020/0xxx/CVE-2020-0652.json create mode 100644 2020/0xxx/CVE-2020-0653.json create mode 100644 2020/0xxx/CVE-2020-0654.json create mode 100644 2020/0xxx/CVE-2020-0656.json diff --git a/2020/0xxx/CVE-2020-0601.json b/2020/0xxx/CVE-2020-0601.json new file mode 100644 index 00000000000..cadd67ff763 --- /dev/null +++ b/2020/0xxx/CVE-2020-0601.json @@ -0,0 +1,198 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka \u0027Windows CryptoAPI Spoofing Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0602.json b/2020/0xxx/CVE-2020-0602.json new file mode 100644 index 00000000000..235cb9e9b20 --- /dev/null +++ b/2020/0xxx/CVE-2020-0602.json @@ -0,0 +1,66 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ASP.NET Core", + "version": { + "version_data": [ + { + "version_value": "2.1" + }, + { + "version_value": "3.0" + }, + { + "version_value": "3.1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0603.json b/2020/0xxx/CVE-2020-0603.json new file mode 100644 index 00000000000..b588ac0aa01 --- /dev/null +++ b/2020/0xxx/CVE-2020-0603.json @@ -0,0 +1,66 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ASP.NET Core", + "version": { + "version_data": [ + { + "version_value": "2.1" + }, + { + "version_value": "3.0" + }, + { + "version_value": "3.1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0605.json b/2020/0xxx/CVE-2020-0605.json new file mode 100644 index 00000000000..1ca4d609484 --- /dev/null +++ b/2020/0xxx/CVE-2020-0605.json @@ -0,0 +1,685 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": ".NET Core", + "version": { + "version_data": [ + { + "version_value": "3.0" + }, + { + "version_value": "3.1" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.0", + "version": { + "version_data": [ + { + "version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "1903" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.5.2", + "version": { + "version_data": [ + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5.1", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5", + "version": { + "version_data": [ + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027.NET Framework Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0606." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0606.json b/2020/0xxx/CVE-2020-0606.json new file mode 100644 index 00000000000..bc473d36d8d --- /dev/null +++ b/2020/0xxx/CVE-2020-0606.json @@ -0,0 +1,678 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": ".NET Core", + "version": { + "version_data": [ + { + "version_value": "3.0" + }, + { + "version_value": "3.1" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "1903" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.0", + "version": { + "version_data": [ + { + "version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5.1", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.5.2", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027.NET Framework Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0605." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0607.json b/2020/0xxx/CVE-2020-0607.json new file mode 100644 index 00000000000..a08f3ea45a1 --- /dev/null +++ b/2020/0xxx/CVE-2020-0607.json @@ -0,0 +1,231 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \u0027Microsoft Graphics Components Information Disclosure Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0607" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0608.json b/2020/0xxx/CVE-2020-0608.json new file mode 100644 index 00000000000..6714b05c873 --- /dev/null +++ b/2020/0xxx/CVE-2020-0608.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka \u0027Win32k Information Disclosure Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0608" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0609.json b/2020/0xxx/CVE-2020-0609.json new file mode 100644 index 00000000000..9c35a255e4d --- /dev/null +++ b/2020/0xxx/CVE-2020-0609.json @@ -0,0 +1,69 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2016" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 R2" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka \u0027Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0610." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0609" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0610.json b/2020/0xxx/CVE-2020-0610.json new file mode 100644 index 00000000000..de261b993df --- /dev/null +++ b/2020/0xxx/CVE-2020-0610.json @@ -0,0 +1,69 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2016" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 R2" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka \u0027Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0609." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0611.json b/2020/0xxx/CVE-2020-0611.json new file mode 100644 index 00000000000..129bc0055ea --- /dev/null +++ b/2020/0xxx/CVE-2020-0611.json @@ -0,0 +1,234 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka \u0027Remote Desktop Client Remote Code Execution Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0611" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0612.json b/2020/0xxx/CVE-2020-0612.json new file mode 100644 index 00000000000..269a68353d3 --- /dev/null +++ b/2020/0xxx/CVE-2020-0612.json @@ -0,0 +1,63 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka \u0027Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0612" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0613.json b/2020/0xxx/CVE-2020-0613.json new file mode 100644 index 00000000000..d85522ab441 --- /dev/null +++ b/2020/0xxx/CVE-2020-0613.json @@ -0,0 +1,213 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0613" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0614.json b/2020/0xxx/CVE-2020-0614.json new file mode 100644 index 00000000000..d7b12894ad9 --- /dev/null +++ b/2020/0xxx/CVE-2020-0614.json @@ -0,0 +1,213 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0614" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0615.json b/2020/0xxx/CVE-2020-0615.json new file mode 100644 index 00000000000..8b72caf0555 --- /dev/null +++ b/2020/0xxx/CVE-2020-0615.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka \u0027Windows Common Log File System Driver Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2020-0639." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0615" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0616.json b/2020/0xxx/CVE-2020-0616.json new file mode 100644 index 00000000000..2b3f63f4c92 --- /dev/null +++ b/2020/0xxx/CVE-2020-0616.json @@ -0,0 +1,159 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when Windows improperly handles hard links, aka \u0027Microsoft Windows Denial of Service Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0616" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0617.json b/2020/0xxx/CVE-2020-0617.json new file mode 100644 index 00000000000..ff9dbe3e32a --- /dev/null +++ b/2020/0xxx/CVE-2020-0617.json @@ -0,0 +1,94 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system, aka \u0027Hyper-V Denial of Service Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0617" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0620.json b/2020/0xxx/CVE-2020-0620.json new file mode 100644 index 00000000000..e3c41d7241e --- /dev/null +++ b/2020/0xxx/CVE-2020-0620.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files, aka \u0027Microsoft Cryptographic Services Elevation of Privilege Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0620" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0621.json b/2020/0xxx/CVE-2020-0621.json new file mode 100644 index 00000000000..0fe1ef25f2e --- /dev/null +++ b/2020/0xxx/CVE-2020-0621.json @@ -0,0 +1,100 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka \u0027Windows Security Feature Bypass Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0621" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0622.json b/2020/0xxx/CVE-2020-0622.json new file mode 100644 index 00000000000..d14965fb422 --- /dev/null +++ b/2020/0xxx/CVE-2020-0622.json @@ -0,0 +1,103 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka \u0027Microsoft Graphics Component Information Disclosure Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0622" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0623.json b/2020/0xxx/CVE-2020-0623.json new file mode 100644 index 00000000000..4096264b45d --- /dev/null +++ b/2020/0xxx/CVE-2020-0623.json @@ -0,0 +1,213 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0623" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0624.json b/2020/0xxx/CVE-2020-0624.json new file mode 100644 index 00000000000..c71abe902d8 --- /dev/null +++ b/2020/0xxx/CVE-2020-0624.json @@ -0,0 +1,130 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0642." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0624" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0625.json b/2020/0xxx/CVE-2020-0625.json new file mode 100644 index 00000000000..3402b09982d --- /dev/null +++ b/2020/0xxx/CVE-2020-0625.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0625" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0626.json b/2020/0xxx/CVE-2020-0626.json new file mode 100644 index 00000000000..2d0f1f60ce1 --- /dev/null +++ b/2020/0xxx/CVE-2020-0626.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0626" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0627.json b/2020/0xxx/CVE-2020-0627.json new file mode 100644 index 00000000000..103da5c01e5 --- /dev/null +++ b/2020/0xxx/CVE-2020-0627.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0627" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0628.json b/2020/0xxx/CVE-2020-0628.json new file mode 100644 index 00000000000..d5514ce112e --- /dev/null +++ b/2020/0xxx/CVE-2020-0628.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0628" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0629.json b/2020/0xxx/CVE-2020-0629.json new file mode 100644 index 00000000000..8630455ad70 --- /dev/null +++ b/2020/0xxx/CVE-2020-0629.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0629" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0630.json b/2020/0xxx/CVE-2020-0630.json new file mode 100644 index 00000000000..bd8c3f772dd --- /dev/null +++ b/2020/0xxx/CVE-2020-0630.json @@ -0,0 +1,246 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0630" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0631.json b/2020/0xxx/CVE-2020-0631.json new file mode 100644 index 00000000000..8cfca47ecc3 --- /dev/null +++ b/2020/0xxx/CVE-2020-0631.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0632, CVE-2020-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0631" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0632.json b/2020/0xxx/CVE-2020-0632.json new file mode 100644 index 00000000000..5882497cf87 --- /dev/null +++ b/2020/0xxx/CVE-2020-0632.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0632" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0633.json b/2020/0xxx/CVE-2020-0633.json new file mode 100644 index 00000000000..4df7199cf03 --- /dev/null +++ b/2020/0xxx/CVE-2020-0633.json @@ -0,0 +1,192 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0633" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0634.json b/2020/0xxx/CVE-2020-0634.json new file mode 100644 index 00000000000..73a2da8dba1 --- /dev/null +++ b/2020/0xxx/CVE-2020-0634.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka \u0027Windows Common Log File System Driver Elevation of Privilege Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0634" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0635.json b/2020/0xxx/CVE-2020-0635.json new file mode 100644 index 00000000000..8a240a01556 --- /dev/null +++ b/2020/0xxx/CVE-2020-0635.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0644." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0635" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0636.json b/2020/0xxx/CVE-2020-0636.json new file mode 100644 index 00000000000..0c9acee410a --- /dev/null +++ b/2020/0xxx/CVE-2020-0636.json @@ -0,0 +1,130 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files, aka \u0027Windows Subsystem for Linux Elevation of Privilege Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0636" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0637.json b/2020/0xxx/CVE-2020-0637.json new file mode 100644 index 00000000000..0084967a015 --- /dev/null +++ b/2020/0xxx/CVE-2020-0637.json @@ -0,0 +1,87 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information, aka \u0027Remote Desktop Web Access Information Disclosure Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0637" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0638.json b/2020/0xxx/CVE-2020-0638.json new file mode 100644 index 00000000000..23e4511ed1f --- /dev/null +++ b/2020/0xxx/CVE-2020-0638.json @@ -0,0 +1,180 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "version 1803 (Core Installation)" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Update Notification Manager Elevation of Privilege Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0639.json b/2020/0xxx/CVE-2020-0639.json new file mode 100644 index 00000000000..6e17b9bee65 --- /dev/null +++ b/2020/0xxx/CVE-2020-0639.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka \u0027Windows Common Log File System Driver Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2020-0615." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0639" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0640.json b/2020/0xxx/CVE-2020-0640.json new file mode 100644 index 00000000000..85ecc623657 --- /dev/null +++ b/2020/0xxx/CVE-2020-0640.json @@ -0,0 +1,216 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 10", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2012" + } + ] + } + }, + { + "product_name": "Internet Explorer 9", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows Server 2019" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \u0027Internet Explorer Memory Corruption Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0640" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0641.json b/2020/0xxx/CVE-2020-0641.json new file mode 100644 index 00000000000..99c57d04016 --- /dev/null +++ b/2020/0xxx/CVE-2020-0641.json @@ -0,0 +1,219 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Microsoft Windows Elevation of Privilege Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0641" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0642.json b/2020/0xxx/CVE-2020-0642.json new file mode 100644 index 00000000000..83a94728816 --- /dev/null +++ b/2020/0xxx/CVE-2020-0642.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0624." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0642" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0643.json b/2020/0xxx/CVE-2020-0643.json new file mode 100644 index 00000000000..84963d3a284 --- /dev/null +++ b/2020/0xxx/CVE-2020-0643.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka \u0027Windows GDI+ Information Disclosure Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0643" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0644.json b/2020/0xxx/CVE-2020-0644.json new file mode 100644 index 00000000000..d2e913d6b15 --- /dev/null +++ b/2020/0xxx/CVE-2020-0644.json @@ -0,0 +1,219 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0635." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0644" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0646.json b/2020/0xxx/CVE-2020-0646.json new file mode 100644 index 00000000000..fc3fd8d0f03 --- /dev/null +++ b/2020/0xxx/CVE-2020-0646.json @@ -0,0 +1,675 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "1903" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.0", + "version": { + "version_data": [ + { + "version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5.1", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.5.2", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka \u0027.NET Framework Remote Code Execution Injection Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0647.json b/2020/0xxx/CVE-2020-0647.json new file mode 100644 index 00000000000..8c3adbfcebd --- /dev/null +++ b/2020/0xxx/CVE-2020-0647.json @@ -0,0 +1,60 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Office Online Server", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka \u0027Microsoft Office Online Spoofing Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0647" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0650.json b/2020/0xxx/CVE-2020-0650.json new file mode 100644 index 00000000000..9d2d579db3f --- /dev/null +++ b/2020/0xxx/CVE-2020-0650.json @@ -0,0 +1,110 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + }, + { + "version_value": "2019 for Mac" + }, + { + "version_value": "2016 for Mac" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft Excel", + "version": { + "version_data": [ + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \u0027Microsoft Excel Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0651, CVE-2020-0653." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0650" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0651.json b/2020/0xxx/CVE-2020-0651.json new file mode 100644 index 00000000000..6d4bc32bb5b --- /dev/null +++ b/2020/0xxx/CVE-2020-0651.json @@ -0,0 +1,110 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + }, + { + "version_value": "2019 for Mac" + }, + { + "version_value": "2016 for Mac" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft Excel", + "version": { + "version_data": [ + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \u0027Microsoft Excel Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0650, CVE-2020-0653." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0651" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0652.json b/2020/0xxx/CVE-2020-0652.json new file mode 100644 index 00000000000..7dc533b1a2a --- /dev/null +++ b/2020/0xxx/CVE-2020-0652.json @@ -0,0 +1,97 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + }, + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka \u0027Microsoft Office Memory Corruption Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0652" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0653.json b/2020/0xxx/CVE-2020-0653.json new file mode 100644 index 00000000000..46ec5c20cd7 --- /dev/null +++ b/2020/0xxx/CVE-2020-0653.json @@ -0,0 +1,63 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \u0027Microsoft Excel Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0650, CVE-2020-0651." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0653" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0654.json b/2020/0xxx/CVE-2020-0654.json new file mode 100644 index 00000000000..ae70112fcaf --- /dev/null +++ b/2020/0xxx/CVE-2020-0654.json @@ -0,0 +1,60 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "One Drive for Android", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Microsoft OneDrive App for Android.This could allow an attacker to bypass the passcode or fingerprint requirements of the App.The security update addresses the vulnerability by correcting the way Microsoft OneDrive App for Android handles sharing links., aka \u0027Microsoft OneDrive for Android Security Feature Bypass Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0654" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0656.json b/2020/0xxx/CVE-2020-0656.json new file mode 100644 index 00000000000..f58d85a9d0b --- /dev/null +++ b/2020/0xxx/CVE-2020-0656.json @@ -0,0 +1,60 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dynamics 365 Field Service (on-premises) v7 series", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka \u0027Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0656" + } + ] + } +} From f8fbad961ee02a38045c8664c5b476109bd07a02 Mon Sep 17 00:00:00 2001 From: Bill Situ Date: Tue, 14 Jan 2020 15:27:30 -0800 Subject: [PATCH 068/387] Bill Sit Oracle Critical Patch Update - January 2020 This update contains only Oracle CVEs. On branch cna/Oracle/CPU2020JanOracleCVEs Changes to be committed: modified: 2012/1xxx/CVE-2012-1695.json modified: 2019/2xxx/CVE-2019-2725.json modified: 2019/2xxx/CVE-2019-2729.json modified: 2019/2xxx/CVE-2019-2904.json modified: 2020/2xxx/CVE-2020-2510.json modified: 2020/2xxx/CVE-2020-2511.json modified: 2020/2xxx/CVE-2020-2512.json modified: 2020/2xxx/CVE-2020-2515.json modified: 2020/2xxx/CVE-2020-2516.json modified: 2020/2xxx/CVE-2020-2517.json modified: 2020/2xxx/CVE-2020-2518.json modified: 2020/2xxx/CVE-2020-2519.json modified: 2020/2xxx/CVE-2020-2527.json modified: 2020/2xxx/CVE-2020-2530.json modified: 2020/2xxx/CVE-2020-2531.json modified: 2020/2xxx/CVE-2020-2533.json modified: 2020/2xxx/CVE-2020-2534.json modified: 2020/2xxx/CVE-2020-2535.json modified: 2020/2xxx/CVE-2020-2536.json modified: 2020/2xxx/CVE-2020-2537.json modified: 2020/2xxx/CVE-2020-2538.json modified: 2020/2xxx/CVE-2020-2539.json modified: 2020/2xxx/CVE-2020-2540.json modified: 2020/2xxx/CVE-2020-2541.json modified: 2020/2xxx/CVE-2020-2542.json modified: 2020/2xxx/CVE-2020-2543.json modified: 2020/2xxx/CVE-2020-2544.json modified: 2020/2xxx/CVE-2020-2545.json modified: 2020/2xxx/CVE-2020-2546.json modified: 2020/2xxx/CVE-2020-2547.json modified: 2020/2xxx/CVE-2020-2548.json modified: 2020/2xxx/CVE-2020-2549.json modified: 2020/2xxx/CVE-2020-2550.json modified: 2020/2xxx/CVE-2020-2551.json modified: 2020/2xxx/CVE-2020-2552.json modified: 2020/2xxx/CVE-2020-2555.json modified: 2020/2xxx/CVE-2020-2556.json modified: 2020/2xxx/CVE-2020-2557.json modified: 2020/2xxx/CVE-2020-2558.json modified: 2020/2xxx/CVE-2020-2559.json modified: 2020/2xxx/CVE-2020-2560.json modified: 2020/2xxx/CVE-2020-2561.json modified: 2020/2xxx/CVE-2020-2563.json modified: 2020/2xxx/CVE-2020-2564.json modified: 2020/2xxx/CVE-2020-2565.json modified: 2020/2xxx/CVE-2020-2566.json modified: 2020/2xxx/CVE-2020-2567.json modified: 2020/2xxx/CVE-2020-2568.json modified: 2020/2xxx/CVE-2020-2569.json modified: 2020/2xxx/CVE-2020-2570.json modified: 2020/2xxx/CVE-2020-2571.json modified: 2020/2xxx/CVE-2020-2572.json modified: 2020/2xxx/CVE-2020-2573.json modified: 2020/2xxx/CVE-2020-2574.json modified: 2020/2xxx/CVE-2020-2576.json modified: 2020/2xxx/CVE-2020-2577.json modified: 2020/2xxx/CVE-2020-2578.json modified: 2020/2xxx/CVE-2020-2579.json modified: 2020/2xxx/CVE-2020-2580.json modified: 2020/2xxx/CVE-2020-2581.json modified: 2020/2xxx/CVE-2020-2582.json modified: 2020/2xxx/CVE-2020-2583.json modified: 2020/2xxx/CVE-2020-2584.json modified: 2020/2xxx/CVE-2020-2585.json modified: 2020/2xxx/CVE-2020-2586.json modified: 2020/2xxx/CVE-2020-2587.json modified: 2020/2xxx/CVE-2020-2588.json modified: 2020/2xxx/CVE-2020-2589.json modified: 2020/2xxx/CVE-2020-2590.json modified: 2020/2xxx/CVE-2020-2591.json modified: 2020/2xxx/CVE-2020-2592.json modified: 2020/2xxx/CVE-2020-2593.json modified: 2020/2xxx/CVE-2020-2595.json modified: 2020/2xxx/CVE-2020-2596.json modified: 2020/2xxx/CVE-2020-2597.json modified: 2020/2xxx/CVE-2020-2598.json modified: 2020/2xxx/CVE-2020-2599.json modified: 2020/2xxx/CVE-2020-2600.json modified: 2020/2xxx/CVE-2020-2601.json modified: 2020/2xxx/CVE-2020-2602.json modified: 2020/2xxx/CVE-2020-2603.json modified: 2020/2xxx/CVE-2020-2604.json modified: 2020/2xxx/CVE-2020-2605.json modified: 2020/2xxx/CVE-2020-2606.json modified: 2020/2xxx/CVE-2020-2607.json modified: 2020/2xxx/CVE-2020-2608.json modified: 2020/2xxx/CVE-2020-2609.json modified: 2020/2xxx/CVE-2020-2610.json modified: 2020/2xxx/CVE-2020-2611.json modified: 2020/2xxx/CVE-2020-2612.json modified: 2020/2xxx/CVE-2020-2613.json modified: 2020/2xxx/CVE-2020-2614.json modified: 2020/2xxx/CVE-2020-2615.json modified: 2020/2xxx/CVE-2020-2616.json modified: 2020/2xxx/CVE-2020-2617.json modified: 2020/2xxx/CVE-2020-2618.json modified: 2020/2xxx/CVE-2020-2619.json modified: 2020/2xxx/CVE-2020-2620.json modified: 2020/2xxx/CVE-2020-2621.json modified: 2020/2xxx/CVE-2020-2622.json modified: 2020/2xxx/CVE-2020-2623.json modified: 2020/2xxx/CVE-2020-2624.json modified: 2020/2xxx/CVE-2020-2625.json modified: 2020/2xxx/CVE-2020-2626.json modified: 2020/2xxx/CVE-2020-2627.json modified: 2020/2xxx/CVE-2020-2628.json modified: 2020/2xxx/CVE-2020-2629.json modified: 2020/2xxx/CVE-2020-2630.json modified: 2020/2xxx/CVE-2020-2631.json modified: 2020/2xxx/CVE-2020-2632.json modified: 2020/2xxx/CVE-2020-2633.json modified: 2020/2xxx/CVE-2020-2634.json modified: 2020/2xxx/CVE-2020-2635.json modified: 2020/2xxx/CVE-2020-2636.json modified: 2020/2xxx/CVE-2020-2637.json modified: 2020/2xxx/CVE-2020-2638.json modified: 2020/2xxx/CVE-2020-2639.json modified: 2020/2xxx/CVE-2020-2640.json modified: 2020/2xxx/CVE-2020-2641.json modified: 2020/2xxx/CVE-2020-2642.json modified: 2020/2xxx/CVE-2020-2643.json modified: 2020/2xxx/CVE-2020-2644.json modified: 2020/2xxx/CVE-2020-2645.json modified: 2020/2xxx/CVE-2020-2646.json modified: 2020/2xxx/CVE-2020-2647.json modified: 2020/2xxx/CVE-2020-2648.json modified: 2020/2xxx/CVE-2020-2649.json modified: 2020/2xxx/CVE-2020-2650.json modified: 2020/2xxx/CVE-2020-2651.json modified: 2020/2xxx/CVE-2020-2652.json modified: 2020/2xxx/CVE-2020-2653.json modified: 2020/2xxx/CVE-2020-2654.json modified: 2020/2xxx/CVE-2020-2655.json modified: 2020/2xxx/CVE-2020-2656.json modified: 2020/2xxx/CVE-2020-2657.json modified: 2020/2xxx/CVE-2020-2658.json modified: 2020/2xxx/CVE-2020-2659.json modified: 2020/2xxx/CVE-2020-2660.json modified: 2020/2xxx/CVE-2020-2661.json modified: 2020/2xxx/CVE-2020-2662.json modified: 2020/2xxx/CVE-2020-2663.json modified: 2020/2xxx/CVE-2020-2664.json modified: 2020/2xxx/CVE-2020-2665.json modified: 2020/2xxx/CVE-2020-2666.json modified: 2020/2xxx/CVE-2020-2667.json modified: 2020/2xxx/CVE-2020-2668.json modified: 2020/2xxx/CVE-2020-2669.json modified: 2020/2xxx/CVE-2020-2670.json modified: 2020/2xxx/CVE-2020-2671.json modified: 2020/2xxx/CVE-2020-2672.json modified: 2020/2xxx/CVE-2020-2673.json modified: 2020/2xxx/CVE-2020-2674.json modified: 2020/2xxx/CVE-2020-2675.json modified: 2020/2xxx/CVE-2020-2676.json modified: 2020/2xxx/CVE-2020-2677.json modified: 2020/2xxx/CVE-2020-2678.json modified: 2020/2xxx/CVE-2020-2679.json modified: 2020/2xxx/CVE-2020-2680.json modified: 2020/2xxx/CVE-2020-2681.json modified: 2020/2xxx/CVE-2020-2682.json modified: 2020/2xxx/CVE-2020-2683.json modified: 2020/2xxx/CVE-2020-2684.json modified: 2020/2xxx/CVE-2020-2685.json modified: 2020/2xxx/CVE-2020-2686.json modified: 2020/2xxx/CVE-2020-2687.json modified: 2020/2xxx/CVE-2020-2688.json modified: 2020/2xxx/CVE-2020-2689.json modified: 2020/2xxx/CVE-2020-2690.json modified: 2020/2xxx/CVE-2020-2691.json modified: 2020/2xxx/CVE-2020-2692.json modified: 2020/2xxx/CVE-2020-2693.json modified: 2020/2xxx/CVE-2020-2694.json modified: 2020/2xxx/CVE-2020-2695.json modified: 2020/2xxx/CVE-2020-2696.json modified: 2020/2xxx/CVE-2020-2697.json modified: 2020/2xxx/CVE-2020-2698.json modified: 2020/2xxx/CVE-2020-2699.json modified: 2020/2xxx/CVE-2020-2700.json modified: 2020/2xxx/CVE-2020-2701.json modified: 2020/2xxx/CVE-2020-2702.json modified: 2020/2xxx/CVE-2020-2703.json modified: 2020/2xxx/CVE-2020-2704.json modified: 2020/2xxx/CVE-2020-2705.json modified: 2020/2xxx/CVE-2020-2707.json modified: 2020/2xxx/CVE-2020-2709.json modified: 2020/2xxx/CVE-2020-2710.json modified: 2020/2xxx/CVE-2020-2711.json modified: 2020/2xxx/CVE-2020-2712.json modified: 2020/2xxx/CVE-2020-2713.json modified: 2020/2xxx/CVE-2020-2714.json modified: 2020/2xxx/CVE-2020-2715.json modified: 2020/2xxx/CVE-2020-2716.json modified: 2020/2xxx/CVE-2020-2717.json modified: 2020/2xxx/CVE-2020-2718.json modified: 2020/2xxx/CVE-2020-2719.json modified: 2020/2xxx/CVE-2020-2720.json modified: 2020/2xxx/CVE-2020-2721.json modified: 2020/2xxx/CVE-2020-2722.json modified: 2020/2xxx/CVE-2020-2723.json modified: 2020/2xxx/CVE-2020-2724.json modified: 2020/2xxx/CVE-2020-2725.json modified: 2020/2xxx/CVE-2020-2726.json modified: 2020/2xxx/CVE-2020-2727.json modified: 2020/2xxx/CVE-2020-2728.json modified: 2020/2xxx/CVE-2020-2729.json modified: 2020/2xxx/CVE-2020-2730.json modified: 2020/2xxx/CVE-2020-2731.json --- 2012/1xxx/CVE-2012-1695.json | 84 +++++++------ 2019/2xxx/CVE-2019-2725.json | 23 +++- 2019/2xxx/CVE-2019-2729.json | 47 ++++++- 2019/2xxx/CVE-2019-2904.json | 230 +++++++++++++++++++++++++++++------ 2020/2xxx/CVE-2020-2510.json | 90 +++++++++++--- 2020/2xxx/CVE-2020-2511.json | 86 ++++++++++--- 2020/2xxx/CVE-2020-2512.json | 90 +++++++++++--- 2020/2xxx/CVE-2020-2515.json | 90 +++++++++++--- 2020/2xxx/CVE-2020-2516.json | 86 ++++++++++--- 2020/2xxx/CVE-2020-2517.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2518.json | 94 +++++++++++--- 2020/2xxx/CVE-2020-2519.json | 86 ++++++++++--- 2020/2xxx/CVE-2020-2527.json | 86 ++++++++++--- 2020/2xxx/CVE-2020-2530.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2531.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2533.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2534.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2535.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2536.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2537.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2538.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2539.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2540.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2541.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2542.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2543.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2544.json | 86 ++++++++++--- 2020/2xxx/CVE-2020-2545.json | 106 +++++++++++++--- 2020/2xxx/CVE-2020-2546.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2547.json | 86 ++++++++++--- 2020/2xxx/CVE-2020-2548.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2549.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2550.json | 86 ++++++++++--- 2020/2xxx/CVE-2020-2551.json | 86 ++++++++++--- 2020/2xxx/CVE-2020-2552.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2555.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2556.json | 90 +++++++++++--- 2020/2xxx/CVE-2020-2557.json | 86 ++++++++++--- 2020/2xxx/CVE-2020-2558.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2559.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2560.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2561.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2563.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2564.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2565.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2566.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2567.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2568.json | 86 ++++++++++--- 2020/2xxx/CVE-2020-2569.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2570.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2571.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2572.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2573.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2574.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2576.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2577.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2578.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2579.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2580.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2581.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2582.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2583.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2584.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2585.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2586.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2587.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2588.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2589.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2590.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2591.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2592.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2593.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2595.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2596.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2597.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2598.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2599.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2600.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2601.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2602.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2603.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2604.json | 94 +++++++++++--- 2020/2xxx/CVE-2020-2605.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2606.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2607.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2608.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2609.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2610.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2611.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2612.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2613.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2614.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2615.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2616.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2617.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2618.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2619.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2620.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2621.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2622.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2623.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2624.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2625.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2626.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2627.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2628.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2629.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2630.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2631.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2632.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2633.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2634.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2635.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2636.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2637.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2638.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2639.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2640.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2641.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2642.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2643.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2644.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2645.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2646.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2647.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2648.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2649.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2650.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2651.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2652.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2653.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2654.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2655.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2656.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2657.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2658.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2659.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2660.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2661.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2662.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2663.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2664.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2665.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2666.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2667.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2668.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2669.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2670.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2671.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2672.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2673.json | 86 ++++++++++--- 2020/2xxx/CVE-2020-2674.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2675.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2676.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2677.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2678.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2679.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2680.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2681.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2682.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2683.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2684.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2685.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2686.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2687.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2688.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2689.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2690.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2691.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2692.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2693.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2694.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2695.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2696.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2697.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2698.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2699.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2700.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2701.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2702.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2703.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2704.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2705.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2707.json | 90 +++++++++++--- 2020/2xxx/CVE-2020-2709.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2710.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2711.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2712.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2713.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2714.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2715.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2716.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2717.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2718.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2719.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2720.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2721.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2722.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2723.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2724.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2725.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2726.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2727.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2728.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2729.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2730.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2731.json | 86 ++++++++++--- 207 files changed, 13135 insertions(+), 3331 deletions(-) diff --git a/2012/1xxx/CVE-2012-1695.json b/2012/1xxx/CVE-2012-1695.json index bf040923228..9aee1e7171f 100644 --- a/2012/1xxx/CVE-2012-1695.json +++ b/2012/1xxx/CVE-2012-1695.json @@ -1,76 +1,80 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2012-1695", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2012-1695", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.2 and earlier, and JDK/JRE 5 and 6 27.7.1 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + "lang":"eng", + "value":"Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.2 and earlier, and JDK/JRE 5 and 6 27.7.1 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "48864", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/48864" + "name":"48864", + "refsource":"SECUNIA", + "url":"http://secunia.com/advisories/48864" }, { - "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + "name":"http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" }, { - "name": "1026948", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id?1026948" + "name":"1026948", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id?1026948" }, { - "name": "MDVSA-2013:150", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + "name":"MDVSA-2013:150", + "refsource":"MANDRIVA", + "url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/2xxx/CVE-2019-2725.json b/2019/2xxx/CVE-2019-2725.json index 7fa1f5672dd..60ff7f28db6 100644 --- a/2019/2xxx/CVE-2019-2725.json +++ b/2019/2xxx/CVE-2019-2725.json @@ -23,7 +23,23 @@ } ] }, - "vendor_name": "Oracle Corporation" + "vendor_name": "Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Tape Library ACSLS", + "version":{ + "version_data":[ + { + "version_value":"8.5", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" } ] } @@ -82,7 +98,10 @@ "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" - } + }. + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } ] } } \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2729.json b/2019/2xxx/CVE-2019-2729.json index 2828374b89d..58314736bc2 100644 --- a/2019/2xxx/CVE-2019-2729.json +++ b/2019/2xxx/CVE-2019-2729.json @@ -23,7 +23,47 @@ } ] }, - "vendor_name": "Oracle Corporation" + "vendor_name": "Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"PeopleSoft Enterprise PT PeopleTools", + "version":{ + "version_data":[ + { + "version_value":"8.56", + "version_affected":"=" + }, + { + "version_value":"8.57", + "version_affected":"=" + }, + { + "version_value":"8.58", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Tape Library ACSLS", + "version":{ + "version_data":[ + { + "version_value":"8.5", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" } ] } @@ -67,7 +107,10 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155886/Oracle-Weblogic-10.3.6.0.0-Remote-Command-Execution.html", "url": "http://packetstormsecurity.com/files/155886/Oracle-Weblogic-10.3.6.0.0-Remote-Command-Execution.html" - } + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } ] } } \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2904.json b/2019/2xxx/CVE-2019-2904.json index 819348bba61..cb2e9eff42b 100644 --- a/2019/2xxx/CVE-2019-2904.json +++ b/2019/2xxx/CVE-2019-2904.json @@ -1,75 +1,227 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2019-2904", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2019-2904", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "JDeveloper", - "version": { - "version_data": [ + "product_name":"JDeveloper", + "version":{ + "version_data":[ { - "version_value": "11.1.1.9.0", - "version_affected": "=" + "version_value":"11.1.1.9.0", + "version_affected":"=" }, { - "version_value": "12.1.3.0.0", - "version_affected": "=" + "version_value":"12.1.3.0.0", + "version_affected":"=" }, { - "version_value": "12.2.1.3.0", - "version_affected": "=" + "version_value":"12.2.1.3.0", + "version_affected":"=" } ] } } ] }, - "vendor_name": "Oracle Corporation" + "vendor_name":"Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Application Testing Suite", + "version":{ + "version_data":[ + { + "version_value":"12.5.0.3", + "version_affected":"=" + }, + { + "version_value":"13.1.0.1", + "version_affected":"=" + }, + { + "version_value":"13.2.0.1", + "version_affected":"=" + }, + { + "version_value":"13.3.0.1", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Clinical", + "version":{ + "version_data":[ + { + "version_value":"5.2", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Health Sciences Data Management Workbench", + "version":{ + "version_data":[ + { + "version_value":"2.4", + "version_affected":"=" + }, + { + "version_value":"2.5", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Hyperion Planning", + "version":{ + "version_data":[ + { + "version_value":"11.1.2.4", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Retail Assortment Planning", + "version":{ + "version_data":[ + { + "version_value":"15.0.3", + "version_affected":"=" + }, + { + "version_value":"16.0.3", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Retail Clearance Optimization Engine", + "version":{ + "version_data":[ + { + "version_value":"14.0.5", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Retail Markdown Optimization", + "version":{ + "version_data":[ + { + "version_value":"13.4", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Retail Sales Audit", + "version":{ + "version_data":[ + { + "version_value":"15.0.3. 16.0.2", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + "lang":"eng", + "value":"Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF." + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF." } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/" + "refsource":"MISC", + "name":"https://www.zerodayinitiative.com/advisories/ZDI-19-1024/", + "url":"https://www.zerodayinitiative.com/advisories/ZDI-19-1024/" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2510.json b/2020/2xxx/CVE-2020-2510.json index 8f526a11645..4f7940c9efd 100644 --- a/2020/2xxx/CVE-2020-2510.json +++ b/2020/2xxx/CVE-2020-2510.json @@ -1,18 +1,76 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2510", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2510" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Database", + "version":{ + "version_data":[ + { + "version_value":"11.2.0.4", + "version_affected":"=" + }, + { + "version_value":"12.1.0.2", + "version_affected":"=" + }, + { + "version_value":"12.2.0.1", + "version_affected":"=" + }, + { + "version_value":"18c", + "version_affected":"=" + }, + { + "version_value":"19c", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Core RDBMS." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2511.json b/2020/2xxx/CVE-2020-2511.json index 08ff3cf8dfd..d389ba57613 100644 --- a/2020/2xxx/CVE-2020-2511.json +++ b/2020/2xxx/CVE-2020-2511.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2511", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2511" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Database", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.2", + "version_affected":"=" + }, + { + "version_value":"12.2.0.1", + "version_affected":"=" + }, + { + "version_value":"18c", + "version_affected":"=" + }, + { + "version_value":"19c", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2512.json b/2020/2xxx/CVE-2020-2512.json index 44439e9899a..128e507e2be 100644 --- a/2020/2xxx/CVE-2020-2512.json +++ b/2020/2xxx/CVE-2020-2512.json @@ -1,18 +1,76 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2512", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2512" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Database", + "version":{ + "version_data":[ + { + "version_value":"11.2.0.4", + "version_affected":"=" + }, + { + "version_value":"12.1.0.2", + "version_affected":"=" + }, + { + "version_value":"12.2.0.1", + "version_affected":"=" + }, + { + "version_value":"18c", + "version_affected":"=" + }, + { + "version_value":"19c", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Gateway for ODBC." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2515.json b/2020/2xxx/CVE-2020-2515.json index 7800d729755..2ca9db2118b 100644 --- a/2020/2xxx/CVE-2020-2515.json +++ b/2020/2xxx/CVE-2020-2515.json @@ -1,18 +1,76 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2515", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2515" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Database", + "version":{ + "version_data":[ + { + "version_value":"11.2.0.4", + "version_affected":"=" + }, + { + "version_value":"12.1.0.2", + "version_affected":"=" + }, + { + "version_value":"12.2.0.1", + "version_affected":"=" + }, + { + "version_value":"18c", + "version_affected":"=" + }, + { + "version_value":"19c", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data as well as unauthorized read access to a subset of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data as well as unauthorized read access to a subset of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2516.json b/2020/2xxx/CVE-2020-2516.json index a7d2daee1b2..70f403b6615 100644 --- a/2020/2xxx/CVE-2020-2516.json +++ b/2020/2xxx/CVE-2020-2516.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2516", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2516" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Database", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.2", + "version_affected":"=" + }, + { + "version_value":"12.2.0.1", + "version_affected":"=" + }, + { + "version_value":"18c", + "version_affected":"=" + }, + { + "version_value":"19c", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data. CVSS 3.0 Base Score 2.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2517.json b/2020/2xxx/CVE-2020-2517.json index 31bf9a63d5c..e04cc44cda9 100644 --- a/2020/2xxx/CVE-2020-2517.json +++ b/2020/2xxx/CVE-2020-2517.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2517", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2517" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Database", + "version":{ + "version_data":[ + { + "version_value":"12.2.0.1", + "version_affected":"=" + }, + { + "version_value":"18c", + "version_affected":"=" + }, + { + "version_value":"19c", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 3.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2518.json b/2020/2xxx/CVE-2020-2518.json index f5cca796071..2c9d36d0b5c 100644 --- a/2020/2xxx/CVE-2020-2518.json +++ b/2020/2xxx/CVE-2020-2518.json @@ -1,18 +1,80 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2518", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2518" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Database", + "version":{ + "version_data":[ + { + "version_value":"11.2.0.4", + "version_affected":"=" + }, + { + "version_value":"12.1.0.11", + "version_affected":"=" + }, + { + "version_value":"29", + "version_affected":"=" + }, + { + "version_value":"212.2.0.1", + "version_affected":"=" + }, + { + "version_value":"18c", + "version_affected":"=" + }, + { + "version_value":"19c", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.11,29,212.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2519.json b/2020/2xxx/CVE-2020-2519.json index 8300334feb2..dce35bf55c4 100644 --- a/2020/2xxx/CVE-2020-2519.json +++ b/2020/2xxx/CVE-2020-2519.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2519", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2519" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"WebLogic Server", + "version":{ + "version_data":[ + { + "version_value":"10.3.6.0.0", + "version_affected":"=" + }, + { + "version_value":"12.1.3.0.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.4.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2527.json b/2020/2xxx/CVE-2020-2527.json index 850505e3ef7..4a6622dafe8 100644 --- a/2020/2xxx/CVE-2020-2527.json +++ b/2020/2xxx/CVE-2020-2527.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2527", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2527" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Database", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.2", + "version_affected":"=" + }, + { + "version_value":"12.2.0.1", + "version_affected":"=" + }, + { + "version_value":"18c", + "version_affected":"=" + }, + { + "version_value":"19c", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2530.json b/2020/2xxx/CVE-2020-2530.json index f74116277bc..1c7ea6f81e8 100644 --- a/2020/2xxx/CVE-2020-2530.json +++ b/2020/2xxx/CVE-2020-2530.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2530", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2530" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"HTTP Server", + "version":{ + "version_data":[ + { + "version_value":"11.1.1.9.0", + "version_affected":"=" + }, + { + "version_value":"12.1.3.0.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2531.json b/2020/2xxx/CVE-2020-2531.json index c89e3145ce5..660c440a28d 100644 --- a/2020/2xxx/CVE-2020-2531.json +++ b/2020/2xxx/CVE-2020-2531.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2531", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2531" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Business Intelligence Enterprise Edition", + "version":{ + "version_data":[ + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.4.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2533.json b/2020/2xxx/CVE-2020-2533.json index d66891e5280..0a3dbd5f391 100644 --- a/2020/2xxx/CVE-2020-2533.json +++ b/2020/2xxx/CVE-2020-2533.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2533", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2533" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Reports Developer", + "version":{ + "version_data":[ + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.4.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2534.json b/2020/2xxx/CVE-2020-2534.json index 44887a3631c..aac2bbb2c7e 100644 --- a/2020/2xxx/CVE-2020-2534.json +++ b/2020/2xxx/CVE-2020-2534.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2534", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2534" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Reports Developer", + "version":{ + "version_data":[ + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.4.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2535.json b/2020/2xxx/CVE-2020-2535.json index 4bc95ffdd3a..4d69a6f9ff7 100644 --- a/2020/2xxx/CVE-2020-2535.json +++ b/2020/2xxx/CVE-2020-2535.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2535", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2535" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Business Intelligence Enterprise Edition", + "version":{ + "version_data":[ + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.4.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2536.json b/2020/2xxx/CVE-2020-2536.json index e4c4820616e..ff9f9ee8c54 100644 --- a/2020/2xxx/CVE-2020-2536.json +++ b/2020/2xxx/CVE-2020-2536.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2536", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2536" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Outside In Technology", + "version":{ + "version_data":[ + { + "version_value":"8.5.4", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2537.json b/2020/2xxx/CVE-2020-2537.json index 750aeb96d9d..7a34d43613c 100644 --- a/2020/2xxx/CVE-2020-2537.json +++ b/2020/2xxx/CVE-2020-2537.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2537", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2537" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Business Intelligence Enterprise Edition", + "version":{ + "version_data":[ + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.4.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2538.json b/2020/2xxx/CVE-2020-2538.json index 2db07790111..44cb9028372 100644 --- a/2020/2xxx/CVE-2020-2538.json +++ b/2020/2xxx/CVE-2020-2538.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2538", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2538" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"WebCenter Sites", + "version":{ + "version_data":[ + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2539.json b/2020/2xxx/CVE-2020-2539.json index fad1f8676c7..06380809215 100644 --- a/2020/2xxx/CVE-2020-2539.json +++ b/2020/2xxx/CVE-2020-2539.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2539", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2539" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"WebCenter Sites", + "version":{ + "version_data":[ + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2540.json b/2020/2xxx/CVE-2020-2540.json index 57d029b120f..dde087cbc9d 100644 --- a/2020/2xxx/CVE-2020-2540.json +++ b/2020/2xxx/CVE-2020-2540.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2540", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2540" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Outside In Technology", + "version":{ + "version_data":[ + { + "version_value":"8.5.4", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2541.json b/2020/2xxx/CVE-2020-2541.json index 77ca6d2c996..7512c2b923d 100644 --- a/2020/2xxx/CVE-2020-2541.json +++ b/2020/2xxx/CVE-2020-2541.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2541", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2541" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Outside In Technology", + "version":{ + "version_data":[ + { + "version_value":"8.5.4", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2542.json b/2020/2xxx/CVE-2020-2542.json index 6cc6f83e5f7..ced9eb0df63 100644 --- a/2020/2xxx/CVE-2020-2542.json +++ b/2020/2xxx/CVE-2020-2542.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2542", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2542" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Outside In Technology", + "version":{ + "version_data":[ + { + "version_value":"8.5.4", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2543.json b/2020/2xxx/CVE-2020-2543.json index 65bd51c1d13..9ed1ed461c8 100644 --- a/2020/2xxx/CVE-2020-2543.json +++ b/2020/2xxx/CVE-2020-2543.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2543", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2543" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Outside In Technology", + "version":{ + "version_data":[ + { + "version_value":"8.5.4", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2544.json b/2020/2xxx/CVE-2020-2544.json index db53bbffd7e..b89392ca235 100644 --- a/2020/2xxx/CVE-2020-2544.json +++ b/2020/2xxx/CVE-2020-2544.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2544", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2544" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"WebLogic Server", + "version":{ + "version_data":[ + { + "version_value":"10.3.6.0.0", + "version_affected":"=" + }, + { + "version_value":"12.1.3.0.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.4.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2545.json b/2020/2xxx/CVE-2020-2545.json index 3a53842cd69..6f44f187216 100644 --- a/2020/2xxx/CVE-2020-2545.json +++ b/2020/2xxx/CVE-2020-2545.json @@ -1,18 +1,92 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2545", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2545" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"HTTP Server", + "version":{ + "version_data":[ + { + "version_value":"11.1.1.9.0", + "version_affected":"=" + }, + { + "version_value":"12.1.3.0.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Security Service", + "version":{ + "version_data":[ + { + "version_value":"11.1.1.9.0", + "version_affected":"=" + }, + { + "version_value":"12.1.3.0.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2546.json b/2020/2xxx/CVE-2020-2546.json index 788fb9105d4..7e0f2522340 100644 --- a/2020/2xxx/CVE-2020-2546.json +++ b/2020/2xxx/CVE-2020-2546.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2546", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2546" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"WebLogic Server", + "version":{ + "version_data":[ + { + "version_value":"10.3.6.0.0", + "version_affected":"=" + }, + { + "version_value":"12.1.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2547.json b/2020/2xxx/CVE-2020-2547.json index 493151ce3b3..f641efafc40 100644 --- a/2020/2xxx/CVE-2020-2547.json +++ b/2020/2xxx/CVE-2020-2547.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2547", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2547" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"WebLogic Server", + "version":{ + "version_data":[ + { + "version_value":"10.3.6.0.0", + "version_affected":"=" + }, + { + "version_value":"12.1.3.0.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.4.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2548.json b/2020/2xxx/CVE-2020-2548.json index 3a7598603ac..fa71f2ca11b 100644 --- a/2020/2xxx/CVE-2020-2548.json +++ b/2020/2xxx/CVE-2020-2548.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2548", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2548" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"WebLogic Server", + "version":{ + "version_data":[ + { + "version_value":"10.3.6.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2549.json b/2020/2xxx/CVE-2020-2549.json index 0d33af9f8c8..25edd4e3039 100644 --- a/2020/2xxx/CVE-2020-2549.json +++ b/2020/2xxx/CVE-2020-2549.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2549", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2549" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"WebLogic Server", + "version":{ + "version_data":[ + { + "version_value":"10.3.6.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2550.json b/2020/2xxx/CVE-2020-2550.json index 12a36a3a5d0..8fca117ba6d 100644 --- a/2020/2xxx/CVE-2020-2550.json +++ b/2020/2xxx/CVE-2020-2550.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2550", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2550" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"WebLogic Server", + "version":{ + "version_data":[ + { + "version_value":"10.3.6.0.0", + "version_affected":"=" + }, + { + "version_value":"12.1.3.0.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.4.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2551.json b/2020/2xxx/CVE-2020-2551.json index effcff9e10c..2812a8caedf 100644 --- a/2020/2xxx/CVE-2020-2551.json +++ b/2020/2xxx/CVE-2020-2551.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2551", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2551" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"WebLogic Server", + "version":{ + "version_data":[ + { + "version_value":"10.3.6.0.0", + "version_affected":"=" + }, + { + "version_value":"12.1.3.0.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.4.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2552.json b/2020/2xxx/CVE-2020-2552.json index 1cd9309c114..e720f81749d 100644 --- a/2020/2xxx/CVE-2020-2552.json +++ b/2020/2xxx/CVE-2020-2552.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2552", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2552" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"WebLogic Server", + "version":{ + "version_data":[ + { + "version_value":"10.3.6.0.0", + "version_affected":"=" + }, + { + "version_value":"12.1.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2555.json b/2020/2xxx/CVE-2020-2555.json index c49e72e999d..1984ec04181 100644 --- a/2020/2xxx/CVE-2020-2555.json +++ b/2020/2xxx/CVE-2020-2555.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2555", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2555" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Coherence", + "version":{ + "version_data":[ + { + "version_value":"12.1.3.0.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.4.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2556.json b/2020/2xxx/CVE-2020-2556.json index 2ac12f3be43..53e8bf47084 100644 --- a/2020/2xxx/CVE-2020-2556.json +++ b/2020/2xxx/CVE-2020-2556.json @@ -1,18 +1,76 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2556", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2556" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Primavera P6 Professional Project Management", + "version":{ + "version_data":[ + { + "version_value":"16.2.0.0-16.2.19.0", + "version_affected":"=" + }, + { + "version_value":"17.12.0.0-17.12.16.0", + "version_affected":"=" + }, + { + "version_value":"18.8.0.0-18.8.16.0", + "version_affected":"=" + }, + { + "version_value":"19.12.0.0", + "version_affected":"=" + }, + { + "version_value":"20.1.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Core). Supported versions that are affected are 16.2.0.0-16.2.19.0, 17.12.0.0-17.12.16.0, 18.8.0.0-18.8.16.0, 19.12.0.0 and 20.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera P6 Enterprise Project Portfolio Management executes to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera P6 Enterprise Project Portfolio Management executes to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2557.json b/2020/2xxx/CVE-2020-2557.json index 5c31e3ce708..5329af079d2 100644 --- a/2020/2xxx/CVE-2020-2557.json +++ b/2020/2xxx/CVE-2020-2557.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2557", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2557" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Demantra Demand Management", + "version":{ + "version_data":[ + { + "version_value":"12.2.4", + "version_affected":"=" + }, + { + "version_value":"12.2.4.1", + "version_affected":"=" + }, + { + "version_value":"12.2.5", + "version_affected":"=" + }, + { + "version_value":"12.2.5.1", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: Security). Supported versions that are affected are 12.2.4, 12.2.4.1, 12.2.5 and 12.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Demantra Demand Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Demantra Demand Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2558.json b/2020/2xxx/CVE-2020-2558.json index 6007fa41a81..e2a28de3e8d 100644 --- a/2020/2xxx/CVE-2020-2558.json +++ b/2020/2xxx/CVE-2020-2558.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2558", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2558" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Solaris Operating System", + "version":{ + "version_data":[ + { + "version_value":"11", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2559.json b/2020/2xxx/CVE-2020-2559.json index 279d49326c2..06d4b86f18a 100644 --- a/2020/2xxx/CVE-2020-2559.json +++ b/2020/2xxx/CVE-2020-2559.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2559", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2559" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Siebel UI Framework", + "version":{ + "version_data":[ + { + "version_value":"19.7 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: UIF Open UI). Supported versions that are affected are 19.7 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2560.json b/2020/2xxx/CVE-2020-2560.json index 957d483fb26..32592a22921 100644 --- a/2020/2xxx/CVE-2020-2560.json +++ b/2020/2xxx/CVE-2020-2560.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2560", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2560" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Siebel UI Framework", + "version":{ + "version_data":[ + { + "version_value":"19.10 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2561.json b/2020/2xxx/CVE-2020-2561.json index 63a3a223e36..9b38cdd80cd 100644 --- a/2020/2xxx/CVE-2020-2561.json +++ b/2020/2xxx/CVE-2020-2561.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2561", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2561" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"PeopleSoft Enterprise HCM Human Resources", + "version":{ + "version_data":[ + { + "version_value":"9.2", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Company Dir / Org Chart Viewer). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2563.json b/2020/2xxx/CVE-2020-2563.json index 6df23557acc..0667f01c153 100644 --- a/2020/2xxx/CVE-2020-2563.json +++ b/2020/2xxx/CVE-2020-2563.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2563", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2563" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Hyperion Financial Close Management", + "version":{ + "version_data":[ + { + "version_value":"11.1.2.4", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Close Management accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Close Management accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2564.json b/2020/2xxx/CVE-2020-2564.json index 7fe20d68d34..335ac7222bf 100644 --- a/2020/2xxx/CVE-2020-2564.json +++ b/2020/2xxx/CVE-2020-2564.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2564", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2564" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Siebel UI Framework", + "version":{ + "version_data":[ + { + "version_value":"19.10 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2565.json b/2020/2xxx/CVE-2020-2565.json index 1c4c42a183b..a55610abb65 100644 --- a/2020/2xxx/CVE-2020-2565.json +++ b/2020/2xxx/CVE-2020-2565.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2565", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2565" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Solaris Operating System", + "version":{ + "version_data":[ + { + "version_value":"11", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Consolidation Infrastructure). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2566.json b/2020/2xxx/CVE-2020-2566.json index 9e521512523..504b9621b85 100644 --- a/2020/2xxx/CVE-2020-2566.json +++ b/2020/2xxx/CVE-2020-2566.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2566", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2566" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Applications Framework", + "version":{ + "version_data":[ + { + "version_value":"12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2567.json b/2020/2xxx/CVE-2020-2567.json index 541d6d356fe..a47b46691a0 100644 --- a/2020/2xxx/CVE-2020-2567.json +++ b/2020/2xxx/CVE-2020-2567.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2567", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2567" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Retail Customer Management and Segmentation Foundation", + "version":{ + "version_data":[ + { + "version_value":"18.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security). The supported version that is affected is 18.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2568.json b/2020/2xxx/CVE-2020-2568.json index bf90c7d410e..d7eea740f00 100644 --- a/2020/2xxx/CVE-2020-2568.json +++ b/2020/2xxx/CVE-2020-2568.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2568", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2568" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Database", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.2", + "version_affected":"=" + }, + { + "version_value":"12.2.0.1", + "version_affected":"=" + }, + { + "version_value":"18c", + "version_affected":"=" + }, + { + "version_value":"19c", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2569.json b/2020/2xxx/CVE-2020-2569.json index a69372f1df1..16ee81fb72d 100644 --- a/2020/2xxx/CVE-2020-2569.json +++ b/2020/2xxx/CVE-2020-2569.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2569", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2569" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"PL/SQL", + "version":{ + "version_data":[ + { + "version_value":"12.2.0.1", + "version_affected":"=" + }, + { + "version_value":"18c", + "version_affected":"=" + }, + { + "version_value":"19c", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2570.json b/2020/2xxx/CVE-2020-2570.json index 13129e165fc..6386293dce6 100644 --- a/2020/2xxx/CVE-2020-2570.json +++ b/2020/2xxx/CVE-2020-2570.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2570", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2570" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"5.7.28 and prior", + "version_affected":"=" + }, + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2571.json b/2020/2xxx/CVE-2020-2571.json index 4d9c2e82222..f3c37180341 100644 --- a/2020/2xxx/CVE-2020-2571.json +++ b/2020/2xxx/CVE-2020-2571.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2571", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2571" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"LDOMS", + "version":{ + "version_data":[ + { + "version_value":"3.6", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM Server for SPARC product of Oracle Systems (component: Templates). The supported version that is affected is 3.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM Server for SPARC executes to compromise Oracle VM Server for SPARC. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM Server for SPARC accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM Server for SPARC executes to compromise Oracle VM Server for SPARC. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM Server for SPARC accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2572.json b/2020/2xxx/CVE-2020-2572.json index f357c86ede2..3110b7c09de 100644 --- a/2020/2xxx/CVE-2020-2572.json +++ b/2020/2xxx/CVE-2020-2572.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2572", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2572" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"5.7.28 and prior", + "version_affected":"=" + }, + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2573.json b/2020/2xxx/CVE-2020-2573.json index 61c27e4f764..46b05f87ec9 100644 --- a/2020/2xxx/CVE-2020-2573.json +++ b/2020/2xxx/CVE-2020-2573.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2573", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2573" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"5.7.28 and prior", + "version_affected":"=" + }, + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2574.json b/2020/2xxx/CVE-2020-2574.json index 7e60a2b0f6b..4d89b02fe57 100644 --- a/2020/2xxx/CVE-2020-2574.json +++ b/2020/2xxx/CVE-2020-2574.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2574", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2574" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"5.6.46 and prior", + "version_affected":"=" + }, + { + "version_value":"5.7.28 and prior", + "version_affected":"=" + }, + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2576.json b/2020/2xxx/CVE-2020-2576.json index d712528aaad..ff735a6ab39 100644 --- a/2020/2xxx/CVE-2020-2576.json +++ b/2020/2xxx/CVE-2020-2576.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2576", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2576" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Outside In Technology", + "version":{ + "version_data":[ + { + "version_value":"8.5.4", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2577.json b/2020/2xxx/CVE-2020-2577.json index 629116b92da..f1569a4407a 100644 --- a/2020/2xxx/CVE-2020-2577.json +++ b/2020/2xxx/CVE-2020-2577.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2577", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2577" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"5.7.28 and prior", + "version_affected":"=" + }, + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2578.json b/2020/2xxx/CVE-2020-2578.json index 63adb36a885..ed4dfc4867f 100644 --- a/2020/2xxx/CVE-2020-2578.json +++ b/2020/2xxx/CVE-2020-2578.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2578", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2578" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Solaris Operating System", + "version":{ + "version_data":[ + { + "version_value":"11", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2579.json b/2020/2xxx/CVE-2020-2579.json index 9a7dc6972eb..002cc16bd57 100644 --- a/2020/2xxx/CVE-2020-2579.json +++ b/2020/2xxx/CVE-2020-2579.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2579", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2579" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"5.6.46 and prior", + "version_affected":"=" + }, + { + "version_value":"5.7.28 and prior", + "version_affected":"=" + }, + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2580.json b/2020/2xxx/CVE-2020-2580.json index a515dcdebc0..00f9ef49d1a 100644 --- a/2020/2xxx/CVE-2020-2580.json +++ b/2020/2xxx/CVE-2020-2580.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2580", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2580" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"8.0.17 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2581.json b/2020/2xxx/CVE-2020-2581.json index 42867e3502c..6cc9f391435 100644 --- a/2020/2xxx/CVE-2020-2581.json +++ b/2020/2xxx/CVE-2020-2581.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2581", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2581" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"GraalVM Enterprise Edition", + "version":{ + "version_data":[ + { + "version_value":"19.3.0.2", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.0 Base Score 4.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM Enterprise Edition." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2582.json b/2020/2xxx/CVE-2020-2582.json index 43512b63301..86d82bbfe8c 100644 --- a/2020/2xxx/CVE-2020-2582.json +++ b/2020/2xxx/CVE-2020-2582.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2582", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2582" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"iStore", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2583.json b/2020/2xxx/CVE-2020-2583.json index 907cdd83575..82e41035987 100644 --- a/2020/2xxx/CVE-2020-2583.json +++ b/2020/2xxx/CVE-2020-2583.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2583", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2583" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Java", + "version":{ + "version_data":[ + { + "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected":"=" + }, + { + "version_value":"Java SE Embedded: 8u231", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2584.json b/2020/2xxx/CVE-2020-2584.json index a5561451edd..5836fca7b7e 100644 --- a/2020/2xxx/CVE-2020-2584.json +++ b/2020/2xxx/CVE-2020-2584.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2584", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2584" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"5.7.28 and prior", + "version_affected":"=" + }, + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2585.json b/2020/2xxx/CVE-2020-2585.json index 72bcf36d9df..07517dafb0a 100644 --- a/2020/2xxx/CVE-2020-2585.json +++ b/2020/2xxx/CVE-2020-2585.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2585", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2585" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Java", + "version":{ + "version_data":[ + { + "version_value":"Java SE: 8u241", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2586.json b/2020/2xxx/CVE-2020-2586.json index e6f58099748..6a9c35f0bbd 100644 --- a/2020/2xxx/CVE-2020-2586.json +++ b/2020/2xxx/CVE-2020-2586.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2586", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2586" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Human Resources", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2587.json b/2020/2xxx/CVE-2020-2587.json index 394b921e690..64d379b34c5 100644 --- a/2020/2xxx/CVE-2020-2587.json +++ b/2020/2xxx/CVE-2020-2587.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2587", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2587" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Human Resources", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2588.json b/2020/2xxx/CVE-2020-2588.json index f25ce02ce0a..902f3991c42 100644 --- a/2020/2xxx/CVE-2020-2588.json +++ b/2020/2xxx/CVE-2020-2588.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2588", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2588" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2589.json b/2020/2xxx/CVE-2020-2589.json index 9bc86fd124d..e6168b3be8c 100644 --- a/2020/2xxx/CVE-2020-2589.json +++ b/2020/2xxx/CVE-2020-2589.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2589", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2589" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"5.7.28 and prior", + "version_affected":"=" + }, + { + "version_value":"8.0.17 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2590.json b/2020/2xxx/CVE-2020-2590.json index c9a267665c7..99050b1505d 100644 --- a/2020/2xxx/CVE-2020-2590.json +++ b/2020/2xxx/CVE-2020-2590.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2590", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2590" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Java", + "version":{ + "version_data":[ + { + "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected":"=" + }, + { + "version_value":"Java SE Embedded: 8u231", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2591.json b/2020/2xxx/CVE-2020-2591.json index 689bd7b3711..ec9d279ca17 100644 --- a/2020/2xxx/CVE-2020-2591.json +++ b/2020/2xxx/CVE-2020-2591.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2591", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2591" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Web Applications Desktop Integrator", + "version":{ + "version_data":[ + { + "version_value":"12.1.3", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Web Applications Desktop Integrator accessible data as well as unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Web Applications Desktop Integrator accessible data as well as unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2592.json b/2020/2xxx/CVE-2020-2592.json index 9af44e9a0eb..74f63535e9e 100644 --- a/2020/2xxx/CVE-2020-2592.json +++ b/2020/2xxx/CVE-2020-2592.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2592", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2592" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"AutoVue 3D Professional Advanced", + "version":{ + "version_data":[ + { + "version_value":"12.0.2", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security). The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2593.json b/2020/2xxx/CVE-2020-2593.json index 10016917e37..fb78fbe6594 100644 --- a/2020/2xxx/CVE-2020-2593.json +++ b/2020/2xxx/CVE-2020-2593.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2593", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2593" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Java", + "version":{ + "version_data":[ + { + "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected":"=" + }, + { + "version_value":"Java SE Embedded: 8u231", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2595.json b/2020/2xxx/CVE-2020-2595.json index 4578a75bc24..1ab2e30f05a 100644 --- a/2020/2xxx/CVE-2020-2595.json +++ b/2020/2xxx/CVE-2020-2595.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2595", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2595" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"GraalVM Enterprise Edition", + "version":{ + "version_data":[ + { + "version_value":"19.3.0.2", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.0 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2596.json b/2020/2xxx/CVE-2020-2596.json index 9074b4f910e..453f0795c53 100644 --- a/2020/2xxx/CVE-2020-2596.json +++ b/2020/2xxx/CVE-2020-2596.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2596", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2596" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"CRM Technical Foundation", + "version":{ + "version_data":[ + { + "version_value":"12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Message Hooks). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2597.json b/2020/2xxx/CVE-2020-2597.json index 8a53b342e96..a84137f19cd 100644 --- a/2020/2xxx/CVE-2020-2597.json +++ b/2020/2xxx/CVE-2020-2597.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2597", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2597" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"One-to-One Fulfillment", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Call Phone Number Page). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2598.json b/2020/2xxx/CVE-2020-2598.json index b15e7838cd9..3533590ce2e 100644 --- a/2020/2xxx/CVE-2020-2598.json +++ b/2020/2xxx/CVE-2020-2598.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2598", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2598" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"PeopleSoft Enterprise PT PeopleTools", + "version":{ + "version_data":[ + { + "version_value":"8.56", + "version_affected":"=" + }, + { + "version_value":"8.57", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Activity Guide). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2599.json b/2020/2xxx/CVE-2020-2599.json index 7cccf7bb33d..c75d399a110 100644 --- a/2020/2xxx/CVE-2020-2599.json +++ b/2020/2xxx/CVE-2020-2599.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2599", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2599" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Hospitality Cruise Materials Management", + "version":{ + "version_data":[ + { + "version_value":"7.30.567", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Hospitality Cruise Materials Management product of Oracle Hospitality Applications (component: MMS All). The supported version that is affected is 7.30.567. Difficult to exploit vulnerability allows physical access to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Materials Management accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows physical access to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Materials Management accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2600.json b/2020/2xxx/CVE-2020-2600.json index 2b63f3f7849..f1b622745f4 100644 --- a/2020/2xxx/CVE-2020-2600.json +++ b/2020/2xxx/CVE-2020-2600.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2600", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2600" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"PeopleSoft Enterprise PT PeopleTools", + "version":{ + "version_data":[ + { + "version_value":"8.56", + "version_affected":"=" + }, + { + "version_value":"8.57", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2601.json b/2020/2xxx/CVE-2020-2601.json index e39bacce309..7148255f004 100644 --- a/2020/2xxx/CVE-2020-2601.json +++ b/2020/2xxx/CVE-2020-2601.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2601", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2601" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Java", + "version":{ + "version_data":[ + { + "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected":"=" + }, + { + "version_value":"Java SE Embedded: 8u231", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2602.json b/2020/2xxx/CVE-2020-2602.json index e7328e179db..c60f27465a4 100644 --- a/2020/2xxx/CVE-2020-2602.json +++ b/2020/2xxx/CVE-2020-2602.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2602", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2602" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"PeopleSoft Enterprise PT PeopleTools", + "version":{ + "version_data":[ + { + "version_value":"8.56", + "version_affected":"=" + }, + { + "version_value":"8.57", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Tree Manager). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2603.json b/2020/2xxx/CVE-2020-2603.json index f1e2ea53918..c5d44a27599 100644 --- a/2020/2xxx/CVE-2020-2603.json +++ b/2020/2xxx/CVE-2020-2603.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2603", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2603" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Field Service", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Wireless). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Field Service accessible data as well as unauthorized read access to a subset of Oracle Field Service accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Field Service accessible data as well as unauthorized read access to a subset of Oracle Field Service accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2604.json b/2020/2xxx/CVE-2020-2604.json index f8c823421a9..3b0144c8640 100644 --- a/2020/2xxx/CVE-2020-2604.json +++ b/2020/2xxx/CVE-2020-2604.json @@ -1,18 +1,80 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2604", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2604" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"GraalVM Enterprise Edition", + "version":{ + "version_data":[ + { + "version_value":"19.3.0.2", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Java", + "version":{ + "version_data":[ + { + "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected":"=" + }, + { + "version_value":"Java SE Embedded: 8u231", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java). The supported version that is affected is 19.3.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition. Note: GraalVM Enterprise 19.3 and above includes both Java SE 8 and Java SE 11. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2605.json b/2020/2xxx/CVE-2020-2605.json index 6211b1e27a4..2be9251b6e8 100644 --- a/2020/2xxx/CVE-2020-2605.json +++ b/2020/2xxx/CVE-2020-2605.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2605", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2605" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Solaris Operating System", + "version":{ + "version_data":[ + { + "version_value":"11", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2606.json b/2020/2xxx/CVE-2020-2606.json index 5575cbb2de5..679a6b3a503 100644 --- a/2020/2xxx/CVE-2020-2606.json +++ b/2020/2xxx/CVE-2020-2606.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2606", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2606" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"PeopleSoft Enterprise PT PeopleTools", + "version":{ + "version_data":[ + { + "version_value":"8.56", + "version_affected":"=" + }, + { + "version_value":"8.57", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2607.json b/2020/2xxx/CVE-2020-2607.json index 0635c5ffc16..8537ed75fc9 100644 --- a/2020/2xxx/CVE-2020-2607.json +++ b/2020/2xxx/CVE-2020-2607.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2607", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2607" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"PeopleSoft Enterprise PT PeopleTools", + "version":{ + "version_data":[ + { + "version_value":"8.56", + "version_affected":"=" + }, + { + "version_value":"8.57", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2608.json b/2020/2xxx/CVE-2020-2608.json index 2650ffb1bdf..ce6205caf23 100644 --- a/2020/2xxx/CVE-2020-2608.json +++ b/2020/2xxx/CVE-2020-2608.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2608", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2608" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Repository). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2609.json b/2020/2xxx/CVE-2020-2609.json index 3d0262850c8..0448dc98d18 100644 --- a/2020/2xxx/CVE-2020-2609.json +++ b/2020/2xxx/CVE-2020-2609.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2609", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2609" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2610.json b/2020/2xxx/CVE-2020-2610.json index f6962ac02e8..37ef3827c53 100644 --- a/2020/2xxx/CVE-2020-2610.json +++ b/2020/2xxx/CVE-2020-2610.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2610", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2610" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2611.json b/2020/2xxx/CVE-2020-2611.json index 7a1e72dd085..1ced91f842c 100644 --- a/2020/2xxx/CVE-2020-2611.json +++ b/2020/2xxx/CVE-2020-2611.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2611", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2611" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2612.json b/2020/2xxx/CVE-2020-2612.json index c9294fd18be..6b3cb3388f9 100644 --- a/2020/2xxx/CVE-2020-2612.json +++ b/2020/2xxx/CVE-2020-2612.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2612", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2612" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2613.json b/2020/2xxx/CVE-2020-2613.json index c7647d89f90..237e2d39930 100644 --- a/2020/2xxx/CVE-2020-2613.json +++ b/2020/2xxx/CVE-2020-2613.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2613", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2613" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Global EM Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2614.json b/2020/2xxx/CVE-2020-2614.json index 9fdbce9d233..498663663e9 100644 --- a/2020/2xxx/CVE-2020-2614.json +++ b/2020/2xxx/CVE-2020-2614.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2614", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2614" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"APM - Application Performance Management", + "version":{ + "version_data":[ + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: APM Mesh). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Fusion Middleware accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Fusion Middleware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Fusion Middleware. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Fusion Middleware accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Fusion Middleware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Fusion Middleware." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2615.json b/2020/2xxx/CVE-2020-2615.json index a3a1bdce2ca..0fb73b17672 100644 --- a/2020/2xxx/CVE-2020-2615.json +++ b/2020/2xxx/CVE-2020-2615.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2615", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2615" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2616.json b/2020/2xxx/CVE-2020-2616.json index 8dfeb5a57f3..f7cf0c27815 100644 --- a/2020/2xxx/CVE-2020-2616.json +++ b/2020/2xxx/CVE-2020-2616.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2616", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2616" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Repository). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2617.json b/2020/2xxx/CVE-2020-2617.json index 31931734fe9..ded385130cb 100644 --- a/2020/2xxx/CVE-2020-2617.json +++ b/2020/2xxx/CVE-2020-2617.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2617", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2617" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2618.json b/2020/2xxx/CVE-2020-2618.json index d9fdd178adf..6b77def742b 100644 --- a/2020/2xxx/CVE-2020-2618.json +++ b/2020/2xxx/CVE-2020-2618.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2618", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2618" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2619.json b/2020/2xxx/CVE-2020-2619.json index 22893c1cf3e..bd55395b1f2 100644 --- a/2020/2xxx/CVE-2020-2619.json +++ b/2020/2xxx/CVE-2020-2619.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2619", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2619" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2620.json b/2020/2xxx/CVE-2020-2620.json index 101a708e896..7703a98bd95 100644 --- a/2020/2xxx/CVE-2020-2620.json +++ b/2020/2xxx/CVE-2020-2620.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2620", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2620" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2621.json b/2020/2xxx/CVE-2020-2621.json index 36847b0df9b..7f94581f2f9 100644 --- a/2020/2xxx/CVE-2020-2621.json +++ b/2020/2xxx/CVE-2020-2621.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2621", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2621" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2622.json b/2020/2xxx/CVE-2020-2622.json index 7b06c4fa460..9480ca56107 100644 --- a/2020/2xxx/CVE-2020-2622.json +++ b/2020/2xxx/CVE-2020-2622.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2622", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2622" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2623.json b/2020/2xxx/CVE-2020-2623.json index 8663ca3e972..6fac7e44f5d 100644 --- a/2020/2xxx/CVE-2020-2623.json +++ b/2020/2xxx/CVE-2020-2623.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2623", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2623" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metrics Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2624.json b/2020/2xxx/CVE-2020-2624.json index 3168d8aa2bd..12fc43272eb 100644 --- a/2020/2xxx/CVE-2020-2624.json +++ b/2020/2xxx/CVE-2020-2624.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2624", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2624" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2625.json b/2020/2xxx/CVE-2020-2625.json index 89f2dc88b1f..cd9963f28c9 100644 --- a/2020/2xxx/CVE-2020-2625.json +++ b/2020/2xxx/CVE-2020-2625.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2625", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2625" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2626.json b/2020/2xxx/CVE-2020-2626.json index b95b7931f32..a2466dc6bc5 100644 --- a/2020/2xxx/CVE-2020-2626.json +++ b/2020/2xxx/CVE-2020-2626.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2626", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2626" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Cloud Control Manager - OMS). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2627.json b/2020/2xxx/CVE-2020-2627.json index b65299cdb1f..7195091eb14 100644 --- a/2020/2xxx/CVE-2020-2627.json +++ b/2020/2xxx/CVE-2020-2627.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2627", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2627" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2628.json b/2020/2xxx/CVE-2020-2628.json index f3c24551a42..54dc05c231e 100644 --- a/2020/2xxx/CVE-2020-2628.json +++ b/2020/2xxx/CVE-2020-2628.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2628", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2628" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2629.json b/2020/2xxx/CVE-2020-2629.json index c656c0dba7b..419480d0dbd 100644 --- a/2020/2xxx/CVE-2020-2629.json +++ b/2020/2xxx/CVE-2020-2629.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2629", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2629" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2630.json b/2020/2xxx/CVE-2020-2630.json index 1622032de64..952d1a65680 100644 --- a/2020/2xxx/CVE-2020-2630.json +++ b/2020/2xxx/CVE-2020-2630.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2630", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2630" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2631.json b/2020/2xxx/CVE-2020-2631.json index c48139b38d1..dfa18a0fb15 100644 --- a/2020/2xxx/CVE-2020-2631.json +++ b/2020/2xxx/CVE-2020-2631.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2631", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2631" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2632.json b/2020/2xxx/CVE-2020-2632.json index 564e2cfaa0c..abaee4343e8 100644 --- a/2020/2xxx/CVE-2020-2632.json +++ b/2020/2xxx/CVE-2020-2632.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2632", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2632" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2633.json b/2020/2xxx/CVE-2020-2633.json index 365dd79ac24..474d7302204 100644 --- a/2020/2xxx/CVE-2020-2633.json +++ b/2020/2xxx/CVE-2020-2633.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2633", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2633" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2634.json b/2020/2xxx/CVE-2020-2634.json index 1ce7c23d8ad..f0c2677f558 100644 --- a/2020/2xxx/CVE-2020-2634.json +++ b/2020/2xxx/CVE-2020-2634.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2634", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2634" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Configuration Standard Framewk). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2635.json b/2020/2xxx/CVE-2020-2635.json index 02fcd3d2451..6607b002488 100644 --- a/2020/2xxx/CVE-2020-2635.json +++ b/2020/2xxx/CVE-2020-2635.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2635", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2635" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2636.json b/2020/2xxx/CVE-2020-2636.json index e715df34c74..a2e7a58d8b3 100644 --- a/2020/2xxx/CVE-2020-2636.json +++ b/2020/2xxx/CVE-2020-2636.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2636", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2636" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2637.json b/2020/2xxx/CVE-2020-2637.json index dfbdefcd2f0..c6c6a9d8580 100644 --- a/2020/2xxx/CVE-2020-2637.json +++ b/2020/2xxx/CVE-2020-2637.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2637", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2637" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager for Oracle Database", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Change Manager - web based). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2638.json b/2020/2xxx/CVE-2020-2638.json index 22fbf10cdc2..783b46a8b7b 100644 --- a/2020/2xxx/CVE-2020-2638.json +++ b/2020/2xxx/CVE-2020-2638.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2638", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2638" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2639.json b/2020/2xxx/CVE-2020-2639.json index 98d484c503b..462c5f637c7 100644 --- a/2020/2xxx/CVE-2020-2639.json +++ b/2020/2xxx/CVE-2020-2639.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2639", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2639" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2640.json b/2020/2xxx/CVE-2020-2640.json index 4cd0339ad4c..6750656041e 100644 --- a/2020/2xxx/CVE-2020-2640.json +++ b/2020/2xxx/CVE-2020-2640.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2640", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2640" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Target Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2641.json b/2020/2xxx/CVE-2020-2641.json index 7dee8f67e64..c13b39d832d 100644 --- a/2020/2xxx/CVE-2020-2641.json +++ b/2020/2xxx/CVE-2020-2641.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2641", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2641" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2642.json b/2020/2xxx/CVE-2020-2642.json index e67d2178888..38a19a94b6f 100644 --- a/2020/2xxx/CVE-2020-2642.json +++ b/2020/2xxx/CVE-2020-2642.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2642", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2642" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2643.json b/2020/2xxx/CVE-2020-2643.json index 7da989cd668..d85f02225e5 100644 --- a/2020/2xxx/CVE-2020-2643.json +++ b/2020/2xxx/CVE-2020-2643.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2643", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2643" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2644.json b/2020/2xxx/CVE-2020-2644.json index 3ee871cc374..c4af2a25e87 100644 --- a/2020/2xxx/CVE-2020-2644.json +++ b/2020/2xxx/CVE-2020-2644.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2644", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2644" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2645.json b/2020/2xxx/CVE-2020-2645.json index 049c59e16d1..c6973ee97ca 100644 --- a/2020/2xxx/CVE-2020-2645.json +++ b/2020/2xxx/CVE-2020-2645.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2645", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2645" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2646.json b/2020/2xxx/CVE-2020-2646.json index 7065b5ecdbf..5e2f9a3fbec 100644 --- a/2020/2xxx/CVE-2020-2646.json +++ b/2020/2xxx/CVE-2020-2646.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2646", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2646" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Command Line Interface). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2647.json b/2020/2xxx/CVE-2020-2647.json index 4647d6058ec..18c7040f2b8 100644 --- a/2020/2xxx/CVE-2020-2647.json +++ b/2020/2xxx/CVE-2020-2647.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2647", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2647" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Solaris Operating System", + "version":{ + "version_data":[ + { + "version_value":"10", + "version_affected":"=" + }, + { + "version_value":"11", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2648.json b/2020/2xxx/CVE-2020-2648.json index ab5e07baba9..be8c9bfaab1 100644 --- a/2020/2xxx/CVE-2020-2648.json +++ b/2020/2xxx/CVE-2020-2648.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2648", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2648" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Retail Customer Management and Segmentation Foundation", + "version":{ + "version_data":[ + { + "version_value":"16.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 16.0. Easily exploitable vulnerability allows physical access to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.0 Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows physical access to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Management and Segmentation Foundation." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2649.json b/2020/2xxx/CVE-2020-2649.json index e5335abb486..88f6a714106 100644 --- a/2020/2xxx/CVE-2020-2649.json +++ b/2020/2xxx/CVE-2020-2649.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2649", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2649" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Retail Customer Management and Segmentation Foundation", + "version":{ + "version_data":[ + { + "version_value":"16.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Customer Management and Segmentation Foundation executes to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Customer Management and Segmentation Foundation executes to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2650.json b/2020/2xxx/CVE-2020-2650.json index 175debdb0b3..24db2b6a16c 100644 --- a/2020/2xxx/CVE-2020-2650.json +++ b/2020/2xxx/CVE-2020-2650.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2650", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2650" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Retail Customer Management and Segmentation Foundation", + "version":{ + "version_data":[ + { + "version_value":"16.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2651.json b/2020/2xxx/CVE-2020-2651.json index 21904f0799a..cf03c00ddf8 100644 --- a/2020/2xxx/CVE-2020-2651.json +++ b/2020/2xxx/CVE-2020-2651.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2651", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2651" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"CRM Technical Foundation", + "version":{ + "version_data":[ + { + "version_value":"12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2652.json b/2020/2xxx/CVE-2020-2652.json index 6004533885b..3835a372f12 100644 --- a/2020/2xxx/CVE-2020-2652.json +++ b/2020/2xxx/CVE-2020-2652.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2652", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2652" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"CRM Technical Foundation", + "version":{ + "version_data":[ + { + "version_value":"12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2653.json b/2020/2xxx/CVE-2020-2653.json index 0074d6706bb..4c4cd24a23a 100644 --- a/2020/2xxx/CVE-2020-2653.json +++ b/2020/2xxx/CVE-2020-2653.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2653", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2653" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"CRM Technical Foundation", + "version":{ + "version_data":[ + { + "version_value":"12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2654.json b/2020/2xxx/CVE-2020-2654.json index b488036e190..b71e25f74aa 100644 --- a/2020/2xxx/CVE-2020-2654.json +++ b/2020/2xxx/CVE-2020-2654.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2654", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2654" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Java", + "version":{ + "version_data":[ + { + "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2655.json b/2020/2xxx/CVE-2020-2655.json index e09043f1c82..3109c876686 100644 --- a/2020/2xxx/CVE-2020-2655.json +++ b/2020/2xxx/CVE-2020-2655.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2655", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2655" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Java", + "version":{ + "version_data":[ + { + "version_value":"Java SE: 11.0.5, 13.0.1", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2656.json b/2020/2xxx/CVE-2020-2656.json index ed4b4596442..312e3238bc0 100644 --- a/2020/2xxx/CVE-2020-2656.json +++ b/2020/2xxx/CVE-2020-2656.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2656", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2656" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Solaris Operating System", + "version":{ + "version_data":[ + { + "version_value":"10", + "version_affected":"=" + }, + { + "version_value":"11", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: X Window System). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2657.json b/2020/2xxx/CVE-2020-2657.json index b90ea9a7156..48692a18b72 100644 --- a/2020/2xxx/CVE-2020-2657.json +++ b/2020/2xxx/CVE-2020-2657.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2657", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2657" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"CRM Technical Foundation", + "version":{ + "version_data":[ + { + "version_value":"12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2658.json b/2020/2xxx/CVE-2020-2658.json index 20ee8781c72..c4d76b33d98 100644 --- a/2020/2xxx/CVE-2020-2658.json +++ b/2020/2xxx/CVE-2020-2658.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2658", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2658" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"iSupport", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2659.json b/2020/2xxx/CVE-2020-2659.json index 24c2cce17f9..9ae924c19f0 100644 --- a/2020/2xxx/CVE-2020-2659.json +++ b/2020/2xxx/CVE-2020-2659.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2659", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2659" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Java", + "version":{ + "version_data":[ + { + "version_value":"Java SE: 7u241, 8u231", + "version_affected":"=" + }, + { + "version_value":"Java SE Embedded: 8u231", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2660.json b/2020/2xxx/CVE-2020-2660.json index 87586156ba1..c4b7aa74bfb 100644 --- a/2020/2xxx/CVE-2020-2660.json +++ b/2020/2xxx/CVE-2020-2660.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2660", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2660" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"5.7.28 and prior", + "version_affected":"=" + }, + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2661.json b/2020/2xxx/CVE-2020-2661.json index d861406d731..ca36679f934 100644 --- a/2020/2xxx/CVE-2020-2661.json +++ b/2020/2xxx/CVE-2020-2661.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2661", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2661" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"iSupport", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2662.json b/2020/2xxx/CVE-2020-2662.json index db7f626b78b..fb4d1aff558 100644 --- a/2020/2xxx/CVE-2020-2662.json +++ b/2020/2xxx/CVE-2020-2662.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2662", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2662" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"iSupport", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2663.json b/2020/2xxx/CVE-2020-2663.json index 005e0334da2..c307b9cef51 100644 --- a/2020/2xxx/CVE-2020-2663.json +++ b/2020/2xxx/CVE-2020-2663.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2663", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2663" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"PeopleSoft Enterprise PT PeopleTools", + "version":{ + "version_data":[ + { + "version_value":"8.56", + "version_affected":"=" + }, + { + "version_value":"8.57", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2664.json b/2020/2xxx/CVE-2020-2664.json index 52b9f211e65..a191ec25d53 100644 --- a/2020/2xxx/CVE-2020-2664.json +++ b/2020/2xxx/CVE-2020-2664.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2664", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2664" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Solaris Operating System", + "version":{ + "version_data":[ + { + "version_value":"11", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2665.json b/2020/2xxx/CVE-2020-2665.json index f6de7346bfb..fb1c491baf8 100644 --- a/2020/2xxx/CVE-2020-2665.json +++ b/2020/2xxx/CVE-2020-2665.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2665", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2665" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"iSupport", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2666.json b/2020/2xxx/CVE-2020-2666.json index f5993d59556..10bc1649e53 100644 --- a/2020/2xxx/CVE-2020-2666.json +++ b/2020/2xxx/CVE-2020-2666.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2666", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2666" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Applications Framework", + "version":{ + "version_data":[ + { + "version_value":"12.2.5-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2667.json b/2020/2xxx/CVE-2020-2667.json index e40021500b7..fc3b2f086c8 100644 --- a/2020/2xxx/CVE-2020-2667.json +++ b/2020/2xxx/CVE-2020-2667.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2667", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2667" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"iSupport", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2668.json b/2020/2xxx/CVE-2020-2668.json index c1a2127a794..be9752a7f54 100644 --- a/2020/2xxx/CVE-2020-2668.json +++ b/2020/2xxx/CVE-2020-2668.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2668", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2668" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"iSupport", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2669.json b/2020/2xxx/CVE-2020-2669.json index 37e424a7493..2e3c7ea7eb9 100644 --- a/2020/2xxx/CVE-2020-2669.json +++ b/2020/2xxx/CVE-2020-2669.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2669", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2669" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Email Center", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2670.json b/2020/2xxx/CVE-2020-2670.json index 24fc0e4deb1..2ea33832137 100644 --- a/2020/2xxx/CVE-2020-2670.json +++ b/2020/2xxx/CVE-2020-2670.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2670", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2670" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Email Center", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2671.json b/2020/2xxx/CVE-2020-2671.json index 6575e0f9d9f..f13f4235099 100644 --- a/2020/2xxx/CVE-2020-2671.json +++ b/2020/2xxx/CVE-2020-2671.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2671", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2671" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Email Center", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2672.json b/2020/2xxx/CVE-2020-2672.json index 7fdc93868f7..ebc29adda1f 100644 --- a/2020/2xxx/CVE-2020-2672.json +++ b/2020/2xxx/CVE-2020-2672.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2672", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2672" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Email Center", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2673.json b/2020/2xxx/CVE-2020-2673.json index cf95d360da0..96acee027d2 100644 --- a/2020/2xxx/CVE-2020-2673.json +++ b/2020/2xxx/CVE-2020-2673.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2673", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2673" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Application Testing Suite", + "version":{ + "version_data":[ + { + "version_value":"12.5.0.3", + "version_affected":"=" + }, + { + "version_value":"13.1.0.1", + "version_affected":"=" + }, + { + "version_value":"13.2.0.1", + "version_affected":"=" + }, + { + "version_value":"13.3.0.1", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Oracle Flow Builder). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2674.json b/2020/2xxx/CVE-2020-2674.json index 1b3e735e822..85d2d865a67 100644 --- a/2020/2xxx/CVE-2020-2674.json +++ b/2020/2xxx/CVE-2020-2674.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2674", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2674" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2675.json b/2020/2xxx/CVE-2020-2675.json index c161a4c556e..b3d86e0276c 100644 --- a/2020/2xxx/CVE-2020-2675.json +++ b/2020/2xxx/CVE-2020-2675.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2675", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2675" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Hospitality OPERA 5 Property Services", + "version":{ + "version_data":[ + { + "version_value":"5.5", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login). The supported version that is affected is 5.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2676.json b/2020/2xxx/CVE-2020-2676.json index dc0fce98f2b..7d87b340e7a 100644 --- a/2020/2xxx/CVE-2020-2676.json +++ b/2020/2xxx/CVE-2020-2676.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2676", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2676" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Hospitality OPERA 5 Property Services", + "version":{ + "version_data":[ + { + "version_value":"5.5", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Printing). The supported version that is affected is 5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data as well as unauthorized read access to a subset of Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data as well as unauthorized read access to a subset of Oracle Hospitality OPERA 5 accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2677.json b/2020/2xxx/CVE-2020-2677.json index aca9420fde7..4f293dd4e60 100644 --- a/2020/2xxx/CVE-2020-2677.json +++ b/2020/2xxx/CVE-2020-2677.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2677", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2677" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Hospitality OPERA 5 Property Services", + "version":{ + "version_data":[ + { + "version_value":"5.5", + "version_affected":"=" + }, + { + "version_value":"5.6", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2678.json b/2020/2xxx/CVE-2020-2678.json index 4e588dd80a1..4bcbb357308 100644 --- a/2020/2xxx/CVE-2020-2678.json +++ b/2020/2xxx/CVE-2020-2678.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2678", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2678" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2679.json b/2020/2xxx/CVE-2020-2679.json index d07dd02b4ac..510c94b8403 100644 --- a/2020/2xxx/CVE-2020-2679.json +++ b/2020/2xxx/CVE-2020-2679.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2679", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2679" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2680.json b/2020/2xxx/CVE-2020-2680.json index 9a773a32db7..6b6e1a3bf38 100644 --- a/2020/2xxx/CVE-2020-2680.json +++ b/2020/2xxx/CVE-2020-2680.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2680", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2680" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Solaris Operating System", + "version":{ + "version_data":[ + { + "version_value":"11", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2681.json b/2020/2xxx/CVE-2020-2681.json index ce6240e364b..ab16d65d948 100644 --- a/2020/2xxx/CVE-2020-2681.json +++ b/2020/2xxx/CVE-2020-2681.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2681", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2681" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2682.json b/2020/2xxx/CVE-2020-2682.json index 679aea94f7f..1cc7251998f 100644 --- a/2020/2xxx/CVE-2020-2682.json +++ b/2020/2xxx/CVE-2020-2682.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2682", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2682" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2683.json b/2020/2xxx/CVE-2020-2683.json index fd4a3ec2b56..7194c48248d 100644 --- a/2020/2xxx/CVE-2020-2683.json +++ b/2020/2xxx/CVE-2020-2683.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2683", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2683" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"FLEXCUBE Universal Banking", + "version":{ + "version_data":[ + { + "version_value":"12.0.1-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2684.json b/2020/2xxx/CVE-2020-2684.json index 41bfcf31b97..dbf527edcc8 100644 --- a/2020/2xxx/CVE-2020-2684.json +++ b/2020/2xxx/CVE-2020-2684.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2684", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2684" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"FLEXCUBE Universal Banking", + "version":{ + "version_data":[ + { + "version_value":"12.0.1-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2685.json b/2020/2xxx/CVE-2020-2685.json index b6ebfec4a5d..89b9a4b00bb 100644 --- a/2020/2xxx/CVE-2020-2685.json +++ b/2020/2xxx/CVE-2020-2685.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2685", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2685" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"FLEXCUBE Universal Banking", + "version":{ + "version_data":[ + { + "version_value":"12.0.1-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2686.json b/2020/2xxx/CVE-2020-2686.json index 97f0bb481a8..1b1307a04ff 100644 --- a/2020/2xxx/CVE-2020-2686.json +++ b/2020/2xxx/CVE-2020-2686.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2686", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2686" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2687.json b/2020/2xxx/CVE-2020-2687.json index 254c78b19e7..397b6038991 100644 --- a/2020/2xxx/CVE-2020-2687.json +++ b/2020/2xxx/CVE-2020-2687.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2687", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2687" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"PeopleSoft Enterprise PT PeopleTools", + "version":{ + "version_data":[ + { + "version_value":"8.56", + "version_affected":"=" + }, + { + "version_value":"8.57", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2688.json b/2020/2xxx/CVE-2020-2688.json index 73c6944b708..8122c9744f4 100644 --- a/2020/2xxx/CVE-2020-2688.json +++ b/2020/2xxx/CVE-2020-2688.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2688", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2688" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Financial Services Analytical Applications Infrastructure", + "version":{ + "version_data":[ + { + "version_value":"8.0.4-8.0.8", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Object Migration). Supported versions that are affected are 8.0.4-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2689.json b/2020/2xxx/CVE-2020-2689.json index eb23e7880c0..6028067924e 100644 --- a/2020/2xxx/CVE-2020-2689.json +++ b/2020/2xxx/CVE-2020-2689.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2689", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2689" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2690.json b/2020/2xxx/CVE-2020-2690.json index a71d83d00ad..5f517d46d10 100644 --- a/2020/2xxx/CVE-2020-2690.json +++ b/2020/2xxx/CVE-2020-2690.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2690", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2690" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2691.json b/2020/2xxx/CVE-2020-2691.json index 29a43c96def..04af7c6f463 100644 --- a/2020/2xxx/CVE-2020-2691.json +++ b/2020/2xxx/CVE-2020-2691.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2691", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2691" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2692.json b/2020/2xxx/CVE-2020-2692.json index c097dd0a5a3..2159da124f7 100644 --- a/2020/2xxx/CVE-2020-2692.json +++ b/2020/2xxx/CVE-2020-2692.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2692", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2692" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2693.json b/2020/2xxx/CVE-2020-2693.json index a836731e7b9..e3e144d3cb3 100644 --- a/2020/2xxx/CVE-2020-2693.json +++ b/2020/2xxx/CVE-2020-2693.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2693", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2693" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2694.json b/2020/2xxx/CVE-2020-2694.json index f1f4c533f23..da640a73de9 100644 --- a/2020/2xxx/CVE-2020-2694.json +++ b/2020/2xxx/CVE-2020-2694.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2694", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2694" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2695.json b/2020/2xxx/CVE-2020-2695.json index f1b327ccca1..0d4a3220546 100644 --- a/2020/2xxx/CVE-2020-2695.json +++ b/2020/2xxx/CVE-2020-2695.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2695", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2695" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"PeopleSoft Enterprise CC Common Application Objects", + "version":{ + "version_data":[ + { + "version_value":"9.1", + "version_affected":"=" + }, + { + "version_value":"9.2", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Approval Framework). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2696.json b/2020/2xxx/CVE-2020-2696.json index 7949adc47b0..fb3ce2fd944 100644 --- a/2020/2xxx/CVE-2020-2696.json +++ b/2020/2xxx/CVE-2020-2696.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2696", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2696" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Solaris Operating System", + "version":{ + "version_data":[ + { + "version_value":"10", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2697.json b/2020/2xxx/CVE-2020-2697.json index 018b74aea3a..fb27c1e0181 100644 --- a/2020/2xxx/CVE-2020-2697.json +++ b/2020/2xxx/CVE-2020-2697.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2697", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2697" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Hospitality Suites Management", + "version":{ + "version_data":[ + { + "version_value":"3.7", + "version_affected":"=" + }, + { + "version_value":"3.8", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Hospitality Suites Management component of Oracle Food and Beverage Applications. Supported versions that are affected are 3.7 and 3.8. Easily exploitable vulnerability allows physical access to compromise Oracle Hospitality Suites Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suites Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suites Management accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows physical access to compromise Oracle Hospitality Suites Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suites Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suites Management accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2698.json b/2020/2xxx/CVE-2020-2698.json index 090e675bd9f..59db7dd9512 100644 --- a/2020/2xxx/CVE-2020-2698.json +++ b/2020/2xxx/CVE-2020-2698.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2698", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2698" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2699.json b/2020/2xxx/CVE-2020-2699.json index 177944f6fd5..f2aceb74b8c 100644 --- a/2020/2xxx/CVE-2020-2699.json +++ b/2020/2xxx/CVE-2020-2699.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2699", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2699" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"FLEXCUBE Universal Banking", + "version":{ + "version_data":[ + { + "version_value":"12.0.1-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2700.json b/2020/2xxx/CVE-2020-2700.json index b32b5feb6c3..7256a3e329f 100644 --- a/2020/2xxx/CVE-2020-2700.json +++ b/2020/2xxx/CVE-2020-2700.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2700", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2700" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"FLEXCUBE Universal Banking", + "version":{ + "version_data":[ + { + "version_value":"12.0.1-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2701.json b/2020/2xxx/CVE-2020-2701.json index 4322958dc97..a247ee7ec6d 100644 --- a/2020/2xxx/CVE-2020-2701.json +++ b/2020/2xxx/CVE-2020-2701.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2701", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2701" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2702.json b/2020/2xxx/CVE-2020-2702.json index 92dcf28a0e0..e61e95e06e8 100644 --- a/2020/2xxx/CVE-2020-2702.json +++ b/2020/2xxx/CVE-2020-2702.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2702", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2702" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2703.json b/2020/2xxx/CVE-2020-2703.json index f5a74e2845f..adaf8bd7311 100644 --- a/2020/2xxx/CVE-2020-2703.json +++ b/2020/2xxx/CVE-2020-2703.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2703", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2703" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36 and prior to 6.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2704.json b/2020/2xxx/CVE-2020-2704.json index de2b69333e6..49735f48a0b 100644 --- a/2020/2xxx/CVE-2020-2704.json +++ b/2020/2xxx/CVE-2020-2704.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2704", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2704" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2705.json b/2020/2xxx/CVE-2020-2705.json index 7ad52e2bdf1..4caf43a0c27 100644 --- a/2020/2xxx/CVE-2020-2705.json +++ b/2020/2xxx/CVE-2020-2705.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2705", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2705" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2707.json b/2020/2xxx/CVE-2020-2707.json index a8e60a53240..fdb357394aa 100644 --- a/2020/2xxx/CVE-2020-2707.json +++ b/2020/2xxx/CVE-2020-2707.json @@ -1,18 +1,76 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2707", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2707" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Primavera P6 Enterprise Project Portfolio Management", + "version":{ + "version_data":[ + { + "version_value":"15.1.0.0-15.2.18.7", + "version_affected":"=" + }, + { + "version_value":"16.1.0.0-16.2.19.0", + "version_affected":"=" + }, + { + "version_value":"17.1.0.0-17.12.16.0", + "version_affected":"=" + }, + { + "version_value":"18.1.0.0-18.8.16.0", + "version_affected":"=" + }, + { + "version_value":"19.12.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: WebAccess). Supported versions that are affected are 15.1.0.0-15.2.18.7, 16.1.0.0-16.2.19.0, 17.1.0.0-17.12.16.0, 18.1.0.0-18.8.16.0 and 19.12.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2709.json b/2020/2xxx/CVE-2020-2709.json index a6d28bdde6b..a310fc13d4d 100644 --- a/2020/2xxx/CVE-2020-2709.json +++ b/2020/2xxx/CVE-2020-2709.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2709", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2709" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"iLearning", + "version":{ + "version_data":[ + { + "version_value":"6.1", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle iLearning product of Oracle iLearning (component: Learner Pages). The supported version that is affected is 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iLearning accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iLearning accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2710.json b/2020/2xxx/CVE-2020-2710.json index 2df55063f4d..59fb17a62ad 100644 --- a/2020/2xxx/CVE-2020-2710.json +++ b/2020/2xxx/CVE-2020-2710.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2710", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2710" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Banking Payments", + "version":{ + "version_data":[ + { + "version_value":"14.1.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2711.json b/2020/2xxx/CVE-2020-2711.json index 90803be483d..0a6b24f53bc 100644 --- a/2020/2xxx/CVE-2020-2711.json +++ b/2020/2xxx/CVE-2020-2711.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2711", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2711" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Banking Payments", + "version":{ + "version_data":[ + { + "version_value":"14.1.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2712.json b/2020/2xxx/CVE-2020-2712.json index 38e3a0a0cd0..9d4e37a02bc 100644 --- a/2020/2xxx/CVE-2020-2712.json +++ b/2020/2xxx/CVE-2020-2712.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2712", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2712" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Banking Payments", + "version":{ + "version_data":[ + { + "version_value":"14.1.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2713.json b/2020/2xxx/CVE-2020-2713.json index 5b89a9c8dfe..f5127e4a841 100644 --- a/2020/2xxx/CVE-2020-2713.json +++ b/2020/2xxx/CVE-2020-2713.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2713", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2713" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Banking Payments", + "version":{ + "version_data":[ + { + "version_value":"14.1.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2714.json b/2020/2xxx/CVE-2020-2714.json index d42f4697cc3..8ba0833a5e8 100644 --- a/2020/2xxx/CVE-2020-2714.json +++ b/2020/2xxx/CVE-2020-2714.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2714", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2714" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Banking Payments", + "version":{ + "version_data":[ + { + "version_value":"14.1.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2715.json b/2020/2xxx/CVE-2020-2715.json index 6221fbf666f..33931639956 100644 --- a/2020/2xxx/CVE-2020-2715.json +++ b/2020/2xxx/CVE-2020-2715.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2715", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2715" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Banking Corporate Lending", + "version":{ + "version_data":[ + { + "version_value":"12.3.0-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2716.json b/2020/2xxx/CVE-2020-2716.json index 58bf2a5b0b8..cc6d97aa61f 100644 --- a/2020/2xxx/CVE-2020-2716.json +++ b/2020/2xxx/CVE-2020-2716.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2716", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2716" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Banking Corporate Lending", + "version":{ + "version_data":[ + { + "version_value":"12.3.0-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2717.json b/2020/2xxx/CVE-2020-2717.json index 60a32207903..fff252b6389 100644 --- a/2020/2xxx/CVE-2020-2717.json +++ b/2020/2xxx/CVE-2020-2717.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2717", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2717" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Banking Corporate Lending", + "version":{ + "version_data":[ + { + "version_value":"12.3.0-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2718.json b/2020/2xxx/CVE-2020-2718.json index fdf08f4fb88..2eba684b1a6 100644 --- a/2020/2xxx/CVE-2020-2718.json +++ b/2020/2xxx/CVE-2020-2718.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2718", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2718" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Banking Corporate Lending", + "version":{ + "version_data":[ + { + "version_value":"12.3.0-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2719.json b/2020/2xxx/CVE-2020-2719.json index 4b6066f9c6e..b8c79b816a9 100644 --- a/2020/2xxx/CVE-2020-2719.json +++ b/2020/2xxx/CVE-2020-2719.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2719", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2719" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Banking Corporate Lending", + "version":{ + "version_data":[ + { + "version_value":"12.3.0-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2720.json b/2020/2xxx/CVE-2020-2720.json index 01f83799dd3..38fb0ee79ea 100644 --- a/2020/2xxx/CVE-2020-2720.json +++ b/2020/2xxx/CVE-2020-2720.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2720", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2720" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"FLEXCUBE Investor Servicing", + "version":{ + "version_data":[ + { + "version_value":"12.1.0-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.1.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2721.json b/2020/2xxx/CVE-2020-2721.json index 5332e2d203e..009ac31f2db 100644 --- a/2020/2xxx/CVE-2020-2721.json +++ b/2020/2xxx/CVE-2020-2721.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2721", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2721" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"FLEXCUBE Investor Servicing", + "version":{ + "version_data":[ + { + "version_value":"12.1.0-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.1.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2722.json b/2020/2xxx/CVE-2020-2722.json index d09cb4f912d..5a6b64efe13 100644 --- a/2020/2xxx/CVE-2020-2722.json +++ b/2020/2xxx/CVE-2020-2722.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2722", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2722" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"FLEXCUBE Investor Servicing", + "version":{ + "version_data":[ + { + "version_value":"12.1.0-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.1.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2723.json b/2020/2xxx/CVE-2020-2723.json index aa1bcdc5be9..ab545b21a36 100644 --- a/2020/2xxx/CVE-2020-2723.json +++ b/2020/2xxx/CVE-2020-2723.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2723", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2723" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"FLEXCUBE Investor Servicing", + "version":{ + "version_data":[ + { + "version_value":"12.1.0-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.1.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2724.json b/2020/2xxx/CVE-2020-2724.json index cb54c954b51..b7f2aa3a9bb 100644 --- a/2020/2xxx/CVE-2020-2724.json +++ b/2020/2xxx/CVE-2020-2724.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2724", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2724" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"FLEXCUBE Investor Servicing", + "version":{ + "version_data":[ + { + "version_value":"12.1.0-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.1.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2725.json b/2020/2xxx/CVE-2020-2725.json index 6564f61fb8b..55d01d74f2d 100644 --- a/2020/2xxx/CVE-2020-2725.json +++ b/2020/2xxx/CVE-2020-2725.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2725", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2725" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2726.json b/2020/2xxx/CVE-2020-2726.json index 2f13fbc2cdd..70a2d6bcd32 100644 --- a/2020/2xxx/CVE-2020-2726.json +++ b/2020/2xxx/CVE-2020-2726.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2726", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2726" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2727.json b/2020/2xxx/CVE-2020-2727.json index 151c17c8dc8..ad7720145b1 100644 --- a/2020/2xxx/CVE-2020-2727.json +++ b/2020/2xxx/CVE-2020-2727.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2727", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2727" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2728.json b/2020/2xxx/CVE-2020-2728.json index b52017133de..8e4c3549c43 100644 --- a/2020/2xxx/CVE-2020-2728.json +++ b/2020/2xxx/CVE-2020-2728.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2728", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2728" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Identity Manager", + "version":{ + "version_data":[ + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM - LDAP user and role Synch). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2729.json b/2020/2xxx/CVE-2020-2729.json index 47a7a076079..419b6ab03a4 100644 --- a/2020/2xxx/CVE-2020-2729.json +++ b/2020/2xxx/CVE-2020-2729.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2729", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2729" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Identity Manager", + "version":{ + "version_data":[ + { + "version_value":"11.1.2.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Advanced Console). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Identity Manager accessible data as well as unauthorized read access to a subset of Identity Manager accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Identity Manager accessible data as well as unauthorized read access to a subset of Identity Manager accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2730.json b/2020/2xxx/CVE-2020-2730.json index 1801c27918f..2c6d0c491b9 100644 --- a/2020/2xxx/CVE-2020-2730.json +++ b/2020/2xxx/CVE-2020-2730.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2730", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2730" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Financial Services Revenue Management and Billing", + "version":{ + "version_data":[ + { + "version_value":"2.7.0.0", + "version_affected":"=" + }, + { + "version_value":"2.7.0.1", + "version_affected":"=" + }, + { + "version_value":"2.8.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: File Upload). Supported versions that are affected are 2.7.0.0, 2.7.0.1 and 2.8.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2731.json b/2020/2xxx/CVE-2020-2731.json index a31ab3589fb..0d5d96a3c44 100644 --- a/2020/2xxx/CVE-2020-2731.json +++ b/2020/2xxx/CVE-2020-2731.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2731", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2731" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Database", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.2", + "version_affected":"=" + }, + { + "version_value":"12.2.0.1", + "version_affected":"=" + }, + { + "version_value":"18c", + "version_affected":"=" + }, + { + "version_value":"19c", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file From 20e4f80bb0386ef1c97cde9d6dfe1274cc6e8398 Mon Sep 17 00:00:00 2001 From: bsitu <33327536+bsitu@users.noreply.github.com> Date: Tue, 14 Jan 2020 15:45:59 -0800 Subject: [PATCH 069/387] Update CVE-2019-2725.json --- 2019/2xxx/CVE-2019-2725.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2019/2xxx/CVE-2019-2725.json b/2019/2xxx/CVE-2019-2725.json index 60ff7f28db6..6d30348f41e 100644 --- a/2019/2xxx/CVE-2019-2725.json +++ b/2019/2xxx/CVE-2019-2725.json @@ -98,10 +98,10 @@ "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" - }. + }, { "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } -} \ No newline at end of file +} From cfaacf22fac5926c2b2476e0889e7ca85bfae3e9 Mon Sep 17 00:00:00 2001 From: Bill Situ Date: Tue, 14 Jan 2020 15:46:23 -0800 Subject: [PATCH 070/387] Bill Situ Oracle Critical Patch Update - January 2020 This update contains updated third party CVEs On branch cna/Oracle/CPU2020Jan3rdPartyCVEs Changes to be committed: modified: 2014/3xxx/CVE-2014-3004.json modified: 2014/3xxx/CVE-2014-3596.json modified: 2015/9xxx/CVE-2015-9251.json modified: 2016/0xxx/CVE-2016-0701.json modified: 2016/1000xxx/CVE-2016-1000031.json modified: 2016/1xxx/CVE-2016-1181.json modified: 2016/1xxx/CVE-2016-1182.json modified: 2016/2xxx/CVE-2016-2183.json modified: 2016/4xxx/CVE-2016-4000.json modified: 2016/5xxx/CVE-2016-5019.json modified: 2016/6xxx/CVE-2016-6306.json modified: 2016/6xxx/CVE-2016-6814.json modified: 2016/8xxx/CVE-2016-8610.json modified: 2017/1000xxx/CVE-2017-1000376.json modified: 2017/12xxx/CVE-2017-12626.json modified: 2017/14xxx/CVE-2017-14735.json modified: 2017/15xxx/CVE-2017-15708.json modified: 2017/15xxx/CVE-2017-15906.json modified: 2017/5xxx/CVE-2017-5645.json modified: 2018/0xxx/CVE-2018-0734.json modified: 2018/0xxx/CVE-2018-0735.json modified: 2018/1000xxx/CVE-2018-1000030.json modified: 2018/11xxx/CVE-2018-11039.json modified: 2018/11xxx/CVE-2018-11040.json modified: 2018/11xxx/CVE-2018-11054.json modified: 2018/11xxx/CVE-2018-11055.json modified: 2018/11xxx/CVE-2018-11056.json modified: 2018/11xxx/CVE-2018-11057.json modified: 2018/11xxx/CVE-2018-11058.json modified: 2018/11xxx/CVE-2018-11307.json modified: 2018/11xxx/CVE-2018-11759.json modified: 2018/11xxx/CVE-2018-11784.json modified: 2018/14xxx/CVE-2018-14718.json modified: 2018/15xxx/CVE-2018-15473.json modified: 2018/15xxx/CVE-2018-15756.json modified: 2018/15xxx/CVE-2018-15769.json modified: 2018/16xxx/CVE-2018-16395.json modified: 2018/17xxx/CVE-2018-17189.json modified: 2018/19xxx/CVE-2018-19362.json modified: 2018/1xxx/CVE-2018-1060.json modified: 2018/1xxx/CVE-2018-1257.json modified: 2018/1xxx/CVE-2018-1258.json modified: 2018/20xxx/CVE-2018-20684.json modified: 2018/5xxx/CVE-2018-5407.json modified: 2018/6xxx/CVE-2018-6829.json modified: 2018/8xxx/CVE-2018-8032.json modified: 2018/8xxx/CVE-2018-8039.json modified: 2019/0xxx/CVE-2019-0199.json modified: 2019/0xxx/CVE-2019-0215.json modified: 2019/0xxx/CVE-2019-0221.json modified: 2019/0xxx/CVE-2019-0227.json modified: 2019/0xxx/CVE-2019-0232.json modified: 2019/10xxx/CVE-2019-10072.json modified: 2019/10xxx/CVE-2019-10086.json modified: 2019/10xxx/CVE-2019-10088.json modified: 2019/10xxx/CVE-2019-10092.json modified: 2019/10xxx/CVE-2019-10093.json modified: 2019/10xxx/CVE-2019-10094.json modified: 2019/10xxx/CVE-2019-10098.json modified: 2019/10xxx/CVE-2019-10246.json modified: 2019/10xxx/CVE-2019-10247.json modified: 2019/11xxx/CVE-2019-11358.json modified: 2019/11xxx/CVE-2019-11477.json modified: 2019/11xxx/CVE-2019-11478.json modified: 2019/11xxx/CVE-2019-11479.json modified: 2019/12xxx/CVE-2019-12086.json modified: 2019/12xxx/CVE-2019-12384.json modified: 2019/12xxx/CVE-2019-12406.json modified: 2019/12xxx/CVE-2019-12415.json modified: 2019/12xxx/CVE-2019-12419.json modified: 2019/12xxx/CVE-2019-12814.json modified: 2019/13xxx/CVE-2019-13117.json modified: 2019/13xxx/CVE-2019-13118.json modified: 2019/14xxx/CVE-2019-14379.json modified: 2019/14xxx/CVE-2019-14439.json modified: 2019/14xxx/CVE-2019-14540.json modified: 2019/15xxx/CVE-2019-15845.json modified: 2019/16xxx/CVE-2019-16168.json modified: 2019/16xxx/CVE-2019-16201.json modified: 2019/16xxx/CVE-2019-16254.json modified: 2019/16xxx/CVE-2019-16255.json modified: 2019/16xxx/CVE-2019-16335.json modified: 2019/16xxx/CVE-2019-16775.json modified: 2019/16xxx/CVE-2019-16776.json modified: 2019/16xxx/CVE-2019-16777.json modified: 2019/16xxx/CVE-2019-16942.json modified: 2019/16xxx/CVE-2019-16943.json modified: 2019/17xxx/CVE-2019-17091.json modified: 2019/17xxx/CVE-2019-17267.json modified: 2019/17xxx/CVE-2019-17359.json modified: 2019/17xxx/CVE-2019-17531.json modified: 2019/1xxx/CVE-2019-1547.json modified: 2019/1xxx/CVE-2019-1549.json modified: 2019/1xxx/CVE-2019-1552.json modified: 2019/1xxx/CVE-2019-1559.json modified: 2019/1xxx/CVE-2019-1563.json modified: 2019/2xxx/CVE-2019-2904.json modified: 2019/3xxx/CVE-2019-3862.json modified: 2019/5xxx/CVE-2019-5481.json modified: 2019/5xxx/CVE-2019-5482.json modified: 2019/5xxx/CVE-2019-5718.json modified: 2019/8xxx/CVE-2019-8457.json modified: 2019/9xxx/CVE-2019-9208.json modified: 2019/9xxx/CVE-2019-9636.json modified: 2019/9xxx/CVE-2019-9936.json modified: 2019/9xxx/CVE-2019-9937.json --- 2014/3xxx/CVE-2014-3004.json | 96 +++--- 2014/3xxx/CVE-2014-3596.json | 150 ++++----- 2015/9xxx/CVE-2015-9251.json | 228 ++++++------- 2016/0xxx/CVE-2016-0701.json | 174 +++++----- 2016/1000xxx/CVE-2016-1000031.json | 162 +++++----- 2016/1xxx/CVE-2016-1181.json | 174 +++++----- 2016/1xxx/CVE-2016-1182.json | 168 +++++----- 2016/2xxx/CVE-2016-2183.json | 492 +++++++++++++++-------------- 2016/4xxx/CVE-2016-4000.json | 144 +++++---- 2016/5xxx/CVE-2016-5019.json | 126 ++++---- 2016/6xxx/CVE-2016-6306.json | 234 +++++++------- 2016/6xxx/CVE-2016-6814.json | 140 ++++---- 2016/8xxx/CVE-2016-8610.json | 212 +++++++------ 2017/1000xxx/CVE-2017-1000376.json | 80 ++--- 2017/12xxx/CVE-2017-12626.json | 92 +++--- 2017/14xxx/CVE-2017-14735.json | 90 +++--- 2017/15xxx/CVE-2017-15708.json | 84 ++--- 2017/15xxx/CVE-2017-15906.json | 102 +++--- 2017/5xxx/CVE-2017-5645.json | 372 +++++++++++----------- 2018/0xxx/CVE-2018-0734.json | 244 +++++++------- 2018/0xxx/CVE-2018-0735.json | 164 +++++----- 2018/1000xxx/CVE-2018-1000030.json | 128 ++++---- 2018/11xxx/CVE-2018-11039.json | 112 +++---- 2018/11xxx/CVE-2018-11040.json | 106 ++++--- 2018/11xxx/CVE-2018-11054.json | 106 ++++--- 2018/11xxx/CVE-2018-11055.json | 110 +++---- 2018/11xxx/CVE-2018-11056.json | 122 +++---- 2018/11xxx/CVE-2018-11057.json | 110 +++---- 2018/11xxx/CVE-2018-11058.json | 126 ++++---- 2018/11xxx/CVE-2018-11307.json | 168 +++++----- 2018/11xxx/CVE-2018-11759.json | 120 +++---- 2018/11xxx/CVE-2018-11784.json | 252 +++++++-------- 2018/14xxx/CVE-2018-14718.json | 246 ++++++++------- 2018/15xxx/CVE-2018-15473.json | 156 ++++----- 2018/15xxx/CVE-2018-15756.json | 196 ++++++------ 2018/15xxx/CVE-2018-15769.json | 84 ++--- 2018/16xxx/CVE-2018-16395.json | 168 +++++----- 2018/17xxx/CVE-2018-17189.json | 176 ++++++----- 2018/19xxx/CVE-2018-19362.json | 258 +++++++-------- 2018/1xxx/CVE-2018-1060.json | 194 ++++++------ 2018/1xxx/CVE-2018-1257.json | 110 +++---- 2018/1xxx/CVE-2018-1258.json | 130 ++++---- 2018/20xxx/CVE-2018-20684.json | 90 +++--- 2018/5xxx/CVE-2018-5407.json | 216 ++++++------- 2018/6xxx/CVE-2018-6829.json | 78 ++--- 2018/8xxx/CVE-2018-8032.json | 92 +++--- 2018/8xxx/CVE-2018-8039.json | 160 +++++----- 2019/0xxx/CVE-2019-0199.json | 234 +++++++------- 2019/0xxx/CVE-2019-0215.json | 164 +++++----- 2019/0xxx/CVE-2019-0221.json | 172 +++++----- 2019/0xxx/CVE-2019-0227.json | 72 +++-- 2019/0xxx/CVE-2019-0232.json | 202 ++++++------ 2019/10xxx/CVE-2019-10072.json | 126 ++++---- 2019/10xxx/CVE-2019-10086.json | 174 +++++----- 2019/10xxx/CVE-2019-10088.json | 90 +++--- 2019/10xxx/CVE-2019-10092.json | 90 +++--- 2019/10xxx/CVE-2019-10093.json | 90 +++--- 2019/10xxx/CVE-2019-10094.json | 84 ++--- 2019/10xxx/CVE-2019-10098.json | 72 +++-- 2019/10xxx/CVE-2019-10246.json | 94 +++--- 2019/10xxx/CVE-2019-10247.json | 126 ++++---- 2019/11xxx/CVE-2019-11358.json | 354 +++++++++++---------- 2019/11xxx/CVE-2019-11477.json | 296 ++++++++--------- 2019/11xxx/CVE-2019-11478.json | 294 ++++++++--------- 2019/11xxx/CVE-2019-11479.json | 278 ++++++++-------- 2019/12xxx/CVE-2019-12086.json | 252 +++++++-------- 2019/12xxx/CVE-2019-12384.json | 306 +++++++++--------- 2019/12xxx/CVE-2019-12406.json | 66 ++-- 2019/12xxx/CVE-2019-12415.json | 84 ++--- 2019/12xxx/CVE-2019-12419.json | 66 ++-- 2019/12xxx/CVE-2019-12814.json | 366 ++++++++++----------- 2019/13xxx/CVE-2019-13117.json | 108 ++++--- 2019/13xxx/CVE-2019-13118.json | 276 ++++++++-------- 2019/14xxx/CVE-2019-14379.json | 354 +++++++++++---------- 2019/14xxx/CVE-2019-14439.json | 210 ++++++------ 2019/14xxx/CVE-2019-14540.json | 192 +++++------ 2019/15xxx/CVE-2019-15845.json | 96 +++--- 2019/16xxx/CVE-2019-16168.json | 108 ++++--- 2019/16xxx/CVE-2019-16201.json | 96 +++--- 2019/16xxx/CVE-2019-16254.json | 126 ++++---- 2019/16xxx/CVE-2019-16255.json | 120 +++---- 2019/16xxx/CVE-2019-16335.json | 174 +++++----- 2019/16xxx/CVE-2019-16775.json | 112 +++---- 2019/16xxx/CVE-2019-16776.json | 112 +++---- 2019/16xxx/CVE-2019-16777.json | 112 +++---- 2019/16xxx/CVE-2019-16942.json | 156 ++++----- 2019/16xxx/CVE-2019-16943.json | 138 ++++---- 2019/17xxx/CVE-2019-17091.json | 126 ++++---- 2019/17xxx/CVE-2019-17267.json | 108 ++++--- 2019/17xxx/CVE-2019-17359.json | 78 ++--- 2019/17xxx/CVE-2019-17531.json | 96 +++--- 2019/1xxx/CVE-2019-1547.json | 226 ++++++------- 2019/1xxx/CVE-2019-1549.json | 138 ++++---- 2019/1xxx/CVE-2019-1552.json | 166 +++++----- 2019/1xxx/CVE-2019-1559.json | 276 ++++++++-------- 2019/1xxx/CVE-2019-1563.json | 214 +++++++------ 2019/2xxx/CVE-2019-2904.json | 82 ++--- 2019/3xxx/CVE-2019-3862.json | 170 +++++----- 2019/5xxx/CVE-2019-5481.json | 102 +++--- 2019/5xxx/CVE-2019-5482.json | 102 +++--- 2019/5xxx/CVE-2019-5718.json | 96 +++--- 2019/8xxx/CVE-2019-8457.json | 126 ++++---- 2019/9xxx/CVE-2019-9208.json | 114 +++---- 2019/9xxx/CVE-2019-9636.json | 336 ++++++++++---------- 2019/9xxx/CVE-2019-9936.json | 126 ++++---- 2019/9xxx/CVE-2019-9937.json | 126 ++++---- 106 files changed, 8708 insertions(+), 8284 deletions(-) diff --git a/2014/3xxx/CVE-2014-3004.json b/2014/3xxx/CVE-2014-3004.json index 79723878487..57ecf0ba4a9 100644 --- a/2014/3xxx/CVE-2014-3004.json +++ b/2014/3xxx/CVE-2014-3004.json @@ -1,86 +1,90 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2014-3004", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2014-3004", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document." + "lang":"eng", + "value":"The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html", - "refsource": "MISC", - "url": "http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html" + "name":"http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html", + "refsource":"MISC", + "url":"http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html" }, { - "name": "openSUSE-SU-2014:0822", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00043.html" + "name":"openSUSE-SU-2014:0822", + "refsource":"SUSE", + "url":"http://lists.opensuse.org/opensuse-updates/2014-06/msg00043.html" }, { - "name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811", - "refsource": "MISC", - "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811" + "name":"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811", + "refsource":"MISC", + "url":"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811" }, { - "name": "20140527 CVE-2014-3004 - Castor Library Default Config could lead to XML External Entity (XXE) Attacks", - "refsource": "FULLDISC", - "url": "http://seclists.org/fulldisclosure/2014/May/142" + "name":"20140527 CVE-2014-3004 - Castor Library Default Config could lead to XML External Entity (XXE) Attacks", + "refsource":"FULLDISC", + "url":"http://seclists.org/fulldisclosure/2014/May/142" }, { - "name": "59427", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/59427" + "name":"59427", + "refsource":"SECUNIA", + "url":"http://secunia.com/advisories/59427" }, { - "name": "67676", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/67676" + "name":"67676", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/67676" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2014/3xxx/CVE-2014-3596.json b/2014/3xxx/CVE-2014-3596.json index 40c7e2ff6f0..3bdc1ee5fb6 100644 --- a/2014/3xxx/CVE-2014-3596.json +++ b/2014/3xxx/CVE-2014-3596.json @@ -1,131 +1,135 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "ID": "CVE-2014-3596", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secalert@redhat.com", + "ID":"CVE-2014-3596", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784." + "lang":"eng", + "value":"The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "[oss-security] 20140820 CVE-2014-3596 - Apache Axis 1 vulnerable to MITM attack", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2014/08/20/2" + "name":"[oss-security] 20140820 CVE-2014-3596 - Apache Axis 1 vulnerable to MITM attack", + "refsource":"MLIST", + "url":"http://www.openwall.com/lists/oss-security/2014/08/20/2" }, { - "name": "https://issues.apache.org/jira/browse/AXIS-2905", - "refsource": "MISC", - "url": "https://issues.apache.org/jira/browse/AXIS-2905" + "name":"https://issues.apache.org/jira/browse/AXIS-2905", + "refsource":"MISC", + "url":"https://issues.apache.org/jira/browse/AXIS-2905" }, { - "name": "apache-axis-cve20143596-spoofing(95377)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95377" + "name":"apache-axis-cve20143596-spoofing(95377)", + "refsource":"XF", + "url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/95377" }, { - "name": "1030745", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1030745" + "name":"1030745", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1030745" }, { - "name": "61222", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/61222" + "name":"61222", + "refsource":"SECUNIA", + "url":"http://secunia.com/advisories/61222" }, { - "name": "RHSA-2014:1193", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-1193.html" + "name":"RHSA-2014:1193", + "refsource":"REDHAT", + "url":"http://rhn.redhat.com/errata/RHSA-2014-1193.html" }, { - "name": "69295", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/69295" + "name":"69295", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/69295" }, { - "name": "http://linux.oracle.com/errata/ELSA-2014-1193.html", - "refsource": "CONFIRM", - "url": "http://linux.oracle.com/errata/ELSA-2014-1193.html" + "name":"http://linux.oracle.com/errata/ELSA-2014-1193.html", + "refsource":"CONFIRM", + "url":"http://linux.oracle.com/errata/ELSA-2014-1193.html" }, { - "refsource": "MLIST", - "name": "[axis-java-dev] 20190503 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596", - "url": "https://lists.apache.org/thread.html/44d4e88a5fa8ae60deb752029afe9054da87c5f859caf296fcf585e5@%3Cjava-dev.axis.apache.org%3E" + "refsource":"MLIST", + "name":"[axis-java-dev] 20190503 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596", + "url":"https://lists.apache.org/thread.html/44d4e88a5fa8ae60deb752029afe9054da87c5f859caf296fcf585e5@%3Cjava-dev.axis.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[axis-java-dev] 20190503 [jira] [Comment Edited] (AXIS-2905) Insecure certificate validation CVE-2014-3596", - "url": "https://lists.apache.org/thread.html/de2af12dcaba653d02b03235327ca4aa930401813a3cced8e151d29c@%3Cjava-dev.axis.apache.org%3E" + "refsource":"MLIST", + "name":"[axis-java-dev] 20190503 [jira] [Comment Edited] (AXIS-2905) Insecure certificate validation CVE-2014-3596", + "url":"https://lists.apache.org/thread.html/de2af12dcaba653d02b03235327ca4aa930401813a3cced8e151d29c@%3Cjava-dev.axis.apache.org%3E" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1497", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00007.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1497", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00007.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1526", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00022.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1526", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00022.html" }, { - "refsource": "MLIST", - "name": "[axis-java-dev] 20190907 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596", - "url": "https://lists.apache.org/thread.html/8aa25c99eeb0693fc229ec87d1423b5ed5d58558618706d8aba1d832@%3Cjava-dev.axis.apache.org%3E" + "refsource":"MLIST", + "name":"[axis-java-dev] 20190907 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596", + "url":"https://lists.apache.org/thread.html/8aa25c99eeb0693fc229ec87d1423b5ed5d58558618706d8aba1d832@%3Cjava-dev.axis.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[axis-java-dev] 20190909 [jira] [Resolved] (AXIS-2905) Insecure certificate validation CVE-2014-3596", - "url": "https://lists.apache.org/thread.html/a308887782e05da7cf692e4851ae2bd429a038570cbf594e6631cc8d@%3Cjava-dev.axis.apache.org%3E" + "refsource":"MLIST", + "name":"[axis-java-dev] 20190909 [jira] [Resolved] (AXIS-2905) Insecure certificate validation CVE-2014-3596", + "url":"https://lists.apache.org/thread.html/a308887782e05da7cf692e4851ae2bd429a038570cbf594e6631cc8d@%3Cjava-dev.axis.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[axis-java-dev] 20190909 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596", - "url": "https://lists.apache.org/thread.html/5e6c92145deddcecf70c3604041dcbd615efa2d37632fc2b9c367780@%3Cjava-dev.axis.apache.org%3E" + "refsource":"MLIST", + "name":"[axis-java-dev] 20190909 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596", + "url":"https://lists.apache.org/thread.html/5e6c92145deddcecf70c3604041dcbd615efa2d37632fc2b9c367780@%3Cjava-dev.axis.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2015/9xxx/CVE-2015-9251.json b/2015/9xxx/CVE-2015-9251.json index b3206ebeb22..94d77ed6d94 100644 --- a/2015/9xxx/CVE-2015-9251.json +++ b/2015/9xxx/CVE-2015-9251.json @@ -1,196 +1,200 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-9251", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2015-9251", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed." + "lang":"eng", + "value":"jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://github.com/jquery/jquery/issues/2432", - "refsource": "MISC", - "url": "https://github.com/jquery/jquery/issues/2432" + "name":"https://github.com/jquery/jquery/issues/2432", + "refsource":"MISC", + "url":"https://github.com/jquery/jquery/issues/2432" }, { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", - "refsource": "MISC", - "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf" + "name":"https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", + "refsource":"MISC", + "url":"https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf" }, { - "name": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", - "refsource": "MISC", - "url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2" + "name":"https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", + "refsource":"MISC", + "url":"https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2" }, { - "name": "https://snyk.io/vuln/npm:jquery:20150627", - "refsource": "MISC", - "url": "https://snyk.io/vuln/npm:jquery:20150627" + "name":"https://snyk.io/vuln/npm:jquery:20150627", + "refsource":"MISC", + "url":"https://snyk.io/vuln/npm:jquery:20150627" }, { - "name": "https://github.com/jquery/jquery/pull/2588", - "refsource": "MISC", - "url": "https://github.com/jquery/jquery/pull/2588" + "name":"https://github.com/jquery/jquery/pull/2588", + "refsource":"MISC", + "url":"https://github.com/jquery/jquery/pull/2588" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name": "105658", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105658" + "name":"105658", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/105658" }, { - "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", - "refsource": "MISC", - "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04" + "name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", + "refsource":"MISC", + "url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04" }, { - "name": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", - "refsource": "MISC", - "url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc" + "name":"https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", + "refsource":"MISC", + "url":"https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource": "BUGTRAQ", - "name": "20190509 dotCMS v5.1.1 Vulnerabilities", - "url": "https://seclists.org/bugtraq/2019/May/18" + "refsource":"BUGTRAQ", + "name":"20190509 dotCMS v5.1.1 Vulnerabilities", + "url":"https://seclists.org/bugtraq/2019/May/18" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", - "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", + "url":"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { - "refsource": "FULLDISC", - "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", - "url": "http://seclists.org/fulldisclosure/2019/May/11" + "refsource":"FULLDISC", + "name":"20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", + "url":"http://seclists.org/fulldisclosure/2019/May/11" }, { - "refsource": "FULLDISC", - "name": "20190510 dotCMS v5.1.1 Vulnerabilities", - "url": "http://seclists.org/fulldisclosure/2019/May/10" + "refsource":"FULLDISC", + "name":"20190510 dotCMS v5.1.1 Vulnerabilities", + "url":"http://seclists.org/fulldisclosure/2019/May/10" }, { - "refsource": "FULLDISC", - "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", - "url": "http://seclists.org/fulldisclosure/2019/May/13" + "refsource":"FULLDISC", + "name":"20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", + "url":"http://seclists.org/fulldisclosure/2019/May/13" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", - "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", + "url":"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "MLIST", - "name": "[flink-user] 20190811 Apache flink 1.7.2 security issues", - "url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E" + "refsource":"MLIST", + "name":"[flink-user] 20190811 Apache flink 1.7.2 security issues", + "url":"https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues", - "url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E" + "refsource":"MLIST", + "name":"[flink-dev] 20190811 Apache flink 1.7.2 security issues", + "url":"https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[flink-user] 20190813 Apache flink 1.7.2 security issues", - "url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E" + "refsource":"MLIST", + "name":"[flink-user] 20190813 Apache flink 1.7.2 security issues", + "url":"https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues", - "url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E" + "refsource":"MLIST", + "name":"[flink-user] 20190813 Re: Apache flink 1.7.2 security issues", + "url":"https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", - "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E" + "refsource":"MLIST", + "name":"[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", + "url":"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "CONFIRM", - "name": "https://www.tenable.com/security/tns-2019-08", - "url": "https://www.tenable.com/security/tns-2019-08" + "refsource":"CONFIRM", + "name":"https://www.tenable.com/security/tns-2019-08", + "url":"https://www.tenable.com/security/tns-2019-08" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/0xxx/CVE-2016-0701.json b/2016/0xxx/CVE-2016-0701.json index 3b314e5c4a4..f56cc539891 100644 --- a/2016/0xxx/CVE-2016-0701.json +++ b/2016/0xxx/CVE-2016-0701.json @@ -1,151 +1,155 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "ID": "CVE-2016-0701", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secalert@redhat.com", + "ID":"CVE-2016-0701", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file." + "lang":"eng", + "value":"The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "FEDORA-2016-527018d2ff", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html" + "name":"FEDORA-2016-527018d2ff", + "refsource":"FEDORA", + "url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { - "name": "1034849", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1034849" + "name":"1034849", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1034849" }, { - "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=c5b831f21d0d29d1e517d139d9d101763f60c9a2", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=c5b831f21d0d29d1e517d139d9d101763f60c9a2" + "name":"https://git.openssl.org/?p=openssl.git;a=commit;h=c5b831f21d0d29d1e517d139d9d101763f60c9a2", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/?p=openssl.git;a=commit;h=c5b831f21d0d29d1e517d139d9d101763f60c9a2" }, { - "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=878e2c5b13010329c203f309ed0c8f2113f85648", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=878e2c5b13010329c203f309ed0c8f2113f85648" + "name":"https://git.openssl.org/?p=openssl.git;a=commit;h=878e2c5b13010329c203f309ed0c8f2113f85648", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/?p=openssl.git;a=commit;h=878e2c5b13010329c203f309ed0c8f2113f85648" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821" }, { - "name": "http://www.openssl.org/news/secadv/20160128.txt", - "refsource": "CONFIRM", - "url": "http://www.openssl.org/news/secadv/20160128.txt" + "name":"http://www.openssl.org/news/secadv/20160128.txt", + "refsource":"CONFIRM", + "url":"http://www.openssl.org/news/secadv/20160128.txt" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893" }, { - "name": "GLSA-201601-05", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201601-05" + "name":"GLSA-201601-05", + "refsource":"GENTOO", + "url":"https://security.gentoo.org/glsa/201601-05" }, { - "name": "http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html", - "refsource": "MISC", - "url": "http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html" + "name":"http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html", + "refsource":"MISC", + "url":"http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html" }, { - "name": "82233", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/82233" + "name":"82233", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/82233" }, { - "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us" + "name":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us" }, { - "name": "91787", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/91787" + "name":"91787", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/91787" }, { - "name": "VU#257823", - "refsource": "CERT-VN", - "url": "https://www.kb.cert.org/vuls/id/257823" + "name":"VU#257823", + "refsource":"CERT-VN", + "url":"https://www.kb.cert.org/vuls/id/257823" }, { - "name": "openSUSE-SU-2016:0637", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html" + "name":"openSUSE-SU-2016:0637", + "refsource":"SUSE", + "url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html" }, { - "name": "USN-2883-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2883-1" + "name":"USN-2883-1", + "refsource":"UBUNTU", + "url":"http://www.ubuntu.com/usn/USN-2883-1" }, { - "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", - "refsource": "CONFIRM", - "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + "name":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", + "refsource":"CONFIRM", + "url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/1000xxx/CVE-2016-1000031.json b/2016/1000xxx/CVE-2016-1000031.json index f0732178307..d47eec226f1 100644 --- a/2016/1000xxx/CVE-2016-1000031.json +++ b/2016/1000xxx/CVE-2016-1000031.json @@ -1,141 +1,145 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2016-1000031", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2016-1000031", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution" + "lang":"eng", + "value":"Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution" } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "93604", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/93604" + "name":"93604", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/93604" }, { - "name": "https://security.netapp.com/advisory/ntap-20190212-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20190212-0001/" + "name":"https://security.netapp.com/advisory/ntap-20190212-0001/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20190212-0001/" }, { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "https://issues.apache.org/jira/browse/WW-4812", - "refsource": "CONFIRM", - "url": "https://issues.apache.org/jira/browse/WW-4812" + "name":"https://issues.apache.org/jira/browse/WW-4812", + "refsource":"CONFIRM", + "url":"https://issues.apache.org/jira/browse/WW-4812" }, { - "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-570/", - "refsource": "MISC", - "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-570/" + "name":"http://www.zerodayinitiative.com/advisories/ZDI-16-570/", + "refsource":"MISC", + "url":"http://www.zerodayinitiative.com/advisories/ZDI-16-570/" }, { - "name": "https://www.tenable.com/security/research/tra-2016-30", - "refsource": "MISC", - "url": "https://www.tenable.com/security/research/tra-2016-30" + "name":"https://www.tenable.com/security/research/tra-2016-30", + "refsource":"MISC", + "url":"https://www.tenable.com/security/research/tra-2016-30" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name": "https://www.tenable.com/security/research/tra-2016-12", - "refsource": "MISC", - "url": "https://www.tenable.com/security/research/tra-2016-12" + "name":"https://www.tenable.com/security/research/tra-2016-12", + "refsource":"MISC", + "url":"https://www.tenable.com/security/research/tra-2016-12" }, { - "name": "https://issues.apache.org/jira/browse/FILEUPLOAD-279", - "refsource": "CONFIRM", - "url": "https://issues.apache.org/jira/browse/FILEUPLOAD-279" + "name":"https://issues.apache.org/jira/browse/FILEUPLOAD-279", + "refsource":"CONFIRM", + "url":"https://issues.apache.org/jira/browse/FILEUPLOAD-279" }, { - "name": "https://www.tenable.com/security/research/tra-2016-23", - "refsource": "MISC", - "url": "https://www.tenable.com/security/research/tra-2016-23" + "name":"https://www.tenable.com/security/research/tra-2016-23", + "refsource":"MISC", + "url":"https://www.tenable.com/security/research/tra-2016-23" }, { - "name": "[announce] 20181105 [SECURITY] Immediately upgrade commons-fileupload to version 1.3.3 when running Struts 2.3.36 or prior", - "refsource": "MLIST", - "url": "https://lists.apache.org/thread.html/d66657323fd25e437face5e84899c8ca404ccd187e81c3f2fa8b6080@%3Cannounce.apache.org%3E" + "name":"[announce] 20181105 [SECURITY] Immediately upgrade commons-fileupload to version 1.3.3 when running Struts 2.3.36 or prior", + "refsource":"MLIST", + "url":"https://lists.apache.org/thread.html/d66657323fd25e437face5e84899c8ca404ccd187e81c3f2fa8b6080@%3Cannounce.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", - "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" + "refsource":"MLIST", + "name":"[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1399", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00036.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1399", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00036.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource": "MISC" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource":"MISC" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/1xxx/CVE-2016-1181.json b/2016/1xxx/CVE-2016-1181.json index becc64b305a..a3a791fa79a 100644 --- a/2016/1xxx/CVE-2016-1181.json +++ b/2016/1xxx/CVE-2016-1181.json @@ -1,151 +1,155 @@ + { - "CVE_data_meta": { - "ASSIGNER": "vultures@jpcert.or.jp", - "ID": "CVE-2016-1181", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"vultures@jpcert.or.jp", + "ID":"CVE-2016-1181", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899." + "lang":"eng", + "value":"ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "JVNDB-2016-000096", - "refsource": "JVNDB", - "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096" + "name":"JVNDB-2016-000096", + "refsource":"JVNDB", + "url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "https://security.netapp.com/advisory/ntap-20180629-0006/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20180629-0006/" + "name":"https://security.netapp.com/advisory/ntap-20180629-0006/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20180629-0006/" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { - "name": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8", - "refsource": "CONFIRM", - "url": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8" + "name":"https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8", + "refsource":"CONFIRM", + "url":"https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343538", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343538" + "name":"https://bugzilla.redhat.com/show_bug.cgi?id=1343538", + "refsource":"CONFIRM", + "url":"https://bugzilla.redhat.com/show_bug.cgi?id=1343538" }, { - "name": "91068", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/91068" + "name":"91068", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/91068" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { - "name": "1036056", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1036056" + "name":"1036056", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1036056" }, { - "name": "JVN#03188560", - "refsource": "JVN", - "url": "http://jvn.jp/en/jp/JVN03188560/index.html" + "name":"JVN#03188560", + "refsource":"JVN", + "url":"http://jvn.jp/en/jp/JVN03188560/index.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name": "91787", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/91787" + "name":"91787", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/91787" }, { - "name": "https://security-tracker.debian.org/tracker/CVE-2016-1181", - "refsource": "CONFIRM", - "url": "https://security-tracker.debian.org/tracker/CVE-2016-1181" + "name":"https://security-tracker.debian.org/tracker/CVE-2016-1181", + "refsource":"CONFIRM", + "url":"https://security-tracker.debian.org/tracker/CVE-2016-1181" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/1xxx/CVE-2016-1182.json b/2016/1xxx/CVE-2016-1182.json index ec7d7d1fb85..dc08f37bdd8 100644 --- a/2016/1xxx/CVE-2016-1182.json +++ b/2016/1xxx/CVE-2016-1182.json @@ -1,146 +1,150 @@ + { - "CVE_data_meta": { - "ASSIGNER": "vultures@jpcert.or.jp", - "ID": "CVE-2016-1182", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"vultures@jpcert.or.jp", + "ID":"CVE-2016-1182", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899." + "lang":"eng", + "value":"ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "JVNDB-2016-000097", - "refsource": "JVNDB", - "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000097" + "name":"JVNDB-2016-000097", + "refsource":"JVNDB", + "url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000097" }, { - "name": "JVN#65044642", - "refsource": "JVN", - "url": "http://jvn.jp/en/jp/JVN65044642/index.html" + "name":"JVN#65044642", + "refsource":"JVN", + "url":"http://jvn.jp/en/jp/JVN65044642/index.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "https://security.netapp.com/advisory/ntap-20180629-0006/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20180629-0006/" + "name":"https://security.netapp.com/advisory/ntap-20180629-0006/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20180629-0006/" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { - "name": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8", - "refsource": "CONFIRM", - "url": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8" + "name":"https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8", + "refsource":"CONFIRM", + "url":"https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { - "name": "1036056", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1036056" + "name":"1036056", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1036056" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343540", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343540" + "name":"https://bugzilla.redhat.com/show_bug.cgi?id=1343540", + "refsource":"CONFIRM", + "url":"https://bugzilla.redhat.com/show_bug.cgi?id=1343540" }, { - "name": "91067", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/91067" + "name":"91067", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/91067" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name": "91787", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/91787" + "name":"91787", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/91787" }, { - "name": "https://security-tracker.debian.org/tracker/CVE-2016-1182", - "refsource": "CONFIRM", - "url": "https://security-tracker.debian.org/tracker/CVE-2016-1182" + "name":"https://security-tracker.debian.org/tracker/CVE-2016-1182", + "refsource":"CONFIRM", + "url":"https://security-tracker.debian.org/tracker/CVE-2016-1182" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/2xxx/CVE-2016-2183.json b/2016/2xxx/CVE-2016-2183.json index 5c68d5902bc..33552d46ffb 100644 --- a/2016/2xxx/CVE-2016-2183.json +++ b/2016/2xxx/CVE-2016-2183.json @@ -1,416 +1,420 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "ID": "CVE-2016-2183", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secalert@redhat.com", + "ID":"CVE-2016-2183", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack." + "lang":"eng", + "value":"The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "RHSA-2017:3113", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3113" + "name":"RHSA-2017:3113", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:3113" }, { - "name": "RHSA-2017:0338", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html" + "name":"RHSA-2017:0338", + "refsource":"REDHAT", + "url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html" }, { - "name": "https://www.tenable.com/security/tns-2016-20", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2016-20" + "name":"https://www.tenable.com/security/tns-2016-20", + "refsource":"CONFIRM", + "url":"https://www.tenable.com/security/tns-2016-20" }, { - "name": "https://sweet32.info/", - "refsource": "MISC", - "url": "https://sweet32.info/" + "name":"https://sweet32.info/", + "refsource":"MISC", + "url":"https://sweet32.info/" }, { - "name": "http://www.splunk.com/view/SP-CAAAPUE", - "refsource": "CONFIRM", - "url": "http://www.splunk.com/view/SP-CAAAPUE" + "name":"http://www.splunk.com/view/SP-CAAAPUE", + "refsource":"CONFIRM", + "url":"http://www.splunk.com/view/SP-CAAAPUE" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" + "name":"https://bugzilla.redhat.com/show_bug.cgi?id=1369383", + "refsource":"CONFIRM", + "url":"https://bugzilla.redhat.com/show_bug.cgi?id=1369383" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { - "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us" + "name":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us" }, { - "name": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "refsource": "MISC", - "url": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/" + "name":"https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", + "refsource":"MISC", + "url":"https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/" }, { - "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" + "name":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { - "name": "GLSA-201612-16", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201612-16" + "name":"GLSA-201612-16", + "refsource":"GENTOO", + "url":"https://security.gentoo.org/glsa/201612-16" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" }, { - "name": "https://access.redhat.com/articles/2548661", - "refsource": "CONFIRM", - "url": "https://access.redhat.com/articles/2548661" + "name":"https://access.redhat.com/articles/2548661", + "refsource":"CONFIRM", + "url":"https://access.redhat.com/articles/2548661" }, { - "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "refsource": "CONFIRM", - "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" + "name":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "refsource":"CONFIRM", + "url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" }, { - "name": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue", - "refsource": "MISC", - "url": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" + "name":"https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue", + "refsource":"MISC", + "url":"https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" }, { - "name": "http://www.splunk.com/view/SP-CAAAPSV", - "refsource": "CONFIRM", - "url": "http://www.splunk.com/view/SP-CAAAPSV" + "name":"http://www.splunk.com/view/SP-CAAAPSV", + "refsource":"CONFIRM", + "url":"http://www.splunk.com/view/SP-CAAAPSV" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415" }, { - "name": "RHSA-2017:3240", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3240" + "name":"RHSA-2017:3240", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:3240" }, { - "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "refsource": "CONFIRM", - "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" + "name":"http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "refsource":"CONFIRM", + "url":"http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { - "name": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "refsource": "MISC", - "url": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633" + "name":"https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", + "refsource":"MISC", + "url":"https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { - "name": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "refsource": "CONFIRM", - "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" + "name":"https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", + "refsource":"CONFIRM", + "url":"https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" }, { - "name": "https://www.tenable.com/security/tns-2016-16", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2016-16" + "name":"https://www.tenable.com/security/tns-2016-16", + "refsource":"CONFIRM", + "url":"https://www.tenable.com/security/tns-2016-16" }, { - "name": "RHSA-2017:2709", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2709" + "name":"RHSA-2017:2709", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2709" }, { - "name": "92630", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/92630" + "name":"92630", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/92630" }, { - "name": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "refsource": "MISC", - "url": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/" + "name":"https://www.sigsac.org/ccs/CCS2016/accepted-papers/", + "refsource":"MISC", + "url":"https://www.sigsac.org/ccs/CCS2016/accepted-papers/" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499" }, { - "name": "https://www.tenable.com/security/tns-2016-21", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2016-21" + "name":"https://www.tenable.com/security/tns-2016-21", + "refsource":"CONFIRM", + "url":"https://www.tenable.com/security/tns-2016-21" }, { - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", - "refsource": "CONFIRM", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10171" + "name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10171", + "refsource":"CONFIRM", + "url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10171" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { - "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "refsource": "CONFIRM", - "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482" + "name":"http://www-01.ibm.com/support/docview.wss?uid=swg21991482", + "refsource":"CONFIRM", + "url":"http://www-01.ibm.com/support/docview.wss?uid=swg21991482" }, { - "name": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "refsource": "CONFIRM", - "url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/" + "name":"https://www.openssl.org/blog/blog/2016/08/24/sweet32/", + "refsource":"CONFIRM", + "url":"https://www.openssl.org/blog/blog/2016/08/24/sweet32/" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { - "name": "RHSA-2017:3239", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3239" + "name":"RHSA-2017:3239", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:3239" }, { - "name": "https://access.redhat.com/security/cve/cve-2016-2183", - "refsource": "CONFIRM", - "url": "https://access.redhat.com/security/cve/cve-2016-2183" + "name":"https://access.redhat.com/security/cve/cve-2016-2183", + "refsource":"CONFIRM", + "url":"https://access.redhat.com/security/cve/cve-2016-2183" }, { - "name": "GLSA-201701-65", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201701-65" + "name":"GLSA-201701-65", + "refsource":"GENTOO", + "url":"https://security.gentoo.org/glsa/201701-65" }, { - "name": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "refsource": "MISC", - "url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/" + "name":"https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", + "refsource":"MISC", + "url":"https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" }, { - "name": "1036696", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1036696" + "name":"1036696", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1036696" }, { - "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "refsource": "MISC", - "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" + "name":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "refsource":"MISC", + "url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" }, { - "name": "https://security.netapp.com/advisory/ntap-20160915-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20160915-0001/" + "name":"https://security.netapp.com/advisory/ntap-20160915-0001/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20160915-0001/" }, { - "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us" + "name":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us" }, { - "name": "GLSA-201707-01", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201707-01" + "name":"GLSA-201707-01", + "refsource":"GENTOO", + "url":"https://security.gentoo.org/glsa/201707-01" }, { - "name": "95568", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/95568" + "name":"95568", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/95568" }, { - "name": "RHSA-2017:3114", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3114" + "name":"RHSA-2017:3114", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:3114" }, { - "name": "https://bto.bluecoat.com/security-advisory/sa133", - "refsource": "CONFIRM", - "url": "https://bto.bluecoat.com/security-advisory/sa133" + "name":"https://bto.bluecoat.com/security-advisory/sa133", + "refsource":"CONFIRM", + "url":"https://bto.bluecoat.com/security-advisory/sa133" }, { - "name": "https://www.tenable.com/security/tns-2017-09", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2017-09" + "name":"https://www.tenable.com/security/tns-2017-09", + "refsource":"CONFIRM", + "url":"https://www.tenable.com/security/tns-2017-09" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849" }, { - "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" + "name":"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116" }, { - "name": "RHSA-2017:1216", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1216" + "name":"RHSA-2017:1216", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:1216" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { - "name": "RHSA-2017:2710", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2710" + "name":"RHSA-2017:2710", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2710" }, { - "name": "https://security.netapp.com/advisory/ntap-20170119-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20170119-0001/" + "name":"https://security.netapp.com/advisory/ntap-20170119-0001/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20170119-0001/" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984" }, { - "name": "[tls] 20091120 RC4+3DES rekeying - long-lived TLS connections", - "refsource": "MLIST", - "url": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html" + "name":"[tls] 20091120 RC4+3DES rekeying - long-lived TLS connections", + "refsource":"MLIST", + "url":"https://www.ietf.org/mail-archive/web/tls/current/msg04560.html" }, { - "name": "RHSA-2018:2123", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2123" + "name":"RHSA-2018:2123", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2123" }, { - "name": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "refsource": "MISC", - "url": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/" + "name":"https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", + "refsource":"MISC", + "url":"https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/" }, { - "name": "RHSA-2017:0337", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html" + "name":"RHSA-2017:0337", + "refsource":"REDHAT", + "url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html" }, { - "name": "RHSA-2017:2708", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2708" + "name":"RHSA-2017:2708", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2708" }, { - "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "refsource": "CONFIRM", - "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008" + "name":"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", + "refsource":"CONFIRM", + "url":"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008" }, { - "name": "RHSA-2017:0336", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html" + "name":"RHSA-2017:0336", + "refsource":"REDHAT", + "url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html" }, { - "name": "SUSE-SU-2016:2470", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" + "name":"SUSE-SU-2016:2470", + "refsource":"SUSE", + "url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" }, { - "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "refsource": "CONFIRM", - "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697" + "name":"http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", + "refsource":"CONFIRM", + "url":"http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" }, { - "name": "RHSA-2017:0462", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0462.html" + "name":"RHSA-2017:0462", + "refsource":"REDHAT", + "url":"http://rhn.redhat.com/errata/RHSA-2017-0462.html" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" }, { - "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", - "refsource": "CONFIRM", - "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + "name":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", + "refsource":"CONFIRM", + "url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1245", - "url": "https://access.redhat.com/errata/RHSA-2019:1245" + "refsource":"REDHAT", + "name":"RHSA-2019:1245", + "url":"https://access.redhat.com/errata/RHSA-2019:1245" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2859", - "url": "https://access.redhat.com/errata/RHSA-2019:2859" + "refsource":"REDHAT", + "name":"RHSA-2019:2859", + "url":"https://access.redhat.com/errata/RHSA-2019:2859" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/4xxx/CVE-2016-4000.json b/2016/4xxx/CVE-2016-4000.json index 8f85ab1a482..d14fa3d327a 100644 --- a/2016/4xxx/CVE-2016-4000.json +++ b/2016/4xxx/CVE-2016-4000.json @@ -1,126 +1,130 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2016-4000", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2016-4000", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object." + "lang":"eng", + "value":"Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "https://security-tracker.debian.org/tracker/CVE-2016-4000", - "refsource": "MISC", - "url": "https://security-tracker.debian.org/tracker/CVE-2016-4000" + "name":"https://security-tracker.debian.org/tracker/CVE-2016-4000", + "refsource":"MISC", + "url":"https://security-tracker.debian.org/tracker/CVE-2016-4000" }, { - "name": "https://hg.python.org/jython/rev/d06e29d100c0", - "refsource": "CONFIRM", - "url": "https://hg.python.org/jython/rev/d06e29d100c0" + "name":"https://hg.python.org/jython/rev/d06e29d100c0", + "refsource":"CONFIRM", + "url":"https://hg.python.org/jython/rev/d06e29d100c0" }, { - "name": "https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451", - "refsource": "MISC", - "url": "https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451" + "name":"https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451", + "refsource":"MISC", + "url":"https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451" }, { - "name": "http://bugs.jython.org/issue2454", - "refsource": "CONFIRM", - "url": "http://bugs.jython.org/issue2454" + "name":"http://bugs.jython.org/issue2454", + "refsource":"CONFIRM", + "url":"http://bugs.jython.org/issue2454" }, { - "name": "DSA-3893", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2017/dsa-3893" + "name":"DSA-3893", + "refsource":"DEBIAN", + "url":"http://www.debian.org/security/2017/dsa-3893" }, { - "name": "https://hg.python.org/jython/file/v2.7.1rc1/NEWS", - "refsource": "CONFIRM", - "url": "https://hg.python.org/jython/file/v2.7.1rc1/NEWS" + "name":"https://hg.python.org/jython/file/v2.7.1rc1/NEWS", + "refsource":"CONFIRM", + "url":"https://hg.python.org/jython/file/v2.7.1rc1/NEWS" }, { - "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859", - "refsource": "CONFIRM", - "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859" + "name":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859", + "refsource":"CONFIRM", + "url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name": "GLSA-201710-28", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201710-28" + "name":"GLSA-201710-28", + "refsource":"GENTOO", + "url":"https://security.gentoo.org/glsa/201710-28" }, { - "name": "105647", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105647" + "name":"105647", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/105647" }, { - "refsource": "MLIST", - "name": "[infra-devnull] 20190402 [GitHub] [flink] aloyszhang opened pull request #8100: [FLINK-12082] Bump up the jython-standalone version", - "url": "https://lists.apache.org/thread.html/0919ec1db20b1022f22b8e78f355667df74d6142b463ff17d03ad533@%3Cdevnull.infra.apache.org%3E" + "refsource":"MLIST", + "name":"[infra-devnull] 20190402 [GitHub] [flink] aloyszhang opened pull request #8100: [FLINK-12082] Bump up the jython-standalone version", + "url":"https://lists.apache.org/thread.html/0919ec1db20b1022f22b8e78f355667df74d6142b463ff17d03ad533@%3Cdevnull.infra.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/5xxx/CVE-2016-5019.json b/2016/5xxx/CVE-2016-5019.json index b90044ca083..31042e39f0f 100644 --- a/2016/5xxx/CVE-2016-5019.json +++ b/2016/5xxx/CVE-2016-5019.json @@ -1,111 +1,115 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "ID": "CVE-2016-5019", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secalert@redhat.com", + "ID":"CVE-2016-5019", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string." + "lang":"eng", + "value":"CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { - "name": "[myfaces-users] 20160929 Re: CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability", - "refsource": "MLIST", - "url": "http://mail-archives.apache.org/mod_mbox/myfaces-users/201609.mbox/%3CCAM1yOjYM%2BEW3mLUfX0pNAVLfUFRAw-Bhvkp3UE5%3DEQzR8Yxsfw%40mail.gmail.com%3E" + "name":"[myfaces-users] 20160929 Re: CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability", + "refsource":"MLIST", + "url":"http://mail-archives.apache.org/mod_mbox/myfaces-users/201609.mbox/%3CCAM1yOjYM%2BEW3mLUfX0pNAVLfUFRAw-Bhvkp3UE5%3DEQzR8Yxsfw%40mail.gmail.com%3E" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { - "name": "http://packetstormsecurity.com/files/138920/Apache-MyFaces-Trinidad-Information-Disclosure.html", - "refsource": "MISC", - "url": "http://packetstormsecurity.com/files/138920/Apache-MyFaces-Trinidad-Information-Disclosure.html" + "name":"http://packetstormsecurity.com/files/138920/Apache-MyFaces-Trinidad-Information-Disclosure.html", + "refsource":"MISC", + "url":"http://packetstormsecurity.com/files/138920/Apache-MyFaces-Trinidad-Information-Disclosure.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { - "name": "https://issues.apache.org/jira/browse/TRINIDAD-2542", - "refsource": "CONFIRM", - "url": "https://issues.apache.org/jira/browse/TRINIDAD-2542" + "name":"https://issues.apache.org/jira/browse/TRINIDAD-2542", + "refsource":"CONFIRM", + "url":"https://issues.apache.org/jira/browse/TRINIDAD-2542" }, { - "name": "93236", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/93236" + "name":"93236", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/93236" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { - "name": "1037633", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1037633" + "name":"1037633", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1037633" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/6xxx/CVE-2016-6306.json b/2016/6xxx/CVE-2016-6306.json index 46a86ab1721..6e91b63493c 100644 --- a/2016/6xxx/CVE-2016-6306.json +++ b/2016/6xxx/CVE-2016-6306.json @@ -1,201 +1,205 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "ID": "CVE-2016-6306", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secalert@redhat.com", + "ID":"CVE-2016-6306", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c." + "lang":"eng", + "value":"The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.openssl.org/news/secadv/20160922.txt", - "refsource": "CONFIRM", - "url": "https://www.openssl.org/news/secadv/20160922.txt" + "name":"https://www.openssl.org/news/secadv/20160922.txt", + "refsource":"CONFIRM", + "url":"https://www.openssl.org/news/secadv/20160922.txt" }, { - "name": "https://www.tenable.com/security/tns-2016-20", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2016-20" + "name":"https://www.tenable.com/security/tns-2016-20", + "refsource":"CONFIRM", + "url":"https://www.tenable.com/security/tns-2016-20" }, { - "name": "RHSA-2018:2185", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2185" + "name":"RHSA-2018:2185", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2185" }, { - "name": "RHSA-2018:2186", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2186" + "name":"RHSA-2018:2186", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2186" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { - "name": "93153", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/93153" + "name":"93153", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/93153" }, { - "name": "RHSA-2016:1940", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html" + "name":"RHSA-2016:1940", + "refsource":"REDHAT", + "url":"http://rhn.redhat.com/errata/RHSA-2016-1940.html" }, { - "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" + "name":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { - "name": "GLSA-201612-16", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201612-16" + "name":"GLSA-201612-16", + "refsource":"GENTOO", + "url":"https://security.gentoo.org/glsa/201612-16" }, { - "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "refsource": "CONFIRM", - "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" + "name":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "refsource":"CONFIRM", + "url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" }, { - "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", - "refsource": "CONFIRM", - "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us" + "name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", + "refsource":"CONFIRM", + "url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us" }, { - "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "refsource": "CONFIRM", - "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" + "name":"http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "refsource":"CONFIRM", + "url":"http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { - "name": "1036885", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1036885" + "name":"1036885", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1036885" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { - "name": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "refsource": "CONFIRM", - "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" + "name":"https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", + "refsource":"CONFIRM", + "url":"https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" }, { - "name": "https://www.tenable.com/security/tns-2016-16", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2016-16" + "name":"https://www.tenable.com/security/tns-2016-16", + "refsource":"CONFIRM", + "url":"https://www.tenable.com/security/tns-2016-16" }, { - "name": "https://www.tenable.com/security/tns-2016-21", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2016-21" + "name":"https://www.tenable.com/security/tns-2016-21", + "refsource":"CONFIRM", + "url":"https://www.tenable.com/security/tns-2016-21" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { - "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" + "name":"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { - "name": "https://bto.bluecoat.com/security-advisory/sa132", - "refsource": "CONFIRM", - "url": "https://bto.bluecoat.com/security-advisory/sa132" + "name":"https://bto.bluecoat.com/security-advisory/sa132", + "refsource":"CONFIRM", + "url":"https://bto.bluecoat.com/security-advisory/sa132" }, { - "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9" + "name":"https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { - "name": "FreeBSD-SA-16:26", - "refsource": "FREEBSD", - "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc" + "name":"FreeBSD-SA-16:26", + "refsource":"FREEBSD", + "url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc" }, { - "name": "SUSE-SU-2016:2470", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" + "name":"SUSE-SU-2016:2470", + "refsource":"SUSE", + "url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" }, { - "name": "RHSA-2018:2187", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2187" + "name":"RHSA-2018:2187", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2187" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" }, { - "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", - "refsource": "CONFIRM", - "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + "name":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", + "refsource":"CONFIRM", + "url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/6xxx/CVE-2016-6814.json b/2016/6xxx/CVE-2016-6814.json index 64faaa88f75..32ae83e5b3e 100644 --- a/2016/6xxx/CVE-2016-6814.json +++ b/2016/6xxx/CVE-2016-6814.json @@ -1,122 +1,126 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "DATE_PUBLIC": "2018-01-15T00:00:00", - "ID": "CVE-2016-6814", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "DATE_PUBLIC":"2018-01-15T00:00:00", + "ID":"CVE-2016-6814", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability." + "lang":"eng", + "value":"When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { - "name": "RHSA-2017:2596", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2596" + "name":"RHSA-2017:2596", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2596" }, { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "http://mail-archives.apache.org/mod_mbox/www-announce/201701.mbox/%3CCADRx3PMZ2hBCGDTY35zYXFGaDnjAs0tc5-upaVs6QN2sYUejyA%40mail.gmail.com%3E", - "refsource": "MISC", - "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201701.mbox/%3CCADRx3PMZ2hBCGDTY35zYXFGaDnjAs0tc5-upaVs6QN2sYUejyA%40mail.gmail.com%3E" + "name":"http://mail-archives.apache.org/mod_mbox/www-announce/201701.mbox/%3CCADRx3PMZ2hBCGDTY35zYXFGaDnjAs0tc5-upaVs6QN2sYUejyA%40mail.gmail.com%3E", + "refsource":"MISC", + "url":"http://mail-archives.apache.org/mod_mbox/www-announce/201701.mbox/%3CCADRx3PMZ2hBCGDTY35zYXFGaDnjAs0tc5-upaVs6QN2sYUejyA%40mail.gmail.com%3E" }, { - "name": "RHSA-2017:0868", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:0868" + "name":"RHSA-2017:0868", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:0868" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name": "RHSA-2017:2486", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2486" + "name":"RHSA-2017:2486", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2486" }, { - "name": "RHSA-2017:0272", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0272.html" + "name":"RHSA-2017:0272", + "refsource":"REDHAT", + "url":"http://rhn.redhat.com/errata/RHSA-2017-0272.html" }, { - "name": "95429", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/95429" + "name":"95429", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/95429" }, { - "name": "1039600", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1039600" + "name":"1039600", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1039600" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/8xxx/CVE-2016-8610.json b/2016/8xxx/CVE-2016-8610.json index 67f7537e5ff..ec2fa830e6d 100644 --- a/2016/8xxx/CVE-2016-8610.json +++ b/2016/8xxx/CVE-2016-8610.json @@ -1,186 +1,190 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_PUBLIC": "2016-10-24T00:00:00", - "ID": "CVE-2016-8610", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secalert@redhat.com", + "DATE_PUBLIC":"2016-10-24T00:00:00", + "ID":"CVE-2016-8610", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "OpenSSL", - "version": { - "version_data": [ + "product_name":"OpenSSL", + "version":{ + "version_data":[ { - "version_value": "All 0.9.8" + "version_value":"All 0.9.8" }, { - "version_value": "All 1.0.1" + "version_value":"All 1.0.1" }, { - "version_value": "1.0.2 through 1.0.2h" + "version_value":"1.0.2 through 1.0.2h" }, { - "version_value": "1.1.0" + "version_value":"1.1.0" } ] } } ] }, - "vendor_name": "OpenSSL" + "vendor_name":"OpenSSL" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients." + "lang":"eng", + "value":"A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-400" + "lang":"eng", + "value":"CWE-400" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "93841", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/93841" + "name":"93841", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/93841" }, { - "name": "RHSA-2017:1659", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html" + "name":"RHSA-2017:1659", + "refsource":"REDHAT", + "url":"http://rhn.redhat.com/errata/RHSA-2017-1659.html" }, { - "name": "RHSA-2017:1658", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1658" + "name":"RHSA-2017:1658", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:1658" }, { - "name": "https://security.netapp.com/advisory/ntap-20171130-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20171130-0001/" + "name":"https://security.netapp.com/advisory/ntap-20171130-0001/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20171130-0001/" }, { - "name": "RHSA-2017:1801", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1801" + "name":"RHSA-2017:1801", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:1801" }, { - "name": "RHSA-2017:0286", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html" + "name":"RHSA-2017:0286", + "refsource":"REDHAT", + "url":"http://rhn.redhat.com/errata/RHSA-2017-0286.html" }, { - "name": "RHSA-2017:1413", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1413" + "name":"RHSA-2017:1413", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:1413" }, { - "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/87", - "refsource": "CONFIRM", - "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/87" + "name":"https://securityadvisories.paloaltonetworks.com/Home/Detail/87", + "refsource":"CONFIRM", + "url":"https://securityadvisories.paloaltonetworks.com/Home/Detail/87" }, { - "name": "RHSA-2017:2494", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2494" + "name":"RHSA-2017:2494", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2494" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610" + "name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610", + "refsource":"CONFIRM", + "url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610" }, { - "name": "FreeBSD-SA-16:35", - "refsource": "FREEBSD", - "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc" + "name":"FreeBSD-SA-16:35", + "refsource":"FREEBSD", + "url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc" }, { - "name": "RHSA-2017:1414", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1414" + "name":"RHSA-2017:1414", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:1414" }, { - "name": "[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS", - "refsource": "MLIST", - "url": "http://seclists.org/oss-sec/2016/q4/224" + "name":"[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS", + "refsource":"MLIST", + "url":"http://seclists.org/oss-sec/2016/q4/224" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401" }, { - "name": "https://security.360.cn/cve/CVE-2016-8610/", - "refsource": "MISC", - "url": "https://security.360.cn/cve/CVE-2016-8610/" + "name":"https://security.360.cn/cve/CVE-2016-8610/", + "refsource":"MISC", + "url":"https://security.360.cn/cve/CVE-2016-8610/" }, { - "name": "RHSA-2017:0574", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html" + "name":"RHSA-2017:0574", + "refsource":"REDHAT", + "url":"http://rhn.redhat.com/errata/RHSA-2017-0574.html" }, { - "name": "DSA-3773", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2017/dsa-3773" + "name":"DSA-3773", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2017/dsa-3773" }, { - "name": "RHSA-2017:1415", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html" + "name":"RHSA-2017:1415", + "refsource":"REDHAT", + "url":"http://rhn.redhat.com/errata/RHSA-2017-1415.html" }, { - "name": "1037084", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1037084" + "name":"1037084", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1037084" }, { - "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us", - "refsource": "CONFIRM", - "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us" + "name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us", + "refsource":"CONFIRM", + "url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us" }, { - "name": "RHSA-2017:1802", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1802" + "name":"RHSA-2017:1802", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:1802" }, { - "name": "RHSA-2017:2493", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2493" + "name":"RHSA-2017:2493", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2493" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/1000xxx/CVE-2017-1000376.json b/2017/1000xxx/CVE-2017-1000376.json index a07bd991ce7..fb689a1f36b 100644 --- a/2017/1000xxx/CVE-2017-1000376.json +++ b/2017/1000xxx/CVE-2017-1000376.json @@ -1,72 +1,76 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-1000376", - "REQUESTER": "qsa@qualys.com", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2017-1000376", + "REQUESTER":"qsa@qualys.com", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1." + "lang":"eng", + "value":"libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", - "refsource": "MISC", - "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" + "name":"https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", + "refsource":"MISC", + "url":"https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" }, { - "name": "https://access.redhat.com/security/cve/CVE-2017-1000376", - "refsource": "CONFIRM", - "url": "https://access.redhat.com/security/cve/CVE-2017-1000376" + "name":"https://access.redhat.com/security/cve/CVE-2017-1000376", + "refsource":"CONFIRM", + "url":"https://access.redhat.com/security/cve/CVE-2017-1000376" }, { - "name": "DSA-3889", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2017/dsa-3889" + "name":"DSA-3889", + "refsource":"DEBIAN", + "url":"http://www.debian.org/security/2017/dsa-3889" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/12xxx/CVE-2017-12626.json b/2017/12xxx/CVE-2017-12626.json index 9c7752f4a58..5bc4084a344 100644 --- a/2017/12xxx/CVE-2017-12626.json +++ b/2017/12xxx/CVE-2017-12626.json @@ -1,82 +1,86 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "DATE_PUBLIC": "2018-01-26T00:00:00", - "ID": "CVE-2017-12626", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"security@apache.org", + "DATE_PUBLIC":"2018-01-26T00:00:00", + "ID":"CVE-2017-12626", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Apache POI", - "version": { - "version_data": [ + "product_name":"Apache POI", + "version":{ + "version_data":[ { - "version_value": "< 3.17" + "version_value":"< 3.17" } ] } } ] }, - "vendor_name": "Apache Software Foundation" + "vendor_name":"Apache Software Foundation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295)." + "lang":"eng", + "value":"Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295)." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Denial of Service Vulnerabilities" + "lang":"eng", + "value":"Denial of Service Vulnerabilities" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "RHSA-2018:1322", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:1322" + "name":"RHSA-2018:1322", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:1322" }, { - "name": "[dev] 20180126 CVE-2017-12626 - Denial of Service Vulnerabilities in Apache POI < 3.17", - "refsource": "MLIST", - "url": "https://lists.apache.org/thread.html/453d9af5dbabaccd9afb58d27279a9dbfe8e35f4e5ea1645ddd6960b@%3Cdev.poi.apache.org%3E" + "name":"[dev] 20180126 CVE-2017-12626 - Denial of Service Vulnerabilities in Apache POI < 3.17", + "refsource":"MLIST", + "url":"https://lists.apache.org/thread.html/453d9af5dbabaccd9afb58d27279a9dbfe8e35f4e5ea1645ddd6960b@%3Cdev.poi.apache.org%3E" }, { - "name": "102879", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/102879" + "name":"102879", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/102879" }, { - "refsource": "MLIST", - "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", - "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" + "refsource":"MLIST", + "name":"[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/14xxx/CVE-2017-14735.json b/2017/14xxx/CVE-2017-14735.json index 61f6750c6db..4b6a6a022cd 100644 --- a/2017/14xxx/CVE-2017-14735.json +++ b/2017/14xxx/CVE-2017-14735.json @@ -1,81 +1,85 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-14735", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2017-14735", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL." + "lang":"eng", + "value":"OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "https://github.com/nahsra/antisamy/issues/10", - "refsource": "CONFIRM", - "url": "https://github.com/nahsra/antisamy/issues/10" + "name":"https://github.com/nahsra/antisamy/issues/10", + "refsource":"CONFIRM", + "url":"https://github.com/nahsra/antisamy/issues/10" }, { - "name": "105656", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105656" + "name":"105656", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/105656" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/15xxx/CVE-2017-15708.json b/2017/15xxx/CVE-2017-15708.json index 428d5d9dd01..48dca6c11ed 100644 --- a/2017/15xxx/CVE-2017-15708.json +++ b/2017/15xxx/CVE-2017-15708.json @@ -1,82 +1,86 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "DATE_PUBLIC": "2017-12-10T00:00:00", - "ID": "CVE-2017-15708", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"security@apache.org", + "DATE_PUBLIC":"2017-12-10T00:00:00", + "ID":"CVE-2017-15708", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Apache Synapse", - "version": { - "version_data": [ + "product_name":"Apache Synapse", + "version":{ + "version_data":[ { - "version_value": "3.0.0" + "version_value":"3.0.0" }, { - "version_value": "2.1.0" + "version_value":"2.1.0" }, { - "version_value": "2.0.0" + "version_value":"2.0.0" }, { - "version_value": "1.2" + "version_value":"1.2" }, { - "version_value": "1.1.2" + "version_value":"1.1.2" }, { - "version_value": "1.1.1" + "version_value":"1.1.1" } ] } } ] }, - "vendor_name": "Apache Software Foundation" + "vendor_name":"Apache Software Foundation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version." + "lang":"eng", + "value":"In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Remote Code Execution Vulnerability" + "lang":"eng", + "value":"Remote Code Execution Vulnerability" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "102154", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/102154" + "name":"102154", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/102154" }, { - "name": "[dev] 20171210 [CVE-2017-15708] Apache Synapse Remote Code Execution Vulnerability", - "refsource": "MLIST", - "url": "https://lists.apache.org/thread.html/77f2accf240d25d91b47033e2f8ebec84ffbc6e6627112b2f98b66c9@%3Cdev.synapse.apache.org%3E" + "name":"[dev] 20171210 [CVE-2017-15708] Apache Synapse Remote Code Execution Vulnerability", + "refsource":"MLIST", + "url":"https://lists.apache.org/thread.html/77f2accf240d25d91b47033e2f8ebec84ffbc6e6627112b2f98b66c9@%3Cdev.synapse.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/15xxx/CVE-2017-15906.json b/2017/15xxx/CVE-2017-15906.json index e833bd5d6d8..713ede0c9db 100644 --- a/2017/15xxx/CVE-2017-15906.json +++ b/2017/15xxx/CVE-2017-15906.json @@ -1,91 +1,95 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-15906", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2017-15906", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files." + "lang":"eng", + "value":"The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.openssh.com/txt/release-7.6", - "refsource": "CONFIRM", - "url": "https://www.openssh.com/txt/release-7.6" + "name":"https://www.openssh.com/txt/release-7.6", + "refsource":"CONFIRM", + "url":"https://www.openssh.com/txt/release-7.6" }, { - "name": "101552", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/101552" + "name":"101552", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/101552" }, { - "name": "https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19", - "refsource": "CONFIRM", - "url": "https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19" + "name":"https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19", + "refsource":"CONFIRM", + "url":"https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19" }, { - "name": "GLSA-201801-05", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201801-05" + "name":"GLSA-201801-05", + "refsource":"GENTOO", + "url":"https://security.gentoo.org/glsa/201801-05" }, { - "name": "https://security.netapp.com/advisory/ntap-20180423-0004/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20180423-0004/" + "name":"https://security.netapp.com/advisory/ntap-20180423-0004/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20180423-0004/" }, { - "name": "RHSA-2018:0980", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0980" + "name":"RHSA-2018:0980", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:0980" }, { - "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" + "name":"[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/5xxx/CVE-2017-5645.json b/2017/5xxx/CVE-2017-5645.json index 0fa1fef0de6..e6c50dc4c93 100644 --- a/2017/5xxx/CVE-2017-5645.json +++ b/2017/5xxx/CVE-2017-5645.json @@ -1,316 +1,320 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "ID": "CVE-2017-5645", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"security@apache.org", + "ID":"CVE-2017-5645", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Apache Log4j", - "version": { - "version_data": [ + "product_name":"Apache Log4j", + "version":{ + "version_data":[ { - "version_value": "All versions between 2.0-alpha1 and 2.8.1" + "version_value":"All versions between 2.0-alpha1 and 2.8.1" } ] } } ] }, - "vendor_name": "Apache Software Foundation" + "vendor_name":"Apache Software Foundation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code." + "lang":"eng", + "value":"In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Remote Code Execution." + "lang":"eng", + "value":"Remote Code Execution." } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "RHSA-2017:2888", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2888" + "name":"RHSA-2017:2888", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2888" }, { - "name": "RHSA-2017:2809", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2809" + "name":"RHSA-2017:2809", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2809" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { - "name": "97702", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/97702" + "name":"97702", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/97702" }, { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "1041294", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1041294" + "name":"1041294", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1041294" }, { - "name": "RHSA-2017:2810", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2810" + "name":"RHSA-2017:2810", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2810" }, { - "name": "RHSA-2017:1801", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1801" + "name":"RHSA-2017:1801", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:1801" }, { - "name": "RHSA-2017:2889", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2889" + "name":"RHSA-2017:2889", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2889" }, { - "name": "RHSA-2017:2635", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2635" + "name":"RHSA-2017:2635", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2635" }, { - "name": "RHSA-2017:2638", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2638" + "name":"RHSA-2017:2638", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2638" }, { - "name": "https://security.netapp.com/advisory/ntap-20181107-0002/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20181107-0002/" + "name":"https://security.netapp.com/advisory/ntap-20181107-0002/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20181107-0002/" }, { - "name": "RHSA-2017:1417", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1417" + "name":"RHSA-2017:1417", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:1417" }, { - "name": "RHSA-2017:2423", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2423" + "name":"RHSA-2017:2423", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2423" }, { - "name": "RHSA-2017:2808", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2808" + "name":"RHSA-2017:2808", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2808" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { - "name": "1040200", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1040200" + "name":"1040200", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1040200" }, { - "name": "RHSA-2017:2636", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2636" + "name":"RHSA-2017:2636", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2636" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name": "RHSA-2017:3399", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3399" + "name":"RHSA-2017:3399", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:3399" }, { - "name": "https://security.netapp.com/advisory/ntap-20180726-0002/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20180726-0002/" + "name":"https://security.netapp.com/advisory/ntap-20180726-0002/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20180726-0002/" }, { - "name": "RHSA-2017:2637", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2637" + "name":"RHSA-2017:2637", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2637" }, { - "name": "RHSA-2017:3244", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3244" + "name":"RHSA-2017:3244", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:3244" }, { - "name": "https://issues.apache.org/jira/browse/LOG4J2-1863", - "refsource": "CONFIRM", - "url": "https://issues.apache.org/jira/browse/LOG4J2-1863" + "name":"https://issues.apache.org/jira/browse/LOG4J2-1863", + "refsource":"CONFIRM", + "url":"https://issues.apache.org/jira/browse/LOG4J2-1863" }, { - "name": "RHSA-2017:3400", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3400" + "name":"RHSA-2017:3400", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:3400" }, { - "name": "RHSA-2017:2633", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2633" + "name":"RHSA-2017:2633", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2633" }, { - "name": "RHSA-2017:2811", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2811" + "name":"RHSA-2017:2811", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2811" }, { - "name": "RHSA-2017:1802", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1802" + "name":"RHSA-2017:1802", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:1802" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1545", - "url": "https://access.redhat.com/errata/RHSA-2019:1545" + "refsource":"REDHAT", + "name":"RHSA-2019:1545", + "url":"https://access.redhat.com/errata/RHSA-2019:1545" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", - "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E" + "refsource":"MLIST", + "name":"[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", + "url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[logging-dev] 20191215 Re: Is there any chance that there will be a security fix for log4j-v1.2.17?", - "url": "https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc@%3Cdev.logging.apache.org%3E" + "refsource":"MLIST", + "name":"[logging-dev] 20191215 Re: Is there any chance that there will be a security fix for log4j-v1.2.17?", + "url":"https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc@%3Cdev.logging.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[logging-dev] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", - "url": "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125@%3Cdev.logging.apache.org%3E" + "refsource":"MLIST", + "name":"[logging-dev] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url":"https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125@%3Cdev.logging.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[oss-security] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", - "url": "http://www.openwall.com/lists/oss-security/2019/12/19/2" + "refsource":"MLIST", + "name":"[oss-security] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url":"http://www.openwall.com/lists/oss-security/2019/12/19/2" }, { - "refsource": "MLIST", - "name": "[announce] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", - "url": "https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917@%3Cannounce.apache.org%3E" + "refsource":"MLIST", + "name":"[announce] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url":"https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917@%3Cannounce.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[logging-dev] 20191219 Re: [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", - "url": "https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9@%3Cdev.logging.apache.org%3E" + "refsource":"MLIST", + "name":"[logging-dev] 20191219 Re: [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url":"https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9@%3Cdev.logging.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20191226 [jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", - "url": "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20191226 [jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", + "url":"https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac@%3Cissues.activemq.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20191226 [jira] [Created] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", - "url": "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20191226 [jira] [Created] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url":"https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20191226 [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", - "url": "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20191226 [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url":"https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20191230 [jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", - "url": "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20191230 [jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url":"https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20191230 [jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", - "url": "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20191230 [jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", + "url":"https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c@%3Cissues.activemq.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20200106 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", - "url": "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20200106 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url":"https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20200107 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", - "url": "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20200107 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url":"https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", - "url": "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url":"https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", - "url": "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url":"https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", - "url": "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url":"https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", - "url": "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url":"https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", - "url": "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url":"https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", - "url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url":"https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3Cdev.tika.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/0xxx/CVE-2018-0734.json b/2018/0xxx/CVE-2018-0734.json index e3acfa04ab2..e56bf1f7983 100644 --- a/2018/0xxx/CVE-2018-0734.json +++ b/2018/0xxx/CVE-2018-0734.json @@ -1,212 +1,216 @@ + { - "CVE_data_meta": { - "ASSIGNER": "openssl-security@openssl.org", - "DATE_PUBLIC": "2018-10-30", - "ID": "CVE-2018-0734", - "STATE": "PUBLIC", - "TITLE": "Timing attack against DSA" + "CVE_data_meta":{ + "ASSIGNER":"openssl-security@openssl.org", + "DATE_PUBLIC":"2018-10-30", + "ID":"CVE-2018-0734", + "STATE":"PUBLIC", + "TITLE":"Timing attack against DSA" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "OpenSSL", - "version": { - "version_data": [ + "product_name":"OpenSSL", + "version":{ + "version_data":[ { - "version_value": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)" + "version_value":"Fixed in OpenSSL 1.1.1a (Affected 1.1.1)" }, { - "version_value": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)" + "version_value":"Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)" }, { - "version_value": "Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)" + "version_value":"Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)" } ] } } ] }, - "vendor_name": "OpenSSL" + "vendor_name":"OpenSSL" } ] } }, - "credit": [ + "credit":[ { - "lang": "eng", - "value": "Samuel Weiser" + "lang":"eng", + "value":"Samuel Weiser" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)." + "lang":"eng", + "value":"The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)." } ] }, - "impact": [ + "impact":[ { - "lang": "eng", - "url": "https://www.openssl.org/policies/secpolicy.html#Low", - "value": "Low" + "lang":"eng", + "url":"https://www.openssl.org/policies/secpolicy.html#Low", + "value":"Low" } ], - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Constant time issue" + "lang":"eng", + "value":"Constant time issue" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "USN-3840-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3840-1/" + "name":"USN-3840-1", + "refsource":"UBUNTU", + "url":"https://usn.ubuntu.com/3840-1/" }, { - "name": "DSA-4355", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2018/dsa-4355" + "name":"DSA-4355", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2018/dsa-4355" }, { - "name": "https://security.netapp.com/advisory/ntap-20181105-0002/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20181105-0002/" + "name":"https://security.netapp.com/advisory/ntap-20181105-0002/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20181105-0002/" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f" }, { - "name": "https://www.tenable.com/security/tns-2018-17", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2018-17" + "name":"https://www.tenable.com/security/tns-2018-17", + "refsource":"CONFIRM", + "url":"https://www.tenable.com/security/tns-2018-17" }, { - "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "refsource": "CONFIRM", - "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" + "name":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "refsource":"CONFIRM", + "url":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { - "name": "https://www.tenable.com/security/tns-2018-16", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2018-16" + "name":"https://www.tenable.com/security/tns-2018-16", + "refsource":"CONFIRM", + "url":"https://www.tenable.com/security/tns-2018-16" }, { - "name": "105758", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105758" + "name":"105758", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/105758" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7" }, { - "name": "DSA-4348", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2018/dsa-4348" + "name":"DSA-4348", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2018/dsa-4348" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac" }, { - "name": "https://www.openssl.org/news/secadv/20181030.txt", - "refsource": "CONFIRM", - "url": "https://www.openssl.org/news/secadv/20181030.txt" + "name":"https://www.openssl.org/news/secadv/20181030.txt", + "refsource":"CONFIRM", + "url":"https://www.openssl.org/news/secadv/20181030.txt" }, { - "name": "https://security.netapp.com/advisory/ntap-20190118-0002/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20190118-0002/" + "name":"https://security.netapp.com/advisory/ntap-20190118-0002/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20190118-0002/" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190423-0002/", - "url": "https://security.netapp.com/advisory/ntap-20190423-0002/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190423-0002/", + "url":"https://security.netapp.com/advisory/ntap-20190423-0002/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1547", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1547", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1814", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1814", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2304", - "url": "https://access.redhat.com/errata/RHSA-2019:2304" + "refsource":"REDHAT", + "name":"RHSA-2019:2304", + "url":"https://access.redhat.com/errata/RHSA-2019:2304" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-db06efdea1", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" + "refsource":"FEDORA", + "name":"FEDORA-2019-db06efdea1", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-00c25b9379", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" + "refsource":"FEDORA", + "name":"FEDORA-2019-00c25b9379", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-9a0a7c0986", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" + "refsource":"FEDORA", + "name":"FEDORA-2019-9a0a7c0986", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3700", - "url": "https://access.redhat.com/errata/RHSA-2019:3700" + "refsource":"REDHAT", + "name":"RHSA-2019:3700", + "url":"https://access.redhat.com/errata/RHSA-2019:3700" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3933", - "url": "https://access.redhat.com/errata/RHSA-2019:3933" + "refsource":"REDHAT", + "name":"RHSA-2019:3933", + "url":"https://access.redhat.com/errata/RHSA-2019:3933" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3935", - "url": "https://access.redhat.com/errata/RHSA-2019:3935" + "refsource":"REDHAT", + "name":"RHSA-2019:3935", + "url":"https://access.redhat.com/errata/RHSA-2019:3935" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3932", - "url": "https://access.redhat.com/errata/RHSA-2019:3932" + "refsource":"REDHAT", + "name":"RHSA-2019:3932", + "url":"https://access.redhat.com/errata/RHSA-2019:3932" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/0xxx/CVE-2018-0735.json b/2018/0xxx/CVE-2018-0735.json index e92d501fdff..b6c38d1c5c9 100644 --- a/2018/0xxx/CVE-2018-0735.json +++ b/2018/0xxx/CVE-2018-0735.json @@ -1,144 +1,148 @@ + { - "CVE_data_meta": { - "ASSIGNER": "openssl-security@openssl.org", - "DATE_PUBLIC": "2018-10-29", - "ID": "CVE-2018-0735", - "STATE": "PUBLIC", - "TITLE": "Timing attack against ECDSA signature generation" + "CVE_data_meta":{ + "ASSIGNER":"openssl-security@openssl.org", + "DATE_PUBLIC":"2018-10-29", + "ID":"CVE-2018-0735", + "STATE":"PUBLIC", + "TITLE":"Timing attack against ECDSA signature generation" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "OpenSSL", - "version": { - "version_data": [ + "product_name":"OpenSSL", + "version":{ + "version_data":[ { - "version_value": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)" + "version_value":"Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)" }, { - "version_value": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)" + "version_value":"Fixed in OpenSSL 1.1.1a (Affected 1.1.1)" } ] } } ] }, - "vendor_name": "OpenSSL" + "vendor_name":"OpenSSL" } ] } }, - "credit": [ + "credit":[ { - "lang": "eng", - "value": "Samuel Weiser" + "lang":"eng", + "value":"Samuel Weiser" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)." + "lang":"eng", + "value":"The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)." } ] }, - "impact": [ + "impact":[ { - "lang": "eng", - "url": "https://www.openssl.org/policies/secpolicy.html#Low", - "value": "Low" + "lang":"eng", + "url":"https://www.openssl.org/policies/secpolicy.html#Low", + "value":"Low" } ], - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Constant time issue" + "lang":"eng", + "value":"Constant time issue" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1" }, { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "105750", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105750" + "name":"105750", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/105750" }, { - "name": "USN-3840-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3840-1/" + "name":"USN-3840-1", + "refsource":"UBUNTU", + "url":"https://usn.ubuntu.com/3840-1/" }, { - "name": "https://security.netapp.com/advisory/ntap-20181105-0002/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20181105-0002/" + "name":"https://security.netapp.com/advisory/ntap-20181105-0002/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20181105-0002/" }, { - "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "refsource": "CONFIRM", - "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" + "name":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "refsource":"CONFIRM", + "url":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { - "name": "1041986", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1041986" + "name":"1041986", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1041986" }, { - "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" + "name":"[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" }, { - "name": "DSA-4348", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2018/dsa-4348" + "name":"DSA-4348", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2018/dsa-4348" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4" }, { - "name": "https://www.openssl.org/news/secadv/20181029.txt", - "refsource": "CONFIRM", - "url": "https://www.openssl.org/news/secadv/20181029.txt" + "name":"https://www.openssl.org/news/secadv/20181029.txt", + "refsource":"CONFIRM", + "url":"https://www.openssl.org/news/secadv/20181029.txt" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3700", - "url": "https://access.redhat.com/errata/RHSA-2019:3700" + "refsource":"REDHAT", + "name":"RHSA-2019:3700", + "url":"https://access.redhat.com/errata/RHSA-2019:3700" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/1000xxx/CVE-2018-1000030.json b/2018/1000xxx/CVE-2018-1000030.json index 7992612e6a5..7261e56d6f8 100644 --- a/2018/1000xxx/CVE-2018-1000030.json +++ b/2018/1000xxx/CVE-2018-1000030.json @@ -1,104 +1,108 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "DATE_ASSIGNED": "2018-02-02", - "ID": "CVE-2018-1000030", - "REQUESTER": "tylerp96@gmail.com", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "DATE_ASSIGNED":"2018-02-02", + "ID":"CVE-2018-1000030", + "REQUESTER":"tylerp96@gmail.com", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE." + "lang":"eng", + "value":"Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE." } ] }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "LOCAL", - "availabilityImpact": "LOW", - "baseScore": "3.6", - "baseSeverity": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "version": "3.0" + "impact":{ + "cvss":{ + "attackComplexity":"HIGH", + "attackVector":"LOCAL", + "availabilityImpact":"LOW", + "baseScore":"3.6", + "baseSeverity":"LOW", + "confidentialityImpact":"LOW", + "integrityImpact":"NONE", + "privilegesRequired":"LOW", + "scope":"UNCHANGED", + "userInteraction":"NONE", + "vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", + "version":"3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", - "refsource": "MISC", - "url": "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view" + "name":"https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", + "refsource":"MISC", + "url":"https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view" }, { - "name": "USN-3817-2", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3817-2/" + "name":"USN-3817-2", + "refsource":"UBUNTU", + "url":"https://usn.ubuntu.com/3817-2/" }, { - "name": "GLSA-201811-02", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201811-02" + "name":"GLSA-201811-02", + "refsource":"GENTOO", + "url":"https://security.gentoo.org/glsa/201811-02" }, { - "name": "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0", - "refsource": "MISC", - "url": "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" + "name":"https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0", + "refsource":"MISC", + "url":"https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" }, { - "name": "USN-3817-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3817-1/" + "name":"USN-3817-1", + "refsource":"UBUNTU", + "url":"https://usn.ubuntu.com/3817-1/" }, { - "name": "https://bugs.python.org/issue31530", - "refsource": "CONFIRM", - "url": "https://bugs.python.org/issue31530" + "name":"https://bugs.python.org/issue31530", + "refsource":"CONFIRM", + "url":"https://bugs.python.org/issue31530" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/11xxx/CVE-2018-11039.json b/2018/11xxx/CVE-2018-11039.json index c1dbfd21760..98328c3228e 100644 --- a/2018/11xxx/CVE-2018-11039.json +++ b/2018/11xxx/CVE-2018-11039.json @@ -1,98 +1,102 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2018-06-14T04:00:00.000Z", - "ID": "CVE-2018-11039", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secure@dell.com", + "DATE_PUBLIC":"2018-06-14T04:00:00.000Z", + "ID":"CVE-2018-11039", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Spring Framework", - "version": { - "version_data": [ + "product_name":"Spring Framework", + "version":{ + "version_data":[ { - "affected": "<", - "version_name": "5.0.x", - "version_value": "5.0.7" + "affected":"<", + "version_name":"5.0.x", + "version_value":"5.0.7" }, { - "affected": "<", - "version_name": "4.3.x ", - "version_value": "4.3.18" + "affected":"<", + "version_name":"4.3.x ", + "version_value":"4.3.18" } ] } } ] }, - "vendor_name": "Pivotal" + "vendor_name":"Pivotal" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack." + "lang":"eng", + "value":"Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Cross Site Tracing" + "lang":"eng", + "value":"Cross Site Tracing" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "https://pivotal.io/security/cve-2018-11039", - "refsource": "CONFIRM", - "url": "https://pivotal.io/security/cve-2018-11039" + "name":"https://pivotal.io/security/cve-2018-11039", + "refsource":"CONFIRM", + "url":"https://pivotal.io/security/cve-2018-11039" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource": "BID", - "name": "107984", - "url": "http://www.securityfocus.com/bid/107984" + "refsource":"BID", + "name":"107984", + "url":"http://www.securityfocus.com/bid/107984" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "discovery": "UNKNOWN" + "source":{ + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11040.json b/2018/11xxx/CVE-2018-11040.json index 8957eb8f951..0ceb4e9d439 100644 --- a/2018/11xxx/CVE-2018-11040.json +++ b/2018/11xxx/CVE-2018-11040.json @@ -1,93 +1,97 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2018-06-14T04:00:00.000Z", - "ID": "CVE-2018-11040", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secure@dell.com", + "DATE_PUBLIC":"2018-06-14T04:00:00.000Z", + "ID":"CVE-2018-11040", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Spring Framework", - "version": { - "version_data": [ + "product_name":"Spring Framework", + "version":{ + "version_data":[ { - "affected": "<", - "version_name": "5.0.x", - "version_value": "5.0.7" + "affected":"<", + "version_name":"5.0.x", + "version_value":"5.0.7" }, { - "affected": "<", - "version_name": "4.3.x ", - "version_value": "4.3.18" + "affected":"<", + "version_name":"4.3.x ", + "version_value":"4.3.18" } ] } } ] }, - "vendor_name": "Pivotal" + "vendor_name":"Pivotal" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the \"jsonp\" and \"callback\" JSONP parameters, enabling cross-domain requests." + "lang":"eng", + "value":"Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the \"jsonp\" and \"callback\" JSONP parameters, enabling cross-domain requests." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "JSONP enabled by default in MappingJackson2JsonView" + "lang":"eng", + "value":"JSONP enabled by default in MappingJackson2JsonView" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://pivotal.io/security/cve-2018-11040", - "refsource": "CONFIRM", - "url": "https://pivotal.io/security/cve-2018-11040" + "name":"https://pivotal.io/security/cve-2018-11040", + "refsource":"CONFIRM", + "url":"https://pivotal.io/security/cve-2018-11040" }, { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "discovery": "UNKNOWN" + "source":{ + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11054.json b/2018/11xxx/CVE-2018-11054.json index 238f3f09fee..bc3f89d5108 100644 --- a/2018/11xxx/CVE-2018-11054.json +++ b/2018/11xxx/CVE-2018-11054.json @@ -1,87 +1,91 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "ID": "CVE-2018-11054", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secure@dell.com", + "ID":"CVE-2018-11054", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "BSAFE Micro Edition Suite", - "version": { - "version_data": [ + "product_name":"BSAFE Micro Edition Suite", + "version":{ + "version_data":[ { - "affected": "=", - "version_value": "4.1.6" + "affected":"=", + "version_value":"4.1.6" } ] } } ] }, - "vendor_name": "RSA" + "vendor_name":"RSA" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service." + "lang":"eng", + "value":"RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service." } ] }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" + "impact":{ + "cvss":{ + "attackComplexity":"LOW", + "attackVector":"NETWORK", + "availabilityImpact":"HIGH", + "baseScore":7.5, + "baseSeverity":"HIGH", + "confidentialityImpact":"NONE", + "integrityImpact":"NONE", + "privilegesRequired":"NONE", + "scope":"UNCHANGED", + "userInteraction":"NONE", + "vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "integer overflow vulnerability" + "lang":"eng", + "value":"integer overflow vulnerability" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", - "refsource": "FULLDISC", - "url": "http://seclists.org/fulldisclosure/2018/Aug/46" + "name":"20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource":"FULLDISC", + "url":"http://seclists.org/fulldisclosure/2018/Aug/46" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "discovery": "UNKNOWN" + "source":{ + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11055.json b/2018/11xxx/CVE-2018-11055.json index d5a7e43129a..241c08c90e4 100644 --- a/2018/11xxx/CVE-2018-11055.json +++ b/2018/11xxx/CVE-2018-11055.json @@ -1,91 +1,95 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "ID": "CVE-2018-11055", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secure@dell.com", + "ID":"CVE-2018-11055", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "BSAFE Micro Edition Suite", - "version": { - "version_data": [ + "product_name":"BSAFE Micro Edition Suite", + "version":{ + "version_data":[ { - "affected": "<", - "version_value": "4.0.11" + "affected":"<", + "version_value":"4.0.11" }, { - "affected": "<", - "version_value": "4.1.6.1" + "affected":"<", + "version_value":"4.1.6.1" } ] } } ] }, - "vendor_name": "RSA" + "vendor_name":"RSA" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection." + "lang":"eng", + "value":"RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection." } ] }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "NONE", - "baseScore": 4.4, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "HIGH", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", - "version": "3.0" + "impact":{ + "cvss":{ + "attackComplexity":"LOW", + "attackVector":"LOCAL", + "availabilityImpact":"NONE", + "baseScore":4.4, + "baseSeverity":"MEDIUM", + "confidentialityImpact":"HIGH", + "integrityImpact":"NONE", + "privilegesRequired":"HIGH", + "scope":"UNCHANGED", + "userInteraction":"NONE", + "vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version":"3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability" + "lang":"eng", + "value":"Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", - "refsource": "FULLDISC", - "url": "http://seclists.org/fulldisclosure/2018/Aug/46" + "name":"20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource":"FULLDISC", + "url":"http://seclists.org/fulldisclosure/2018/Aug/46" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "discovery": "UNKNOWN" + "source":{ + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11056.json b/2018/11xxx/CVE-2018-11056.json index d055343e44c..7db2223da06 100644 --- a/2018/11xxx/CVE-2018-11056.json +++ b/2018/11xxx/CVE-2018-11056.json @@ -1,105 +1,109 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "ID": "CVE-2018-11056", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secure@dell.com", + "ID":"CVE-2018-11056", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "BSAFE Micro Edition Suite", - "version": { - "version_data": [ + "product_name":"BSAFE Micro Edition Suite", + "version":{ + "version_data":[ { - "affected": "<", - "version_value": "4.1.6.1" + "affected":"<", + "version_value":"4.1.6.1" } ] } } ] }, - "vendor_name": "RSA" + "vendor_name":"RSA" }, { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "BSAFE Crypto-C Micro Edition", - "version": { - "version_data": [ + "product_name":"BSAFE Crypto-C Micro Edition", + "version":{ + "version_data":[ { - "affected": "<", - "version_value": "4.0.5.3" + "affected":"<", + "version_value":"4.0.5.3" } ] } } ] }, - "vendor_name": "RSA" + "vendor_name":"RSA" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service." + "lang":"eng", + "value":"RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service." } ] }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "version": "3.0" + "impact":{ + "cvss":{ + "attackComplexity":"LOW", + "attackVector":"NETWORK", + "availabilityImpact":"HIGH", + "baseScore":6.5, + "baseSeverity":"MEDIUM", + "confidentialityImpact":"NONE", + "integrityImpact":"NONE", + "privilegesRequired":"NONE", + "scope":"UNCHANGED", + "userInteraction":"REQUIRED", + "vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version":"3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability " + "lang":"eng", + "value":"Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability " } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", - "refsource": "FULLDISC", - "url": "http://seclists.org/fulldisclosure/2018/Aug/46" + "name":"20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource":"FULLDISC", + "url":"http://seclists.org/fulldisclosure/2018/Aug/46" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "discovery": "UNKNOWN" + "source":{ + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11057.json b/2018/11xxx/CVE-2018-11057.json index 12d42232e35..2c4d63f9e79 100644 --- a/2018/11xxx/CVE-2018-11057.json +++ b/2018/11xxx/CVE-2018-11057.json @@ -1,91 +1,95 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "ID": "CVE-2018-11057", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secure@dell.com", + "ID":"CVE-2018-11057", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "BSAFE Micro Edition Suite", - "version": { - "version_data": [ + "product_name":"BSAFE Micro Edition Suite", + "version":{ + "version_data":[ { - "affected": "<", - "version_value": "4.0.11" + "affected":"<", + "version_value":"4.0.11" }, { - "affected": "<", - "version_value": "4.1.6.1" + "affected":"<", + "version_value":"4.1.6.1" } ] } } ] }, - "vendor_name": "RSA" + "vendor_name":"RSA" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key." + "lang":"eng", + "value":"RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key." } ] }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 5.9, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "version": "3.0" + "impact":{ + "cvss":{ + "attackComplexity":"HIGH", + "attackVector":"NETWORK", + "availabilityImpact":"NONE", + "baseScore":5.9, + "baseSeverity":"MEDIUM", + "confidentialityImpact":"HIGH", + "integrityImpact":"NONE", + "privilegesRequired":"NONE", + "scope":"UNCHANGED", + "userInteraction":"NONE", + "vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version":"3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Covert Timing Channel vulnerability" + "lang":"eng", + "value":"Covert Timing Channel vulnerability" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", - "refsource": "FULLDISC", - "url": "http://seclists.org/fulldisclosure/2018/Aug/46" + "name":"20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource":"FULLDISC", + "url":"http://seclists.org/fulldisclosure/2018/Aug/46" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "discovery": "UNKNOWN" + "source":{ + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11058.json b/2018/11xxx/CVE-2018-11058.json index be385cff604..56f787a0ac2 100644 --- a/2018/11xxx/CVE-2018-11058.json +++ b/2018/11xxx/CVE-2018-11058.json @@ -1,107 +1,111 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "ID": "CVE-2018-11058", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secure@dell.com", + "ID":"CVE-2018-11058", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "BSAFE Micro Edition Suite", - "version": { - "version_data": [ + "product_name":"BSAFE Micro Edition Suite", + "version":{ + "version_data":[ { - "affected": "<", - "version_value": "4.0.11" + "affected":"<", + "version_value":"4.0.11" }, { - "affected": "<", - "version_value": "4.1.6.1" + "affected":"<", + "version_value":"4.1.6.1" } ] } }, { - "product_name": "BSAFE Crypto-C Micro Edition", - "version": { - "version_data": [ + "product_name":"BSAFE Crypto-C Micro Edition", + "version":{ + "version_data":[ { - "affected": "<", - "version_value": "4.0.5.3" + "affected":"<", + "version_value":"4.0.5.3" } ] } } ] }, - "vendor_name": "RSA" + "vendor_name":"RSA" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue." + "lang":"eng", + "value":"RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue." } ] }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" + "impact":{ + "cvss":{ + "attackComplexity":"LOW", + "attackVector":"NETWORK", + "availabilityImpact":"HIGH", + "baseScore":7.5, + "baseSeverity":"HIGH", + "confidentialityImpact":"NONE", + "integrityImpact":"NONE", + "privilegesRequired":"NONE", + "scope":"UNCHANGED", + "userInteraction":"NONE", + "vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Buffer Over-Read vulnerability" + "lang":"eng", + "value":"Buffer Over-Read vulnerability" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", - "refsource": "FULLDISC", - "url": "http://seclists.org/fulldisclosure/2018/Aug/46" + "name":"20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource":"FULLDISC", + "url":"http://seclists.org/fulldisclosure/2018/Aug/46" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "BID", - "name": "108106", - "url": "http://www.securityfocus.com/bid/108106" + "refsource":"BID", + "name":"108106", + "url":"http://www.securityfocus.com/bid/108106" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "discovery": "UNKNOWN" + "source":{ + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11307.json b/2018/11xxx/CVE-2018-11307.json index 0d83390c121..5cfbd3ed8b5 100644 --- a/2018/11xxx/CVE-2018-11307.json +++ b/2018/11xxx/CVE-2018-11307.json @@ -1,146 +1,150 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-11307", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2018-11307", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6." + "lang":"eng", + "value":"An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", - "refsource": "MISC", - "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" + "url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "refsource":"MISC", + "name":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { - "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525", - "refsource": "MISC", - "name": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525" + "url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7525", + "refsource":"MISC", + "name":"https://nvd.nist.gov/vuln/detail/CVE-2017-7525" }, { - "refsource": "CONFIRM", - "name": "https://access.redhat.com/errata/RHSA-2019:0782", - "url": "https://access.redhat.com/errata/RHSA-2019:0782" + "refsource":"CONFIRM", + "name":"https://access.redhat.com/errata/RHSA-2019:0782", + "url":"https://access.redhat.com/errata/RHSA-2019:0782" }, { - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/issues/2032", - "url": "https://github.com/FasterXML/jackson-databind/issues/2032" + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/issues/2032", + "url":"https://github.com/FasterXML/jackson-databind/issues/2032" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1822", - "url": "https://access.redhat.com/errata/RHSA-2019:1822" + "refsource":"REDHAT", + "name":"RHSA-2019:1822", + "url":"https://access.redhat.com/errata/RHSA-2019:1822" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1823", - "url": "https://access.redhat.com/errata/RHSA-2019:1823" + "refsource":"REDHAT", + "name":"RHSA-2019:1823", + "url":"https://access.redhat.com/errata/RHSA-2019:1823" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2804", - "url": "https://access.redhat.com/errata/RHSA-2019:2804" + "refsource":"REDHAT", + "name":"RHSA-2019:2804", + "url":"https://access.redhat.com/errata/RHSA-2019:2804" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2858", - "url": "https://access.redhat.com/errata/RHSA-2019:2858" + "refsource":"REDHAT", + "name":"RHSA-2019:2858", + "url":"https://access.redhat.com/errata/RHSA-2019:2858" }, { - "refsource": "MLIST", - "name": "[lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0", - "url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E" + "refsource":"MLIST", + "name":"[lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0", + "url":"https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3002", - "url": "https://access.redhat.com/errata/RHSA-2019:3002" + "refsource":"REDHAT", + "name":"RHSA-2019:3002", + "url":"https://access.redhat.com/errata/RHSA-2019:3002" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3140", - "url": "https://access.redhat.com/errata/RHSA-2019:3140" + "refsource":"REDHAT", + "name":"RHSA-2019:3140", + "url":"https://access.redhat.com/errata/RHSA-2019:3140" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3149", - "url": "https://access.redhat.com/errata/RHSA-2019:3149" + "refsource":"REDHAT", + "name":"RHSA-2019:3149", + "url":"https://access.redhat.com/errata/RHSA-2019:3149" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3892", - "url": "https://access.redhat.com/errata/RHSA-2019:3892" + "refsource":"REDHAT", + "name":"RHSA-2019:3892", + "url":"https://access.redhat.com/errata/RHSA-2019:3892" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:4037", - "url": "https://access.redhat.com/errata/RHSA-2019:4037" + "refsource":"REDHAT", + "name":"RHSA-2019:4037", + "url":"https://access.redhat.com/errata/RHSA-2019:4037" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/11xxx/CVE-2018-11759.json b/2018/11xxx/CVE-2018-11759.json index daafcc6a270..fd99ec76aa5 100644 --- a/2018/11xxx/CVE-2018-11759.json +++ b/2018/11xxx/CVE-2018-11759.json @@ -1,106 +1,110 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "ID": "CVE-2018-11759", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"security@apache.org", + "ID":"CVE-2018-11759", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Apache Tomcat Connectors", - "version": { - "version_data": [ + "product_name":"Apache Tomcat Connectors", + "version":{ + "version_data":[ { - "version_value": "Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44" + "version_value":"Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44" } ] } } ] }, - "vendor_name": "Apache Software Foundation" + "vendor_name":"Apache Software Foundation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical." + "lang":"eng", + "value":"The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Information Disclosure" + "lang":"eng", + "value":"Information Disclosure" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "DSA-4357", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2018/dsa-4357" + "name":"DSA-4357", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2018/dsa-4357" }, { - "name": "RHSA-2019:0367", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2019:0367" + "name":"RHSA-2019:0367", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2019:0367" }, { - "name": "105888", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105888" + "name":"105888", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/105888" }, { - "name": "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E", - "refsource": "MISC", - "url": "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E" + "name":"https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E", + "refsource":"MISC", + "url":"https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E" }, { - "name": "[debian-lts-announce] 20181217 [SECURITY] [DLA 1609-1] libapache-mod-jk security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html" + "name":"[debian-lts-announce] 20181217 [SECURITY] [DLA 1609-1] libapache-mod-jk security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html" }, { - "name": "RHSA-2019:0366", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2019:0366" + "name":"RHSA-2019:0366", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2019:0366" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url":"https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url":"https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/11xxx/CVE-2018-11784.json b/2018/11xxx/CVE-2018-11784.json index 6f5dfb72966..b0efcc5a6bb 100644 --- a/2018/11xxx/CVE-2018-11784.json +++ b/2018/11xxx/CVE-2018-11784.json @@ -1,218 +1,222 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "DATE_PUBLIC": "2018-10-03T00:00:00", - "ID": "CVE-2018-11784", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"security@apache.org", + "DATE_PUBLIC":"2018-10-03T00:00:00", + "ID":"CVE-2018-11784", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Apache Tomcat", - "version": { - "version_data": [ + "product_name":"Apache Tomcat", + "version":{ + "version_data":[ { - "version_value": "9.0.0.M1 to 9.0.11" + "version_value":"9.0.0.M1 to 9.0.11" }, { - "version_value": "8.5.0 to 8.5.33" + "version_value":"8.5.0 to 8.5.33" }, { - "version_value": "7.0.23 to 7.0.90" + "version_value":"7.0.23 to 7.0.90" } ] } } ] }, - "vendor_name": "Apache Software Foundation" + "vendor_name":"Apache Software Foundation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice." + "lang":"eng", + "value":"When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Open Redirect" + "lang":"eng", + "value":"Open Redirect" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "[announce] 20181003 [SECURITY] CVE-2018-11784 Apache Tomcat - Open Redirect", - "refsource": "MLIST", - "url": "https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E" + "name":"[announce] 20181003 [SECURITY] CVE-2018-11784 Apache Tomcat - Open Redirect", + "refsource":"MLIST", + "url":"https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E" }, { - "name": "https://security.netapp.com/advisory/ntap-20181014-0002/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20181014-0002/" + "name":"https://security.netapp.com/advisory/ntap-20181014-0002/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20181014-0002/" }, { - "name": "105524", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105524" + "name":"105524", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/105524" }, { - "name": "RHSA-2019:0131", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2019:0131" + "name":"RHSA-2019:0131", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2019:0131" }, { - "name": "RHSA-2019:0485", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2019:0485" + "name":"RHSA-2019:0485", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2019:0485" }, { - "name": "RHSA-2019:0130", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2019:0130" + "name":"RHSA-2019:0130", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2019:0130" }, { - "name": "[debian-lts-announce] 20181014 [SECURITY] [DLA 1544-1] tomcat7 security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html" + "name":"[debian-lts-announce] 20181014 [SECURITY] [DLA 1544-1] tomcat7 security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html" }, { - "name": "USN-3787-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3787-1/" + "name":"USN-3787-1", + "refsource":"UBUNTU", + "url":"https://usn.ubuntu.com/3787-1/" }, { - "name": "[debian-lts-announce] 20181015 [SECURITY] [DLA 1545-1] tomcat8 security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html" + "name":"[debian-lts-announce] 20181015 [SECURITY] [DLA 1545-1] tomcat8 security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "FEDORA", - "name": "FEDORA-2018-b18f9dd65b", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP/" + "refsource":"FEDORA", + "name":"FEDORA-2018-b18f9dd65b", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP/" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1547", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1547", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1529", - "url": "https://access.redhat.com/errata/RHSA-2019:1529" + "refsource":"REDHAT", + "name":"RHSA-2019:1529", + "url":"https://access.redhat.com/errata/RHSA-2019:1529" }, { - "refsource": "CONFIRM", - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10284", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10284" + "refsource":"CONFIRM", + "name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10284", + "url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10284" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1814", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1814", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "DEBIAN", - "name": "DSA-4596", - "url": "https://www.debian.org/security/2019/dsa-4596" + "refsource":"DEBIAN", + "name":"DSA-4596", + "url":"https://www.debian.org/security/2019/dsa-4596" }, { - "refsource": "BUGTRAQ", - "name": "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", - "url": "https://seclists.org/bugtraq/2019/Dec/43" + "refsource":"BUGTRAQ", + "name":"20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", + "url":"https://seclists.org/bugtraq/2019/Dec/43" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/14xxx/CVE-2018-14718.json b/2018/14xxx/CVE-2018-14718.json index 9131c81350f..f657552ee75 100644 --- a/2018/14xxx/CVE-2018-14718.json +++ b/2018/14xxx/CVE-2018-14718.json @@ -1,211 +1,215 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-14718", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2018-14718", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization." + "lang":"eng", + "value":"FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", - "refsource": "CONFIRM", - "url": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44" + "name":"https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", + "refsource":"CONFIRM", + "url":"https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44" }, { - "name": "https://github.com/FasterXML/jackson-databind/issues/2097", - "refsource": "CONFIRM", - "url": "https://github.com/FasterXML/jackson-databind/issues/2097" + "name":"https://github.com/FasterXML/jackson-databind/issues/2097", + "refsource":"CONFIRM", + "url":"https://github.com/FasterXML/jackson-databind/issues/2097" }, { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", - "refsource": "CONFIRM", - "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7" + "name":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", + "refsource":"CONFIRM", + "url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7" }, { - "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html" + "name":"[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html" }, { - "refsource": "MLIST", - "name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", - "url": "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E" + "refsource":"MLIST", + "name":"[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", + "url":"https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", - "url": "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E" + "refsource":"MLIST", + "name":"[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", + "url":"https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource": "MLIST", - "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", - "url": "https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df@%3Cdev.lucene.apache.org%3E" + "refsource":"MLIST", + "name":"[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", + "url":"https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df@%3Cdev.lucene.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0782", - "url": "https://access.redhat.com/errata/RHSA-2019:0782" + "refsource":"REDHAT", + "name":"RHSA-2019:0782", + "url":"https://access.redhat.com/errata/RHSA-2019:0782" }, { - "refsource": "BID", - "name": "106601", - "url": "http://www.securityfocus.com/bid/106601" + "refsource":"BID", + "name":"106601", + "url":"http://www.securityfocus.com/bid/106601" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0877", - "url": "https://access.redhat.com/errata/RHSA-2019:0877" + "refsource":"REDHAT", + "name":"RHSA-2019:0877", + "url":"https://access.redhat.com/errata/RHSA-2019:0877" }, { - "refsource": "REDHAT", - "name": "RHBA-2019:0959", - "url": "https://access.redhat.com/errata/RHBA-2019:0959" + "refsource":"REDHAT", + "name":"RHBA-2019:0959", + "url":"https://access.redhat.com/errata/RHBA-2019:0959" }, { - "refsource": "DEBIAN", - "name": "DSA-4452", - "url": "https://www.debian.org/security/2019/dsa-4452" + "refsource":"DEBIAN", + "name":"DSA-4452", + "url":"https://www.debian.org/security/2019/dsa-4452" }, { - "refsource": "BUGTRAQ", - "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", - "url": "https://seclists.org/bugtraq/2019/May/68" + "refsource":"BUGTRAQ", + "name":"20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", + "url":"https://seclists.org/bugtraq/2019/May/68" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190530-0003/", - "url": "https://security.netapp.com/advisory/ntap-20190530-0003/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190530-0003/", + "url":"https://security.netapp.com/advisory/ntap-20190530-0003/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1782", - "url": "https://access.redhat.com/errata/RHSA-2019:1782" + "refsource":"REDHAT", + "name":"RHSA-2019:1782", + "url":"https://access.redhat.com/errata/RHSA-2019:1782" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1797", - "url": "https://access.redhat.com/errata/RHSA-2019:1797" + "refsource":"REDHAT", + "name":"RHSA-2019:1797", + "url":"https://access.redhat.com/errata/RHSA-2019:1797" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1822", - "url": "https://access.redhat.com/errata/RHSA-2019:1822" + "refsource":"REDHAT", + "name":"RHSA-2019:1822", + "url":"https://access.redhat.com/errata/RHSA-2019:1822" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1823", - "url": "https://access.redhat.com/errata/RHSA-2019:1823" + "refsource":"REDHAT", + "name":"RHSA-2019:1823", + "url":"https://access.redhat.com/errata/RHSA-2019:1823" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2804", - "url": "https://access.redhat.com/errata/RHSA-2019:2804" + "refsource":"REDHAT", + "name":"RHSA-2019:2804", + "url":"https://access.redhat.com/errata/RHSA-2019:2804" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2858", - "url": "https://access.redhat.com/errata/RHSA-2019:2858" + "refsource":"REDHAT", + "name":"RHSA-2019:2858", + "url":"https://access.redhat.com/errata/RHSA-2019:2858" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3002", - "url": "https://access.redhat.com/errata/RHSA-2019:3002" + "refsource":"REDHAT", + "name":"RHSA-2019:3002", + "url":"https://access.redhat.com/errata/RHSA-2019:3002" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3140", - "url": "https://access.redhat.com/errata/RHSA-2019:3140" + "refsource":"REDHAT", + "name":"RHSA-2019:3140", + "url":"https://access.redhat.com/errata/RHSA-2019:3140" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3149", - "url": "https://access.redhat.com/errata/RHSA-2019:3149" + "refsource":"REDHAT", + "name":"RHSA-2019:3149", + "url":"https://access.redhat.com/errata/RHSA-2019:3149" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3892", - "url": "https://access.redhat.com/errata/RHSA-2019:3892" + "refsource":"REDHAT", + "name":"RHSA-2019:3892", + "url":"https://access.redhat.com/errata/RHSA-2019:3892" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:4037", - "url": "https://access.redhat.com/errata/RHSA-2019:4037" + "refsource":"REDHAT", + "name":"RHSA-2019:4037", + "url":"https://access.redhat.com/errata/RHSA-2019:4037" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/15xxx/CVE-2018-15473.json b/2018/15xxx/CVE-2018-15473.json index 8a69e3b1cd9..3d789ff1c17 100644 --- a/2018/15xxx/CVE-2018-15473.json +++ b/2018/15xxx/CVE-2018-15473.json @@ -1,136 +1,140 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-15473", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2018-15473", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c." + "lang":"eng", + "value":"OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "GLSA-201810-03", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201810-03" + "name":"GLSA-201810-03", + "refsource":"GENTOO", + "url":"https://security.gentoo.org/glsa/201810-03" }, { - "name": "1041487", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1041487" + "name":"1041487", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1041487" }, { - "name": "45233", - "refsource": "EXPLOIT-DB", - "url": "https://www.exploit-db.com/exploits/45233/" + "name":"45233", + "refsource":"EXPLOIT-DB", + "url":"https://www.exploit-db.com/exploits/45233/" }, { - "name": "https://bugs.debian.org/906236", - "refsource": "MISC", - "url": "https://bugs.debian.org/906236" + "name":"https://bugs.debian.org/906236", + "refsource":"MISC", + "url":"https://bugs.debian.org/906236" }, { - "name": "45210", - "refsource": "EXPLOIT-DB", - "url": "https://www.exploit-db.com/exploits/45210/" + "name":"45210", + "refsource":"EXPLOIT-DB", + "url":"https://www.exploit-db.com/exploits/45210/" }, { - "name": "https://security.netapp.com/advisory/ntap-20181101-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20181101-0001/" + "name":"https://security.netapp.com/advisory/ntap-20181101-0001/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20181101-0001/" }, { - "name": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0", - "refsource": "MISC", - "url": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0" + "name":"https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0", + "refsource":"MISC", + "url":"https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0" }, { - "name": "USN-3809-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3809-1/" + "name":"USN-3809-1", + "refsource":"UBUNTU", + "url":"https://usn.ubuntu.com/3809-1/" }, { - "name": "[debian-lts-announce] 20180821 [SECURITY] [DLA-1474-1] openssh security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html" + "name":"[debian-lts-announce] 20180821 [SECURITY] [DLA-1474-1] openssh security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html" }, { - "name": "105140", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105140" + "name":"105140", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/105140" }, { - "name": "DSA-4280", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2018/dsa-4280" + "name":"DSA-4280", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2018/dsa-4280" }, { - "name": "45939", - "refsource": "EXPLOIT-DB", - "url": "https://www.exploit-db.com/exploits/45939/" + "name":"45939", + "refsource":"EXPLOIT-DB", + "url":"https://www.exploit-db.com/exploits/45939/" }, { - "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011", - "refsource": "CONFIRM", - "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011" + "name":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011", + "refsource":"CONFIRM", + "url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011" }, { - "name": "http://www.openwall.com/lists/oss-security/2018/08/15/5", - "refsource": "MISC", - "url": "http://www.openwall.com/lists/oss-security/2018/08/15/5" + "name":"http://www.openwall.com/lists/oss-security/2018/08/15/5", + "refsource":"MISC", + "url":"http://www.openwall.com/lists/oss-security/2018/08/15/5" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0711", - "url": "https://access.redhat.com/errata/RHSA-2019:0711" + "refsource":"REDHAT", + "name":"RHSA-2019:0711", + "url":"https://access.redhat.com/errata/RHSA-2019:0711" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2143", - "url": "https://access.redhat.com/errata/RHSA-2019:2143" + "refsource":"REDHAT", + "name":"RHSA-2019:2143", + "url":"https://access.redhat.com/errata/RHSA-2019:2143" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/15xxx/CVE-2018-15756.json b/2018/15xxx/CVE-2018-15756.json index a977123eaee..3e6552b9738 100644 --- a/2018/15xxx/CVE-2018-15756.json +++ b/2018/15xxx/CVE-2018-15756.json @@ -1,160 +1,164 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2018-10-16T07:00:00.000Z", - "ID": "CVE-2018-15756", - "STATE": "PUBLIC", - "TITLE": "DoS Attack via Range Requests" + "CVE_data_meta":{ + "ASSIGNER":"secure@dell.com", + "DATE_PUBLIC":"2018-10-16T07:00:00.000Z", + "ID":"CVE-2018-15756", + "STATE":"PUBLIC", + "TITLE":"DoS Attack via Range Requests" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Spring framework", - "version": { - "version_data": [ + "product_name":"Spring framework", + "version":{ + "version_data":[ { - "affected": "=", - "version_name": "5.1", - "version_value": "5.1" + "affected":"=", + "version_name":"5.1", + "version_value":"5.1" }, { - "affected": "<=", - "version_name": "5.0.0", - "version_value": "5.0.9" + "affected":"<=", + "version_name":"5.0.0", + "version_value":"5.0.9" }, { - "affected": "<=", - "version_name": "4.3", - "version_value": "4.3.19" + "affected":"<=", + "version_name":"4.3", + "version_value":"4.3.19" } ] } } ] }, - "vendor_name": "Pivotal" + "vendor_name":"Pivotal" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable." + "lang":"eng", + "value":"Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable." } ] }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" + "impact":{ + "cvss":{ + "attackComplexity":"LOW", + "attackVector":"NETWORK", + "availabilityImpact":"HIGH", + "baseScore":7.5, + "baseSeverity":"HIGH", + "confidentialityImpact":"NONE", + "integrityImpact":"NONE", + "privilegesRequired":"NONE", + "scope":"UNCHANGED", + "userInteraction":"NONE", + "vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Numeric Range Comparison Without Minimum Check" + "lang":"eng", + "value":"Numeric Range Comparison Without Minimum Check" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "105703", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105703" + "name":"105703", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/105703" }, { - "name": "https://pivotal.io/security/cve-2018-15756", - "refsource": "CONFIRM", - "url": "https://pivotal.io/security/cve-2018-15756" + "name":"https://pivotal.io/security/cve-2018-15756", + "refsource":"CONFIRM", + "url":"https://pivotal.io/security/cve-2018-15756" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20190529 [jira] [Created] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url": "https://lists.apache.org/thread.html/a3071e11c6fbd593022074ec1b4693f6d948c2b02cfa4a5d854aed68@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20190529 [jira] [Created] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url":"https://lists.apache.org/thread.html/a3071e11c6fbd593022074ec1b4693f6d948c2b02cfa4a5d854aed68@%3Cissues.activemq.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20190529 [jira] [Commented] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url": "https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20190529 [jira] [Commented] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url":"https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12@%3Cissues.activemq.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20190529 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url": "https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20190529 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url":"https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd@%3Cissues.activemq.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20190626 [jira] [Assigned] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url": "https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20190626 [jira] [Assigned] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url":"https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d@%3Cissues.activemq.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20190626 [jira] [Work logged] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url": "https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20190626 [jira] [Work logged] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url":"https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3@%3Cissues.activemq.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20190716 [jira] [Commented] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url": "https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20190716 [jira] [Commented] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url":"https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228@%3Cissues.activemq.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20190826 [jira] [Reopened] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url": "https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20190826 [jira] [Reopened] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url":"https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd@%3Cissues.activemq.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20190826 [jira] [Closed] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url": "https://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20190826 [jira] [Closed] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url":"https://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d@%3Cissues.activemq.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20190826 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url": "https://lists.apache.org/thread.html/f8905507a2c94af6b08b72d7be0c4b8c6660e585f00abfafeccc86bc@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20190826 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url":"https://lists.apache.org/thread.html/f8905507a2c94af6b08b72d7be0c4b8c6660e585f00abfafeccc86bc@%3Cissues.activemq.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "discovery": "UNKNOWN" + "source":{ + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15769.json b/2018/15xxx/CVE-2018-15769.json index cf1cc9a9c24..d3dd7290917 100644 --- a/2018/15xxx/CVE-2018-15769.json +++ b/2018/15xxx/CVE-2018-15769.json @@ -1,76 +1,80 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "ID": "CVE-2018-15769", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secure@dell.com", + "ID":"CVE-2018-15769", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used." + "lang":"eng", + "value":"RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "105929", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105929" + "name":"105929", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/105929" }, { - "name": "20181112 DSA-2018-198: RSA BSAFE Micro Edition Suite Key Management Error Vulnerability", - "refsource": "FULLDISC", - "url": "https://seclists.org/fulldisclosure/2018/Nov/37" + "name":"20181112 DSA-2018-198: RSA BSAFE Micro Edition Suite Key Management Error Vulnerability", + "refsource":"FULLDISC", + "url":"https://seclists.org/fulldisclosure/2018/Nov/37" }, { - "name": "1042057", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1042057" + "name":"1042057", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1042057" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/16xxx/CVE-2018-16395.json b/2018/16xxx/CVE-2018-16395.json index 4371d45988b..e813c12b16f 100644 --- a/2018/16xxx/CVE-2018-16395.json +++ b/2018/16xxx/CVE-2018-16395.json @@ -1,146 +1,150 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-16395", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2018-16395", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations." + "lang":"eng", + "value":"An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/", - "refsource": "CONFIRM", - "url": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/" + "name":"https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/", + "refsource":"CONFIRM", + "url":"https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/" }, { - "name": "RHSA-2018:3738", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3738" + "name":"RHSA-2018:3738", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:3738" }, { - "name": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/", - "refsource": "CONFIRM", - "url": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/" + "name":"https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/", + "refsource":"CONFIRM", + "url":"https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/" }, { - "name": "RHSA-2018:3729", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3729" + "name":"RHSA-2018:3729", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:3729" }, { - "name": "https://hackerone.com/reports/387250", - "refsource": "MISC", - "url": "https://hackerone.com/reports/387250" + "name":"https://hackerone.com/reports/387250", + "refsource":"MISC", + "url":"https://hackerone.com/reports/387250" }, { - "name": "RHSA-2018:3730", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3730" + "name":"RHSA-2018:3730", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:3730" }, { - "name": "RHSA-2018:3731", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3731" + "name":"RHSA-2018:3731", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:3731" }, { - "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/", - "refsource": "CONFIRM", - "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/" + "name":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/", + "refsource":"CONFIRM", + "url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/" }, { - "name": "DSA-4332", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2018/dsa-4332" + "name":"DSA-4332", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2018/dsa-4332" }, { - "name": "USN-3808-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3808-1/" + "name":"USN-3808-1", + "refsource":"UBUNTU", + "url":"https://usn.ubuntu.com/3808-1/" }, { - "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/", - "refsource": "CONFIRM", - "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/" + "name":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/", + "refsource":"CONFIRM", + "url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/" }, { - "name": "https://security.netapp.com/advisory/ntap-20190221-0002/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20190221-0002/" + "name":"https://security.netapp.com/advisory/ntap-20190221-0002/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20190221-0002/" }, { - "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/", - "refsource": "CONFIRM", - "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/" + "name":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/", + "refsource":"CONFIRM", + "url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/" }, { - "name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html" + "name":"[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html" }, { - "name": "1042105", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1042105" + "name":"1042105", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1042105" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1771", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1771", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1948", - "url": "https://access.redhat.com/errata/RHSA-2019:1948" + "refsource":"REDHAT", + "name":"RHSA-2019:1948", + "url":"https://access.redhat.com/errata/RHSA-2019:1948" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2565", - "url": "https://access.redhat.com/errata/RHSA-2019:2565" + "refsource":"REDHAT", + "name":"RHSA-2019:2565", + "url":"https://access.redhat.com/errata/RHSA-2019:2565" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/17xxx/CVE-2018-17189.json b/2018/17xxx/CVE-2018-17189.json index 6a58f66aad8..1d47db46c73 100644 --- a/2018/17xxx/CVE-2018-17189.json +++ b/2018/17xxx/CVE-2018-17189.json @@ -1,152 +1,156 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "DATE_PUBLIC": "2019-01-22T00:00:00", - "ID": "CVE-2018-17189", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"security@apache.org", + "DATE_PUBLIC":"2019-01-22T00:00:00", + "ID":"CVE-2018-17189", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Apache HTTP Server", - "version": { - "version_data": [ + "product_name":"Apache HTTP Server", + "version":{ + "version_data":[ { - "version_value": "2.4.17 to 2.4.37" + "version_value":"2.4.17 to 2.4.37" } ] } } ] }, - "vendor_name": "Apache Software Foundation" + "vendor_name":"Apache Software Foundation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections." + "lang":"eng", + "value":"In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "mod_http2, DoS via slow request bodies" + "lang":"eng", + "value":"mod_http2, DoS via slow request bodies" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://httpd.apache.org/security/vulnerabilities_24.html", - "refsource": "CONFIRM", - "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + "name":"https://httpd.apache.org/security/vulnerabilities_24.html", + "refsource":"CONFIRM", + "url":"https://httpd.apache.org/security/vulnerabilities_24.html" }, { - "name": "106685", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/106685" + "name":"106685", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/106685" }, { - "name": "https://security.netapp.com/advisory/ntap-20190125-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20190125-0001/" + "name":"https://security.netapp.com/advisory/ntap-20190125-0001/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20190125-0001/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-0300c36537", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/" + "refsource":"FEDORA", + "name":"FEDORA-2019-0300c36537", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-133a8a7cb5", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/" + "refsource":"FEDORA", + "name":"FEDORA-2019-133a8a7cb5", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/" }, { - "refsource": "GENTOO", - "name": "GLSA-201903-21", - "url": "https://security.gentoo.org/glsa/201903-21" + "refsource":"GENTOO", + "name":"GLSA-201903-21", + "url":"https://security.gentoo.org/glsa/201903-21" }, { - "refsource": "BUGTRAQ", - "name": "20190403 [SECURITY] [DSA 4422-1] apache2 security update", - "url": "https://seclists.org/bugtraq/2019/Apr/5" + "refsource":"BUGTRAQ", + "name":"20190403 [SECURITY] [DSA 4422-1] apache2 security update", + "url":"https://seclists.org/bugtraq/2019/Apr/5" }, { - "refsource": "UBUNTU", - "name": "USN-3937-1", - "url": "https://usn.ubuntu.com/3937-1/" + "refsource":"UBUNTU", + "name":"USN-3937-1", + "url":"https://usn.ubuntu.com/3937-1/" }, { - "refsource": "DEBIAN", - "name": "DSA-4422", - "url": "https://www.debian.org/security/2019/dsa-4422" + "refsource":"DEBIAN", + "name":"DSA-4422", + "url":"https://www.debian.org/security/2019/dsa-4422" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "MLIST", - "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", - "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" + "refsource":"MLIST", + "name":"[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", + "url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", - "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" + "refsource":"MLIST", + "name":"[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", + "url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" }, { - "refsource": "CONFIRM", - "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", - "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us" + "refsource":"CONFIRM", + "name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", + "url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3933", - "url": "https://access.redhat.com/errata/RHSA-2019:3933" + "refsource":"REDHAT", + "name":"RHSA-2019:3933", + "url":"https://access.redhat.com/errata/RHSA-2019:3933" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3935", - "url": "https://access.redhat.com/errata/RHSA-2019:3935" + "refsource":"REDHAT", + "name":"RHSA-2019:3935", + "url":"https://access.redhat.com/errata/RHSA-2019:3935" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3932", - "url": "https://access.redhat.com/errata/RHSA-2019:3932" + "refsource":"REDHAT", + "name":"RHSA-2019:3932", + "url":"https://access.redhat.com/errata/RHSA-2019:3932" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:4126", - "url": "https://access.redhat.com/errata/RHSA-2019:4126" + "refsource":"REDHAT", + "name":"RHSA-2019:4126", + "url":"https://access.redhat.com/errata/RHSA-2019:4126" }, { - "refsource": "CONFIRM", - "name": "https://www.tenable.com/security/tns-2019-09", - "url": "https://www.tenable.com/security/tns-2019-09" + "refsource":"CONFIRM", + "name":"https://www.tenable.com/security/tns-2019-09", + "url":"https://www.tenable.com/security/tns-2019-09" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/19xxx/CVE-2018-19362.json b/2018/19xxx/CVE-2018-19362.json index 87e070ba0f1..c65d8dd4c6c 100644 --- a/2018/19xxx/CVE-2018-19362.json +++ b/2018/19xxx/CVE-2018-19362.json @@ -1,221 +1,225 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-19362", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2018-19362", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization." + "lang":"eng", + "value":"FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://github.com/FasterXML/jackson-databind/issues/2186", - "refsource": "CONFIRM", - "url": "https://github.com/FasterXML/jackson-databind/issues/2186" + "name":"https://github.com/FasterXML/jackson-databind/issues/2186", + "refsource":"CONFIRM", + "url":"https://github.com/FasterXML/jackson-databind/issues/2186" }, { - "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html" + "name":"[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html" }, { - "name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8", - "refsource": "CONFIRM", - "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8" + "name":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8", + "refsource":"CONFIRM", + "url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8" }, { - "name": "https://issues.apache.org/jira/browse/TINKERPOP-2121", - "refsource": "CONFIRM", - "url": "https://issues.apache.org/jira/browse/TINKERPOP-2121" + "name":"https://issues.apache.org/jira/browse/TINKERPOP-2121", + "refsource":"CONFIRM", + "url":"https://issues.apache.org/jira/browse/TINKERPOP-2121" }, { - "name": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b", - "refsource": "CONFIRM", - "url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b" + "name":"https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b", + "refsource":"CONFIRM", + "url":"https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b" }, { - "refsource": "MLIST", - "name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities", - "url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E" + "refsource":"MLIST", + "name":"[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities", + "url":"https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities", - "url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E" + "refsource":"MLIST", + "name":"[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities", + "url":"https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", - "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E" + "refsource":"MLIST", + "name":"[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", + "url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0782", - "url": "https://access.redhat.com/errata/RHSA-2019:0782" + "refsource":"REDHAT", + "name":"RHSA-2019:0782", + "url":"https://access.redhat.com/errata/RHSA-2019:0782" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0877", - "url": "https://access.redhat.com/errata/RHSA-2019:0877" + "refsource":"REDHAT", + "name":"RHSA-2019:0877", + "url":"https://access.redhat.com/errata/RHSA-2019:0877" }, { - "refsource": "REDHAT", - "name": "RHBA-2019:0959", - "url": "https://access.redhat.com/errata/RHBA-2019:0959" + "refsource":"REDHAT", + "name":"RHBA-2019:0959", + "url":"https://access.redhat.com/errata/RHBA-2019:0959" }, { - "refsource": "DEBIAN", - "name": "DSA-4452", - "url": "https://www.debian.org/security/2019/dsa-4452" + "refsource":"DEBIAN", + "name":"DSA-4452", + "url":"https://www.debian.org/security/2019/dsa-4452" }, { - "refsource": "BUGTRAQ", - "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", - "url": "https://seclists.org/bugtraq/2019/May/68" + "refsource":"BUGTRAQ", + "name":"20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", + "url":"https://seclists.org/bugtraq/2019/May/68" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190530-0003/", - "url": "https://security.netapp.com/advisory/ntap-20190530-0003/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190530-0003/", + "url":"https://security.netapp.com/advisory/ntap-20190530-0003/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1782", - "url": "https://access.redhat.com/errata/RHSA-2019:1782" + "refsource":"REDHAT", + "name":"RHSA-2019:1782", + "url":"https://access.redhat.com/errata/RHSA-2019:1782" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1797", - "url": "https://access.redhat.com/errata/RHSA-2019:1797" + "refsource":"REDHAT", + "name":"RHSA-2019:1797", + "url":"https://access.redhat.com/errata/RHSA-2019:1797" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "BID", - "name": "107985", - "url": "http://www.securityfocus.com/bid/107985" + "refsource":"BID", + "name":"107985", + "url":"http://www.securityfocus.com/bid/107985" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1822", - "url": "https://access.redhat.com/errata/RHSA-2019:1822" + "refsource":"REDHAT", + "name":"RHSA-2019:1822", + "url":"https://access.redhat.com/errata/RHSA-2019:1822" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1823", - "url": "https://access.redhat.com/errata/RHSA-2019:1823" + "refsource":"REDHAT", + "name":"RHSA-2019:1823", + "url":"https://access.redhat.com/errata/RHSA-2019:1823" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2804", - "url": "https://access.redhat.com/errata/RHSA-2019:2804" + "refsource":"REDHAT", + "name":"RHSA-2019:2804", + "url":"https://access.redhat.com/errata/RHSA-2019:2804" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2858", - "url": "https://access.redhat.com/errata/RHSA-2019:2858" + "refsource":"REDHAT", + "name":"RHSA-2019:2858", + "url":"https://access.redhat.com/errata/RHSA-2019:2858" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3002", - "url": "https://access.redhat.com/errata/RHSA-2019:3002" + "refsource":"REDHAT", + "name":"RHSA-2019:3002", + "url":"https://access.redhat.com/errata/RHSA-2019:3002" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3140", - "url": "https://access.redhat.com/errata/RHSA-2019:3140" + "refsource":"REDHAT", + "name":"RHSA-2019:3140", + "url":"https://access.redhat.com/errata/RHSA-2019:3140" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3149", - "url": "https://access.redhat.com/errata/RHSA-2019:3149" + "refsource":"REDHAT", + "name":"RHSA-2019:3149", + "url":"https://access.redhat.com/errata/RHSA-2019:3149" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource":"MLIST", + "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3892", - "url": "https://access.redhat.com/errata/RHSA-2019:3892" + "refsource":"REDHAT", + "name":"RHSA-2019:3892", + "url":"https://access.redhat.com/errata/RHSA-2019:3892" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:4037", - "url": "https://access.redhat.com/errata/RHSA-2019:4037" + "refsource":"REDHAT", + "name":"RHSA-2019:4037", + "url":"https://access.redhat.com/errata/RHSA-2019:4037" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/1xxx/CVE-2018-1060.json b/2018/1xxx/CVE-2018-1060.json index a2bb5891124..44371dc3160 100644 --- a/2018/1xxx/CVE-2018-1060.json +++ b/2018/1xxx/CVE-2018-1060.json @@ -1,175 +1,179 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "ID": "CVE-2018-1060", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secalert@redhat.com", + "ID":"CVE-2018-1060", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "python", - "version": { - "version_data": [ + "product_name":"python", + "version":{ + "version_data":[ { - "version_value": "python 2.7.15" + "version_value":"python 2.7.15" }, { - "version_value": "python 3.4.9" + "version_value":"python 3.4.9" }, { - "version_value": "python 3.5.6" + "version_value":"python 3.5.6" }, { - "version_value": "python 3.7.0" + "version_value":"python 3.7.0" } ] } } ] }, - "vendor_name": "[UNKNOWN]" + "vendor_name":"[UNKNOWN]" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service." + "lang":"eng", + "value":"python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service." } ] }, - "impact": { - "cvss": [ + "impact":{ + "cvss":[ [ { - "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "version": "3.0" + "vectorString":"4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version":"3.0" } ] ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-20" + "lang":"eng", + "value":"CWE-20" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "DSA-4306", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2018/dsa-4306" + "name":"DSA-4306", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2018/dsa-4306" }, { - "name": "1042001", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1042001" + "name":"1042001", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1042001" }, { - "name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html" + "name":"[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html" }, { - "name": "https://bugs.python.org/issue32981", - "refsource": "CONFIRM", - "url": "https://bugs.python.org/issue32981" + "name":"https://bugs.python.org/issue32981", + "refsource":"CONFIRM", + "url":"https://bugs.python.org/issue32981" }, { - "name": "USN-3817-2", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3817-2/" + "name":"USN-3817-2", + "refsource":"UBUNTU", + "url":"https://usn.ubuntu.com/3817-2/" }, { - "name": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", - "refsource": "CONFIRM", - "url": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1" + "name":"https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", + "refsource":"CONFIRM", + "url":"https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1" }, { - "name": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", - "refsource": "CONFIRM", - "url": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1" + "name":"https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", + "refsource":"CONFIRM", + "url":"https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1" }, { - "name": "RHSA-2018:3505", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3505" + "name":"RHSA-2018:3505", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:3505" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060" + "name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060", + "refsource":"CONFIRM", + "url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060" }, { - "name": "RHSA-2018:3041", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3041" + "name":"RHSA-2018:3041", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:3041" }, { - "name": "DSA-4307", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2018/dsa-4307" + "name":"DSA-4307", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2018/dsa-4307" }, { - "name": "USN-3817-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3817-1/" + "name":"USN-3817-1", + "refsource":"UBUNTU", + "url":"https://usn.ubuntu.com/3817-1/" }, { - "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html" + "name":"[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-6e1938a3c5", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/" + "refsource":"FEDORA", + "name":"FEDORA-2019-6e1938a3c5", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-cf725dd20b", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/" + "refsource":"FEDORA", + "name":"FEDORA-2019-cf725dd20b", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-51f1e08207", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/" + "refsource":"FEDORA", + "name":"FEDORA-2019-51f1e08207", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/" }, { - "refsource": "REDHAT", - "name": "RHBA-2019:0327", - "url": "https://access.redhat.com/errata/RHBA-2019:0327" + "refsource":"REDHAT", + "name":"RHBA-2019:0327", + "url":"https://access.redhat.com/errata/RHBA-2019:0327" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1260", - "url": "https://access.redhat.com/errata/RHSA-2019:1260" + "refsource":"REDHAT", + "name":"RHSA-2019:1260", + "url":"https://access.redhat.com/errata/RHSA-2019:1260" }, { - "refsource": "CONFIRM", - "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us", - "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us" + "refsource":"CONFIRM", + "name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us", + "url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3725", - "url": "https://access.redhat.com/errata/RHSA-2019:3725" + "refsource":"REDHAT", + "name":"RHSA-2019:3725", + "url":"https://access.redhat.com/errata/RHSA-2019:3725" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/1xxx/CVE-2018-1257.json b/2018/1xxx/CVE-2018-1257.json index fdd798ad4ea..0a8ff049f00 100644 --- a/2018/1xxx/CVE-2018-1257.json +++ b/2018/1xxx/CVE-2018-1257.json @@ -1,97 +1,101 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2018-05-09T00:00:00", - "ID": "CVE-2018-1257", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secure@dell.com", + "DATE_PUBLIC":"2018-05-09T00:00:00", + "ID":"CVE-2018-1257", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Spring Framework", - "version": { - "version_data": [ + "product_name":"Spring Framework", + "version":{ + "version_data":[ { - "version_value": "5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17" + "version_value":"5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17" } ] } } ] }, - "vendor_name": "Pivotal" + "vendor_name":"Pivotal" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack." + "lang":"eng", + "value":"Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "ReDoS" + "lang":"eng", + "value":"ReDoS" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "104260", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/104260" + "name":"104260", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/104260" }, { - "name": "RHSA-2018:1809", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:1809" + "name":"RHSA-2018:1809", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:1809" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name": "https://pivotal.io/security/cve-2018-1257", - "refsource": "CONFIRM", - "url": "https://pivotal.io/security/cve-2018-1257" + "name":"https://pivotal.io/security/cve-2018-1257", + "refsource":"CONFIRM", + "url":"https://pivotal.io/security/cve-2018-1257" }, { - "name": "RHSA-2018:3768", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3768" + "name":"RHSA-2018:3768", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:3768" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/1xxx/CVE-2018-1258.json b/2018/1xxx/CVE-2018-1258.json index f3a282fc06a..9004ab64f6d 100644 --- a/2018/1xxx/CVE-2018-1258.json +++ b/2018/1xxx/CVE-2018-1258.json @@ -1,113 +1,117 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2018-05-09T00:00:00", - "ID": "CVE-2018-1258", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secure@dell.com", + "DATE_PUBLIC":"2018-05-09T00:00:00", + "ID":"CVE-2018-1258", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Spring Framework", - "version": { - "version_data": [ + "product_name":"Spring Framework", + "version":{ + "version_data":[ { - "affected": "=", - "version_value": "5.0.5" + "affected":"=", + "version_value":"5.0.5" } ] } } ] }, - "vendor_name": "Pivotal" + "vendor_name":"Pivotal" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted." + "lang":"eng", + "value":"Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Authorization Bypass" + "lang":"eng", + "value":"Authorization Bypass" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "104222", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/104222" + "name":"104222", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/104222" }, { - "name": "1041888", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1041888" + "name":"1041888", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1041888" }, { - "name": "1041896", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1041896" + "name":"1041896", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1041896" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name": "https://security.netapp.com/advisory/ntap-20181018-0002/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20181018-0002/" + "name":"https://security.netapp.com/advisory/ntap-20181018-0002/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20181018-0002/" }, { - "name": "https://pivotal.io/security/cve-2018-1258", - "refsource": "CONFIRM", - "url": "https://pivotal.io/security/cve-2018-1258" + "name":"https://pivotal.io/security/cve-2018-1258", + "refsource":"CONFIRM", + "url":"https://pivotal.io/security/cve-2018-1258" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2413", - "url": "https://access.redhat.com/errata/RHSA-2019:2413" + "refsource":"REDHAT", + "name":"RHSA-2019:2413", + "url":"https://access.redhat.com/errata/RHSA-2019:2413" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/20xxx/CVE-2018-20684.json b/2018/20xxx/CVE-2018-20684.json index 65272d33daa..e56c39f2696 100644 --- a/2018/20xxx/CVE-2018-20684.json +++ b/2018/20xxx/CVE-2018-20684.json @@ -1,81 +1,85 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-20684", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2018-20684", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp." + "lang":"eng", + "value":"In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "106526", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/106526" + "name":"106526", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/106526" }, { - "name": "https://github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54", - "refsource": "MISC", - "url": "https://github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54" + "name":"https://github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54", + "refsource":"MISC", + "url":"https://github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54" }, { - "name": "https://winscp.net/eng/docs/history", - "refsource": "MISC", - "url": "https://winscp.net/eng/docs/history" + "name":"https://winscp.net/eng/docs/history", + "refsource":"MISC", + "url":"https://winscp.net/eng/docs/history" }, { - "name": "https://winscp.net/tracker/1675", - "refsource": "MISC", - "url": "https://winscp.net/tracker/1675" + "name":"https://winscp.net/tracker/1675", + "refsource":"MISC", + "url":"https://winscp.net/tracker/1675" }, { - "name": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", - "refsource": "MISC", - "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" + "name":"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", + "refsource":"MISC", + "url":"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/5xxx/CVE-2018-5407.json b/2018/5xxx/CVE-2018-5407.json index 73825b67eb1..ca8c0bc149f 100644 --- a/2018/5xxx/CVE-2018-5407.json +++ b/2018/5xxx/CVE-2018-5407.json @@ -1,186 +1,190 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cert@cert.org", - "ID": "CVE-2018-5407", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cert@cert.org", + "ID":"CVE-2018-5407", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Processors supporting Simultaneous Multi-Threading", - "version": { - "version_data": [ + "product_name":"Processors supporting Simultaneous Multi-Threading", + "version":{ + "version_data":[ { - "version_value": "N/A" + "version_value":"N/A" } ] } } ] }, - "vendor_name": "N/A" + "vendor_name":"N/A" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'." + "lang":"eng", + "value":"Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-200" + "lang":"eng", + "value":"CWE-200" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "RHSA-2019:0483", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2019:0483" + "name":"RHSA-2019:0483", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2019:0483" }, { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "https://security.netapp.com/advisory/ntap-20181126-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20181126-0001/" + "name":"https://security.netapp.com/advisory/ntap-20181126-0001/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20181126-0001/" }, { - "name": "USN-3840-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3840-1/" + "name":"USN-3840-1", + "refsource":"UBUNTU", + "url":"https://usn.ubuntu.com/3840-1/" }, { - "name": "DSA-4355", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2018/dsa-4355" + "name":"DSA-4355", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2018/dsa-4355" }, { - "name": "https://www.tenable.com/security/tns-2018-17", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2018-17" + "name":"https://www.tenable.com/security/tns-2018-17", + "refsource":"CONFIRM", + "url":"https://www.tenable.com/security/tns-2018-17" }, { - "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "refsource": "CONFIRM", - "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" + "name":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "refsource":"CONFIRM", + "url":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { - "name": "GLSA-201903-10", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201903-10" + "name":"GLSA-201903-10", + "refsource":"GENTOO", + "url":"https://security.gentoo.org/glsa/201903-10" }, { - "name": "https://www.tenable.com/security/tns-2018-16", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2018-16" + "name":"https://www.tenable.com/security/tns-2018-16", + "refsource":"CONFIRM", + "url":"https://www.tenable.com/security/tns-2018-16" }, { - "name": "45785", - "refsource": "EXPLOIT-DB", - "url": "https://www.exploit-db.com/exploits/45785/" + "name":"45785", + "refsource":"EXPLOIT-DB", + "url":"https://www.exploit-db.com/exploits/45785/" }, { - "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" + "name":"[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" }, { - "name": "https://github.com/bbbrumley/portsmash", - "refsource": "MISC", - "url": "https://github.com/bbbrumley/portsmash" + "name":"https://github.com/bbbrumley/portsmash", + "refsource":"MISC", + "url":"https://github.com/bbbrumley/portsmash" }, { - "name": "DSA-4348", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2018/dsa-4348" + "name":"DSA-4348", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2018/dsa-4348" }, { - "name": "105897", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105897" + "name":"105897", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/105897" }, { - "name": "https://eprint.iacr.org/2018/1060.pdf", - "refsource": "MISC", - "url": "https://eprint.iacr.org/2018/1060.pdf" + "name":"https://eprint.iacr.org/2018/1060.pdf", + "refsource":"MISC", + "url":"https://eprint.iacr.org/2018/1060.pdf" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0651", - "url": "https://access.redhat.com/errata/RHSA-2019:0651" + "refsource":"REDHAT", + "name":"RHSA-2019:0651", + "url":"https://access.redhat.com/errata/RHSA-2019:0651" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0652", - "url": "https://access.redhat.com/errata/RHSA-2019:0652" + "refsource":"REDHAT", + "name":"RHSA-2019:0652", + "url":"https://access.redhat.com/errata/RHSA-2019:0652" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2125", - "url": "https://access.redhat.com/errata/RHSA-2019:2125" + "refsource":"REDHAT", + "name":"RHSA-2019:2125", + "url":"https://access.redhat.com/errata/RHSA-2019:2125" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS", - "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS", + "url":"https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3929", - "url": "https://access.redhat.com/errata/RHSA-2019:3929" + "refsource":"REDHAT", + "name":"RHSA-2019:3929", + "url":"https://access.redhat.com/errata/RHSA-2019:3929" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3933", - "url": "https://access.redhat.com/errata/RHSA-2019:3933" + "refsource":"REDHAT", + "name":"RHSA-2019:3933", + "url":"https://access.redhat.com/errata/RHSA-2019:3933" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3931", - "url": "https://access.redhat.com/errata/RHSA-2019:3931" + "refsource":"REDHAT", + "name":"RHSA-2019:3931", + "url":"https://access.redhat.com/errata/RHSA-2019:3931" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3935", - "url": "https://access.redhat.com/errata/RHSA-2019:3935" + "refsource":"REDHAT", + "name":"RHSA-2019:3935", + "url":"https://access.redhat.com/errata/RHSA-2019:3935" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3932", - "url": "https://access.redhat.com/errata/RHSA-2019:3932" + "refsource":"REDHAT", + "name":"RHSA-2019:3932", + "url":"https://access.redhat.com/errata/RHSA-2019:3932" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/6xxx/CVE-2018-6829.json b/2018/6xxx/CVE-2018-6829.json index 49e39b3c7e3..fbce92b39f6 100644 --- a/2018/6xxx/CVE-2018-6829.json +++ b/2018/6xxx/CVE-2018-6829.json @@ -1,71 +1,75 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-6829", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2018-6829", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation." + "lang":"eng", + "value":"cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "refsource": "MISC", - "url": "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki" + "name":"https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "refsource":"MISC", + "url":"https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki" }, { - "name": "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "refsource": "MISC", - "url": "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html" + "name":"https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "refsource":"MISC", + "url":"https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html" }, { - "name": "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "refsource": "MISC", - "url": "https://github.com/weikengchen/attack-on-libgcrypt-elgamal" + "name":"https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "refsource":"MISC", + "url":"https://github.com/weikengchen/attack-on-libgcrypt-elgamal" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/8xxx/CVE-2018-8032.json b/2018/8xxx/CVE-2018-8032.json index ca3b59b75fc..657c28e6ed7 100644 --- a/2018/8xxx/CVE-2018-8032.json +++ b/2018/8xxx/CVE-2018-8032.json @@ -1,82 +1,86 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "DATE_PUBLIC": "2018-07-08T00:00:00", - "ID": "CVE-2018-8032", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"security@apache.org", + "DATE_PUBLIC":"2018-07-08T00:00:00", + "ID":"CVE-2018-8032", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Apache Axis", - "version": { - "version_data": [ + "product_name":"Apache Axis", + "version":{ + "version_data":[ { - "version_value": "1.x up to and including 1.4" + "version_value":"1.x up to and including 1.4" } ] } } ] }, - "vendor_name": "Apache Software Foundation" + "vendor_name":"Apache Software Foundation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services." + "lang":"eng", + "value":"Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Cross-site Scripting" + "lang":"eng", + "value":"Cross-site Scripting" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://issues.apache.org/jira/browse/AXIS-2924", - "refsource": "CONFIRM", - "url": "https://issues.apache.org/jira/browse/AXIS-2924" + "name":"https://issues.apache.org/jira/browse/AXIS-2924", + "refsource":"CONFIRM", + "url":"https://issues.apache.org/jira/browse/AXIS-2924" }, { - "name": "[axis-java-dev] 20180708 [jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerability", - "refsource": "MLIST", - "url": "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060@Atlassian.JIRA%3E" + "name":"[axis-java-dev] 20180708 [jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerability", + "refsource":"MLIST", + "url":"http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060@Atlassian.JIRA%3E" }, { - "refsource": "MLIST", - "name": "[axis-java-dev] 20190925 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability", - "url": "https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041@%3Cjava-dev.axis.apache.org%3E" + "refsource":"MLIST", + "name":"[axis-java-dev] 20190925 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability", + "url":"https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041@%3Cjava-dev.axis.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[axis-java-dev] 20190929 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability", - "url": "https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b@%3Cjava-dev.axis.apache.org%3E" + "refsource":"MLIST", + "name":"[axis-java-dev] 20190929 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability", + "url":"https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b@%3Cjava-dev.axis.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/8xxx/CVE-2018-8039.json b/2018/8xxx/CVE-2018-8039.json index c8bee967390..ceadcc90477 100644 --- a/2018/8xxx/CVE-2018-8039.json +++ b/2018/8xxx/CVE-2018-8039.json @@ -1,140 +1,144 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "DATE_PUBLIC": "2018-06-28T00:00:00", - "ID": "CVE-2018-8039", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"security@apache.org", + "DATE_PUBLIC":"2018-06-28T00:00:00", + "ID":"CVE-2018-8039", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Apache CXF", - "version": { - "version_data": [ + "product_name":"Apache CXF", + "version":{ + "version_data":[ { - "version_value": "prior to 3.1.16" + "version_value":"prior to 3.1.16" }, { - "version_value": "3.2.x prior to 3.2.5" + "version_value":"3.2.x prior to 3.2.5" } ] } } ] }, - "vendor_name": "Apache Software Foundation" + "vendor_name":"Apache Software Foundation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty(\"java.protocol.handler.pkgs\", \"com.sun.net.ssl.internal.www.protocol\");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks." + "lang":"eng", + "value":"It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty(\"java.protocol.handler.pkgs\", \"com.sun.net.ssl.internal.www.protocol\");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Improper Validation of Certificate with Host Mismatch" + "lang":"eng", + "value":"Improper Validation of Certificate with Host Mismatch" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b", - "refsource": "CONFIRM", - "url": "https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b" + "name":"https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b", + "refsource":"CONFIRM", + "url":"https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b" }, { - "name": "RHSA-2018:2428", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2428" + "name":"RHSA-2018:2428", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2428" }, { - "name": "RHSA-2018:3817", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3817" + "name":"RHSA-2018:3817", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:3817" }, { - "name": "RHSA-2018:2643", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2643" + "name":"RHSA-2018:2643", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2643" }, { - "name": "[cxf-user] 20180628 Apache CXF 3.2.6 and 3.1.16 are released", - "refsource": "MLIST", - "url": "https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866@%3Cdev.cxf.apache.org%3E" + "name":"[cxf-user] 20180628 Apache CXF 3.2.6 and 3.1.16 are released", + "refsource":"MLIST", + "url":"https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866@%3Cdev.cxf.apache.org%3E" }, { - "name": "106357", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/106357" + "name":"106357", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/106357" }, { - "name": "RHSA-2018:2279", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2279" + "name":"RHSA-2018:2279", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2279" }, { - "name": "RHSA-2018:2424", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2424" + "name":"RHSA-2018:2424", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2424" }, { - "name": "RHSA-2018:2276", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2276" + "name":"RHSA-2018:2276", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2276" }, { - "name": "RHSA-2018:2423", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2423" + "name":"RHSA-2018:2423", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2423" }, { - "name": "RHSA-2018:2425", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2425" + "name":"RHSA-2018:2425", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2425" }, { - "name": "RHSA-2018:2277", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2277" + "name":"RHSA-2018:2277", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2277" }, { - "name": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2", - "refsource": "CONFIRM", - "url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2" + "name":"http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2", + "refsource":"CONFIRM", + "url":"http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2" }, { - "name": "1041199", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1041199" + "name":"1041199", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1041199" }, { - "name": "RHSA-2018:3768", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3768" + "name":"RHSA-2018:3768", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:3768" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/0xxx/CVE-2019-0199.json b/2019/0xxx/CVE-2019-0199.json index 93cedd7b58b..38770a11a90 100644 --- a/2019/0xxx/CVE-2019-0199.json +++ b/2019/0xxx/CVE-2019-0199.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-0199", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-0199", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "n/a", - "product": { - "product_data": [ + "vendor_name":"n/a", + "product":{ + "product_data":[ { - "product_name": "Apache Tomcat", - "version": { - "version_data": [ + "product_name":"Apache Tomcat", + "version":{ + "version_data":[ { - "version_value": "Apache Tomcat 9.0.0.M1 to 9.0.14, 8.5.0 to 8.5.37" + "version_value":"Apache Tomcat 9.0.0.M1 to 9.0.14, 8.5.0 to 8.5.37" } ] } @@ -30,172 +31,175 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "DoS" + "lang":"eng", + "value":"DoS" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "name": "https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E", - "url": "https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E" + "refsource":"MISC", + "name":"https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E", + "url":"https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190419-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190419-0001/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190419-0001/", + "url":"https://security.netapp.com/advisory/ntap-20190419-0001/" }, { - "refsource": "MLIST", - "name": "[tomee-commits] 20190528 [jira] [Closed] (TOMEE-2497) Upgrade Tomcat in TomEE 7.0.x/7.1.x/8.0.x for CVE-2019-0199", - "url": "https://lists.apache.org/thread.html/e56886e1bac9319ecce81b3612dd7a1a43174a3a741a1c805e16880e@%3Ccommits.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-commits] 20190528 [jira] [Closed] (TOMEE-2497) Upgrade Tomcat in TomEE 7.0.x/7.1.x/8.0.x for CVE-2019-0199", + "url":"https://lists.apache.org/thread.html/e56886e1bac9319ecce81b3612dd7a1a43174a3a741a1c805e16880e@%3Ccommits.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-users] 20190620 Re: [EXTERNAL] [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url": "https://lists.apache.org/thread.html/9fe25f98bac6d66f8a663a15c37a98bc2d8f8bbed1d408791a3e4067@%3Cusers.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-users] 20190620 Re: [EXTERNAL] [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url":"https://lists.apache.org/thread.html/9fe25f98bac6d66f8a663a15c37a98bc2d8f8bbed1d408791a3e4067@%3Cusers.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url": "https://lists.apache.org/thread.html/4c438fa4c78cb1ce8979077f668ab7145baf83e7c59f2faf7eccf094@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url":"https://lists.apache.org/thread.html/4c438fa4c78cb1ce8979077f668ab7145baf83e7c59f2faf7eccf094@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[announce] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url": "https://lists.apache.org/thread.html/cf4eb2bd2083cebb3602a293c653f9a7faa96c86f672c876f25b37ef@%3Cannounce.apache.org%3E" + "refsource":"MLIST", + "name":"[announce] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url":"https://lists.apache.org/thread.html/cf4eb2bd2083cebb3602a293c653f9a7faa96c86f672c876f25b37ef@%3Cannounce.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-announce] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url": "https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-announce] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url":"https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190620 svn commit: r1861711 - in /tomcat/site/trunk: docs/security-8.html docs/security-9.html xdocs/security-8.xml xdocs/security-9.xml", - "url": "https://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190620 svn commit: r1861711 - in /tomcat/site/trunk: docs/security-8.html docs/security-9.html xdocs/security-8.xml xdocs/security-9.xml", + "url":"https://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-users] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url": "https://lists.apache.org/thread.html/e87733036e8c84ea648cdcdca3098f3c8a897e2652c33062b2b1535c@%3Cusers.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-users] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url":"https://lists.apache.org/thread.html/e87733036e8c84ea648cdcdca3098f3c8a897e2652c33062b2b1535c@%3Cusers.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url": "https://lists.apache.org/thread.html/a7a201bd23e67fd3326c9b22b814dd0537d3270b3b54a768e2e7ef50@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url":"https://lists.apache.org/thread.html/a7a201bd23e67fd3326c9b22b814dd0537d3270b3b54a768e2e7ef50@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-announce] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url": "https://lists.apache.org/thread.html/dddb3590bac28fbe89f69f5ccbe26283d014ddc691abdd042de14600@%3Cannounce.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-announce] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url":"https://lists.apache.org/thread.html/dddb3590bac28fbe89f69f5ccbe26283d014ddc691abdd042de14600@%3Cannounce.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-users] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url": "https://lists.apache.org/thread.html/7bb193bc68b28d21ff1c726fd38bea164deb6333b59eec2eb3661da6@%3Cusers.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-users] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url":"https://lists.apache.org/thread.html/7bb193bc68b28d21ff1c726fd38bea164deb6333b59eec2eb3661da6@%3Cusers.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[announce] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url": "https://lists.apache.org/thread.html/ac0185ce240a711b542a55bccf9349ab0c2f343d70cf7835e08fabc9@%3Cannounce.apache.org%3E" + "refsource":"MLIST", + "name":"[announce] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url":"https://lists.apache.org/thread.html/ac0185ce240a711b542a55bccf9349ab0c2f343d70cf7835e08fabc9@%3Cannounce.apache.org%3E" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-1a3f878d27", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/" + "refsource":"FEDORA", + "name":"FEDORA-2019-1a3f878d27", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K17321505", - "url": "https://support.f5.com/csp/article/K17321505" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K17321505", + "url":"https://support.f5.com/csp/article/K17321505" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1673", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1673", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-d66febb5df", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/" + "refsource":"FEDORA", + "name":"FEDORA-2019-d66febb5df", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "BID", - "name": "107674", - "url": "http://www.securityfocus.com/bid/107674" + "refsource":"BID", + "name":"107674", + "url":"http://www.securityfocus.com/bid/107674" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1723", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00013.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1723", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00013.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1808", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1808", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3929", - "url": "https://access.redhat.com/errata/RHSA-2019:3929" + "refsource":"REDHAT", + "name":"RHSA-2019:3929", + "url":"https://access.redhat.com/errata/RHSA-2019:3929" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3931", - "url": "https://access.redhat.com/errata/RHSA-2019:3931" + "refsource":"REDHAT", + "name":"RHSA-2019:3931", + "url":"https://access.redhat.com/errata/RHSA-2019:3931" }, { - "refsource": "DEBIAN", - "name": "DSA-4596", - "url": "https://www.debian.org/security/2019/dsa-4596" + "refsource":"DEBIAN", + "name":"DSA-4596", + "url":"https://www.debian.org/security/2019/dsa-4596" }, { - "refsource": "BUGTRAQ", - "name": "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", - "url": "https://seclists.org/bugtraq/2019/Dec/43" + "refsource":"BUGTRAQ", + "name":"20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", + "url":"https://seclists.org/bugtraq/2019/Dec/43" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS." + "lang":"eng", + "value":"The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS." } ] } diff --git a/2019/0xxx/CVE-2019-0215.json b/2019/0xxx/CVE-2019-0215.json index 9215abd1bc3..e64662ab29c 100644 --- a/2019/0xxx/CVE-2019-0215.json +++ b/2019/0xxx/CVE-2019-0215.json @@ -1,28 +1,29 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-0215", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-0215", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "Apache", - "product": { - "product_data": [ + "vendor_name":"Apache", + "product":{ + "product_data":[ { - "product_name": "Apache HTTP Server", - "version": { - "version_data": [ + "product_name":"Apache HTTP Server", + "version":{ + "version_data":[ { - "version_value": "2.4.37" + "version_value":"2.4.37" }, { - "version_value": "2.4.38" + "version_value":"2.4.38" } ] } @@ -33,112 +34,115 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Access Control Bypass" + "lang":"eng", + "value":"Access Control Bypass" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MLIST", - "name": "[oss-security] 20190401 CVE-2019-0215: mod_ssl access control bypass", - "url": "http://www.openwall.com/lists/oss-security/2019/04/02/4" + "refsource":"MLIST", + "name":"[oss-security] 20190401 CVE-2019-0215: mod_ssl access control bypass", + "url":"http://www.openwall.com/lists/oss-security/2019/04/02/4" }, { - "refsource": "MLIST", - "name": "[httpd-cvs] 20190402 svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", - "url": "https://lists.apache.org/thread.html/2d6bd429a0ba9af1580da896575cfca6e42bb05e7536562d4b095fcf@%3Ccvs.httpd.apache.org%3E" + "refsource":"MLIST", + "name":"[httpd-cvs] 20190402 svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", + "url":"https://lists.apache.org/thread.html/2d6bd429a0ba9af1580da896575cfca6e42bb05e7536562d4b095fcf@%3Ccvs.httpd.apache.org%3E" }, { - "refsource": "BID", - "name": "107667", - "url": "http://www.securityfocus.com/bid/107667" + "refsource":"BID", + "name":"107667", + "url":"http://www.securityfocus.com/bid/107667" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-cf7695b470", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/" + "refsource":"FEDORA", + "name":"FEDORA-2019-cf7695b470", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-119b14075a", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/" + "refsource":"FEDORA", + "name":"FEDORA-2019-119b14075a", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/" }, { - "refsource": "MISC", - "name": "https://httpd.apache.org/security/vulnerabilities_24.html", - "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + "refsource":"MISC", + "name":"https://httpd.apache.org/security/vulnerabilities_24.html", + "url":"https://httpd.apache.org/security/vulnerabilities_24.html" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K59440504", - "url": "https://support.f5.com/csp/article/K59440504" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K59440504", + "url":"https://support.f5.com/csp/article/K59440504" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190423-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190423-0001/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190423-0001/", + "url":"https://security.netapp.com/advisory/ntap-20190423-0001/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0980", - "url": "https://access.redhat.com/errata/RHSA-2019:0980" + "refsource":"REDHAT", + "name":"RHSA-2019:0980", + "url":"https://access.redhat.com/errata/RHSA-2019:0980" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-a4ed7400f4", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/" + "refsource":"FEDORA", + "name":"FEDORA-2019-a4ed7400f4", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "MLIST", - "name": "[httpd-dev] 20190804 Re: svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", - "url": "https://lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb@%3Cdev.httpd.apache.org%3E" + "refsource":"MLIST", + "name":"[httpd-dev] 20190804 Re: svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", + "url":"https://lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb@%3Cdev.httpd.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[httpd-cvs] 20190806 svn commit: r1864463 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", - "url": "https://lists.apache.org/thread.html/bc1a6d4137798565ab02e60079b6788442147f4efeb4200c665bed5b@%3Ccvs.httpd.apache.org%3E" + "refsource":"MLIST", + "name":"[httpd-cvs] 20190806 svn commit: r1864463 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", + "url":"https://lists.apache.org/thread.html/bc1a6d4137798565ab02e60079b6788442147f4efeb4200c665bed5b@%3Ccvs.httpd.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[httpd-dev] 20190806 Re: svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", - "url": "https://lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47@%3Cdev.httpd.apache.org%3E" + "refsource":"MLIST", + "name":"[httpd-dev] 20190806 Re: svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", + "url":"https://lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47@%3Cdev.httpd.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", - "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" + "refsource":"MLIST", + "name":"[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", + "url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", - "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" + "refsource":"MLIST", + "name":"[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", + "url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions." + "lang":"eng", + "value":"In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions." } ] } diff --git a/2019/0xxx/CVE-2019-0221.json b/2019/0xxx/CVE-2019-0221.json index bed0c3c5f03..7c532a772b7 100644 --- a/2019/0xxx/CVE-2019-0221.json +++ b/2019/0xxx/CVE-2019-0221.json @@ -1,31 +1,32 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-0221", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-0221", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "Apache", - "product": { - "product_data": [ + "vendor_name":"Apache", + "product":{ + "product_data":[ { - "product_name": "Apache Tomcat", - "version": { - "version_data": [ + "product_name":"Apache Tomcat", + "version":{ + "version_data":[ { - "version_value": "Apache Tomcat 9.0.0.M1 to 9.0.0.17" + "version_value":"Apache Tomcat 9.0.0.M1 to 9.0.0.17" }, { - "version_value": "8.5.0 to 8.5.39" + "version_value":"8.5.0 to 8.5.39" }, { - "version_value": "7.0.0 to 7.0.93" + "version_value":"7.0.0 to 7.0.93" } ] } @@ -36,117 +37,120 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Cross-Site Scripting" + "lang":"eng", + "value":"Cross-Site Scripting" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "CONFIRM", - "name": "https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E", - "url": "https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E" + "refsource":"CONFIRM", + "name":"https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E", + "url":"https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E" }, { - "refsource": "FULLDISC", - "name": "20190529 XSS in SSI printenv command - Apache Tomcat - CVE-2019-0221", - "url": "http://seclists.org/fulldisclosure/2019/May/50" + "refsource":"FULLDISC", + "name":"20190529 XSS in SSI printenv command - Apache Tomcat - CVE-2019-0221", + "url":"http://seclists.org/fulldisclosure/2019/May/50" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190530 [SECURITY] [DLA 1810-1] tomcat7 security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00044.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190530 [SECURITY] [DLA 1810-1] tomcat7 security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00044.html" }, { - "refsource": "BID", - "name": "108545", - "url": "http://www.securityfocus.com/bid/108545" + "refsource":"BID", + "name":"108545", + "url":"http://www.securityfocus.com/bid/108545" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190606-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190606-0001/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190606-0001/", + "url":"https://security.netapp.com/advisory/ntap-20190606-0001/" }, { - "refsource": "MISC", - "name": "https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/", - "url": "https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/" + "refsource":"MISC", + "name":"https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/", + "url":"https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-1a3f878d27", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/" + "refsource":"FEDORA", + "name":"FEDORA-2019-1a3f878d27", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1673", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1673", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-d66febb5df", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/" + "refsource":"FEDORA", + "name":"FEDORA-2019-d66febb5df", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1808", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1808", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1883-1] tomcat8 security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190813 [SECURITY] [DLA 1883-1] tomcat8 security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html" }, { - "refsource": "UBUNTU", - "name": "USN-4128-1", - "url": "https://usn.ubuntu.com/4128-1/" + "refsource":"UBUNTU", + "name":"USN-4128-1", + "url":"https://usn.ubuntu.com/4128-1/" }, { - "refsource": "UBUNTU", - "name": "USN-4128-2", - "url": "https://usn.ubuntu.com/4128-2/" + "refsource":"UBUNTU", + "name":"USN-4128-2", + "url":"https://usn.ubuntu.com/4128-2/" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K13184144?utm_source=f5support&utm_medium=RSS", - "url": "https://support.f5.com/csp/article/K13184144?utm_source=f5support&utm_medium=RSS" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K13184144?utm_source=f5support&utm_medium=RSS", + "url":"https://support.f5.com/csp/article/K13184144?utm_source=f5support&utm_medium=RSS" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3929", - "url": "https://access.redhat.com/errata/RHSA-2019:3929" + "refsource":"REDHAT", + "name":"RHSA-2019:3929", + "url":"https://access.redhat.com/errata/RHSA-2019:3929" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3931", - "url": "https://access.redhat.com/errata/RHSA-2019:3931" + "refsource":"REDHAT", + "name":"RHSA-2019:3931", + "url":"https://access.redhat.com/errata/RHSA-2019:3931" }, { - "refsource": "DEBIAN", - "name": "DSA-4596", - "url": "https://www.debian.org/security/2019/dsa-4596" + "refsource":"DEBIAN", + "name":"DSA-4596", + "url":"https://www.debian.org/security/2019/dsa-4596" }, { - "refsource": "BUGTRAQ", - "name": "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", - "url": "https://seclists.org/bugtraq/2019/Dec/43" + "refsource":"BUGTRAQ", + "name":"20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", + "url":"https://seclists.org/bugtraq/2019/Dec/43" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website." + "lang":"eng", + "value":"The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website." } ] } diff --git a/2019/0xxx/CVE-2019-0227.json b/2019/0xxx/CVE-2019-0227.json index 08538c3a932..9feb55d4701 100644 --- a/2019/0xxx/CVE-2019-0227.json +++ b/2019/0xxx/CVE-2019-0227.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-0227", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-0227", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "Apache", - "product": { - "product_data": [ + "vendor_name":"Apache", + "product":{ + "product_data":[ { - "product_name": "Apache Axis 1.4", - "version": { - "version_data": [ + "product_name":"Apache Axis 1.4", + "version":{ + "version_data":[ { - "version_value": "Apache Axis 1.4" + "version_value":"Apache Axis 1.4" } ] } @@ -30,37 +31,40 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "SSRF" + "lang":"eng", + "value":"SSRF" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "name": "https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/", - "url": "https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/" + "refsource":"MISC", + "name":"https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/", + "url":"https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue." + "lang":"eng", + "value":"A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue." } ] } diff --git a/2019/0xxx/CVE-2019-0232.json b/2019/0xxx/CVE-2019-0232.json index 3a88bc62490..c41c4eaf486 100644 --- a/2019/0xxx/CVE-2019-0232.json +++ b/2019/0xxx/CVE-2019-0232.json @@ -1,31 +1,32 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-0232", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-0232", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "Apache", - "product": { - "product_data": [ + "vendor_name":"Apache", + "product":{ + "product_data":[ { - "product_name": "Tomcat", - "version": { - "version_data": [ + "product_name":"Tomcat", + "version":{ + "version_data":[ { - "version_value": "9.0.0.M1 to 9.0.17" + "version_value":"9.0.0.M1 to 9.0.17" }, { - "version_value": "8.5.0 to 8.5.39" + "version_value":"8.5.0 to 8.5.39" }, { - "version_value": "7.0.0 to 7.0.93" + "version_value":"7.0.0 to 7.0.93" } ] } @@ -36,142 +37,145 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Remote Code Execution" + "lang":"eng", + "value":"Remote Code Execution" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "name": "https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html", - "url": "https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html" + "refsource":"MISC", + "name":"https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html", + "url":"https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html" }, { - "refsource": "MISC", - "name": "https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/", - "url": "https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/" + "refsource":"MISC", + "name":"https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/", + "url":"https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/" }, { - "refsource": "MLIST", - "name": "[tomcat-users] 20190410 [SECURITY] CVE-2019-0232 Apache Tomcat Remote Code Execution on Windows", - "url": "https://lists.apache.org/thread.html/5f297a4b9080b5f65a05bc139596d0e437d6a539b25e31d29d028767@%3Cannounce.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-users] 20190410 [SECURITY] CVE-2019-0232 Apache Tomcat Remote Code Execution on Windows", + "url":"https://lists.apache.org/thread.html/5f297a4b9080b5f65a05bc139596d0e437d6a539b25e31d29d028767@%3Cannounce.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[ofbiz-commits] 20190415 svn commit: r1857587 - in /ofbiz: ofbiz-framework/branches/release18.12/build.gradle ofbiz-plugins/branches/release18.12/example/build.gradle", - "url": "https://lists.apache.org/thread.html/673b6148d92cd7bc99ea2dcf85ad75d57da44fc322d51f37fb529a2a@%3Ccommits.ofbiz.apache.org%3E" + "refsource":"MLIST", + "name":"[ofbiz-commits] 20190415 svn commit: r1857587 - in /ofbiz: ofbiz-framework/branches/release18.12/build.gradle ofbiz-plugins/branches/release18.12/example/build.gradle", + "url":"https://lists.apache.org/thread.html/673b6148d92cd7bc99ea2dcf85ad75d57da44fc322d51f37fb529a2a@%3Ccommits.ofbiz.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[ofbiz-commits] 20190415 svn commit: r1857586 - in /ofbiz: ofbiz-framework/trunk/build.gradle ofbiz-plugins/trunk/example/build.gradle", - "url": "https://lists.apache.org/thread.html/a6c87a09a71162fd563ab1c4e70a08a103e0b7c199fc391f1c9c4c35@%3Ccommits.ofbiz.apache.org%3E" + "refsource":"MLIST", + "name":"[ofbiz-commits] 20190415 svn commit: r1857586 - in /ofbiz: ofbiz-framework/trunk/build.gradle ofbiz-plugins/trunk/example/build.gradle", + "url":"https://lists.apache.org/thread.html/a6c87a09a71162fd563ab1c4e70a08a103e0b7c199fc391f1c9c4c35@%3Ccommits.ofbiz.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[ofbiz-commits] 20190415 svn commit: r1857588 - in /ofbiz: ofbiz-framework/branches/release17.12/build.gradle ofbiz-plugins/branches/release17.12/example/build.gradle", - "url": "https://lists.apache.org/thread.html/52ffb9fbf661245386a83a661183d13f1de2e5779fa23837a08e02ac@%3Ccommits.ofbiz.apache.org%3E" + "refsource":"MLIST", + "name":"[ofbiz-commits] 20190415 svn commit: r1857588 - in /ofbiz: ofbiz-framework/branches/release17.12/build.gradle ofbiz-plugins/branches/release17.12/example/build.gradle", + "url":"https://lists.apache.org/thread.html/52ffb9fbf661245386a83a661183d13f1de2e5779fa23837a08e02ac@%3Ccommits.ofbiz.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[ofbiz-notifications] 20190415 [jira] [Commented] (OFBIZ-10920) Update Tomcat to 9.0.18 due to CVE-2019-0232", - "url": "https://lists.apache.org/thread.html/dd4b325cdb261183dbf5ce913c102920a8f09c26dae666a98309165b@%3Cnotifications.ofbiz.apache.org%3E" + "refsource":"MLIST", + "name":"[ofbiz-notifications] 20190415 [jira] [Commented] (OFBIZ-10920) Update Tomcat to 9.0.18 due to CVE-2019-0232", + "url":"https://lists.apache.org/thread.html/dd4b325cdb261183dbf5ce913c102920a8f09c26dae666a98309165b@%3Cnotifications.ofbiz.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[ofbiz-notifications] 20190415 [jira] [Closed] (OFBIZ-10920) Update Tomcat to 9.0.18 due to CVE-2019-0232", - "url": "https://lists.apache.org/thread.html/96849486813a95dfd542e1618b7923ca945508aaf4a4341f674d83e3@%3Cnotifications.ofbiz.apache.org%3E" + "refsource":"MLIST", + "name":"[ofbiz-notifications] 20190415 [jira] [Closed] (OFBIZ-10920) Update Tomcat to 9.0.18 due to CVE-2019-0232", + "url":"https://lists.apache.org/thread.html/96849486813a95dfd542e1618b7923ca945508aaf4a4341f674d83e3@%3Cnotifications.ofbiz.apache.org%3E" }, { - "refsource": "BID", - "name": "107906", - "url": "http://www.securityfocus.com/bid/107906" + "refsource":"BID", + "name":"107906", + "url":"http://www.securityfocus.com/bid/107906" }, { - "refsource": "CONFIRM", - "name": "https://www.synology.com/security/advisory/Synology_SA_19_17", - "url": "https://www.synology.com/security/advisory/Synology_SA_19_17" + "refsource":"CONFIRM", + "name":"https://www.synology.com/security/advisory/Synology_SA_19_17", + "url":"https://www.synology.com/security/advisory/Synology_SA_19_17" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190419-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190419-0001/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190419-0001/", + "url":"https://security.netapp.com/advisory/ntap-20190419-0001/" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190421 svn commit: r1857901 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml", - "url": "https://lists.apache.org/thread.html/f4d48b32ef2b6aa49c8830241a9475da5b46e451f964b291c7a0a715@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190421 svn commit: r1857901 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml", + "url":"https://lists.apache.org/thread.html/f4d48b32ef2b6aa49c8830241a9475da5b46e451f964b291c7a0a715@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "CONFIRM", - "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-784", - "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-784" + "refsource":"CONFIRM", + "name":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-784", + "url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-784" }, { - "refsource": "FULLDISC", - "name": "20190504 RCE in CGI Servlet - Apache Tomcat on Windows - CVE-2019-0232", - "url": "http://seclists.org/fulldisclosure/2019/May/4" + "refsource":"FULLDISC", + "name":"20190504 RCE in CGI Servlet - Apache Tomcat on Windows - CVE-2019-0232", + "url":"http://seclists.org/fulldisclosure/2019/May/4" }, { - "refsource": "MISC", - "name": "https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/" + "refsource":"MISC", + "name":"https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/", + "url":"https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/" }, { - "refsource": "MISC", - "name": "https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/", - "url": "https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/" + "refsource":"MISC", + "name":"https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/", + "url":"https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html", - "url": "http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html", + "url":"http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1712", - "url": "https://access.redhat.com/errata/RHSA-2019:1712" + "refsource":"REDHAT", + "name":"RHSA-2019:1712", + "url":"https://access.redhat.com/errata/RHSA-2019:1712" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/)." + "lang":"eng", + "value":"When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/)." } ] } diff --git a/2019/10xxx/CVE-2019-10072.json b/2019/10xxx/CVE-2019-10072.json index 2fc9c495270..1c5f0a90e4e 100644 --- a/2019/10xxx/CVE-2019-10072.json +++ b/2019/10xxx/CVE-2019-10072.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10072", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-10072", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "n/a", - "product": { - "product_data": [ + "vendor_name":"n/a", + "product":{ + "product_data":[ { - "product_name": "Apache Tomcat", - "version": { - "version_data": [ + "product_name":"Apache Tomcat", + "version":{ + "version_data":[ { - "version_value": "Apache Tomcat 9.0.0.M1 to 9.0.19, 8.5.0 to 8.5.40" + "version_value":"Apache Tomcat 9.0.0.M1 to 9.0.19, 8.5.0 to 8.5.40" } ] } @@ -30,82 +31,85 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Denial of Service" + "lang":"eng", + "value":"Denial of Service" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "name": "https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E", - "url": "https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E" + "refsource":"MISC", + "name":"https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E", + "url":"https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E" }, { - "refsource": "CONFIRM", - "name": "https://www.synology.com/security/advisory/Synology_SA_19_29", - "url": "https://www.synology.com/security/advisory/Synology_SA_19_29" + "refsource":"CONFIRM", + "name":"https://www.synology.com/security/advisory/Synology_SA_19_29", + "url":"https://www.synology.com/security/advisory/Synology_SA_19_29" }, { - "refsource": "BID", - "name": "108874", - "url": "http://www.securityfocus.com/bid/108874" + "refsource":"BID", + "name":"108874", + "url":"http://www.securityfocus.com/bid/108874" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190625-0002/", - "url": "https://security.netapp.com/advisory/ntap-20190625-0002/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190625-0002/", + "url":"https://security.netapp.com/advisory/ntap-20190625-0002/" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K17321505", - "url": "https://support.f5.com/csp/article/K17321505" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K17321505", + "url":"https://support.f5.com/csp/article/K17321505" }, { - "refsource": "UBUNTU", - "name": "USN-4128-1", - "url": "https://usn.ubuntu.com/4128-1/" + "refsource":"UBUNTU", + "name":"USN-4128-1", + "url":"https://usn.ubuntu.com/4128-1/" }, { - "refsource": "UBUNTU", - "name": "USN-4128-2", - "url": "https://usn.ubuntu.com/4128-2/" + "refsource":"UBUNTU", + "name":"USN-4128-2", + "url":"https://usn.ubuntu.com/4128-2/" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3929", - "url": "https://access.redhat.com/errata/RHSA-2019:3929" + "refsource":"REDHAT", + "name":"RHSA-2019:3929", + "url":"https://access.redhat.com/errata/RHSA-2019:3929" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3931", - "url": "https://access.redhat.com/errata/RHSA-2019:3931" + "refsource":"REDHAT", + "name":"RHSA-2019:3931", + "url":"https://access.redhat.com/errata/RHSA-2019:3931" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2020:0038", - "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2020:0038", + "url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS." + "lang":"eng", + "value":"The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS." } ] } diff --git a/2019/10xxx/CVE-2019-10086.json b/2019/10xxx/CVE-2019-10086.json index 47acaea3ca5..7180bcc0150 100644 --- a/2019/10xxx/CVE-2019-10086.json +++ b/2019/10xxx/CVE-2019-10086.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10086", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-10086", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "Apache", - "product": { - "product_data": [ + "vendor_name":"Apache", + "product":{ + "product_data":[ { - "product_name": "Apache Commons Beanutils", - "version": { - "version_data": [ + "product_name":"Apache Commons Beanutils", + "version":{ + "version_data":[ { - "version_value": "Apache Commons Beanutils 1.0 to 1.9.3" + "version_value":"Apache Commons Beanutils 1.0 to 1.9.3" } ] } @@ -30,122 +31,125 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Information Disclosure" + "lang":"eng", + "value":"Information Disclosure" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MLIST", - "name": "[www-announce] 20190815 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.", - "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4@apache.org%3e" + "refsource":"MLIST", + "name":"[www-announce] 20190815 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.", + "url":"http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4@apache.org%3e" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190824 [SECURITY] [DLA 1896-1] commons-beanutils security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190824 [SECURITY] [DLA 1896-1] commons-beanutils security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html" }, { - "refsource": "MLIST", - "name": "[tinkerpop-commits] 20190829 [tinkerpop] branch master updated: Bump commons-beanutils to 1.9.4 for CVE-2019-10086 - CTR", - "url": "https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125@%3Ccommits.tinkerpop.apache.org%3E" + "refsource":"MLIST", + "name":"[tinkerpop-commits] 20190829 [tinkerpop] branch master updated: Bump commons-beanutils to 1.9.4 for CVE-2019-10086 - CTR", + "url":"https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125@%3Ccommits.tinkerpop.apache.org%3E" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2058", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2058", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html" }, { - "refsource": "MLIST", - "name": "[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.", - "url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E" + "refsource":"MLIST", + "name":"[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.", + "url":"https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.", - "url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E" + "refsource":"MLIST", + "name":"[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.", + "url":"https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[commons-issues] 20190925 [GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml", - "url": "https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc@%3Cissues.commons.apache.org%3E" + "refsource":"MLIST", + "name":"[commons-issues] 20190925 [GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml", + "url":"https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc@%3Cissues.commons.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[shiro-dev] 20191001 [jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", - "url": "https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f@%3Cdev.shiro.apache.org%3E" + "refsource":"MLIST", + "name":"[shiro-dev] 20191001 [jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", + "url":"https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f@%3Cdev.shiro.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[shiro-dev] 20191001 [jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix", - "url": "https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48@%3Cdev.shiro.apache.org%3E" + "refsource":"MLIST", + "name":"[shiro-dev] 20191001 [jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix", + "url":"https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48@%3Cdev.shiro.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[shiro-dev] 20191001 [jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", - "url": "https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3@%3Cdev.shiro.apache.org%3E" + "refsource":"MLIST", + "name":"[shiro-dev] 20191001 [jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", + "url":"https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3@%3Cdev.shiro.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[shiro-dev] 20191023 [jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", - "url": "https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6@%3Cdev.shiro.apache.org%3E" + "refsource":"MLIST", + "name":"[shiro-dev] 20191023 [jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", + "url":"https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6@%3Cdev.shiro.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[shiro-dev] 20191105 [jira] [Resolved] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", - "url": "https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa@%3Cdev.shiro.apache.org%3E" + "refsource":"MLIST", + "name":"[shiro-dev] 20191105 [jira] [Resolved] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", + "url":"https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa@%3Cdev.shiro.apache.org%3E" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-bcad44b5d6", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/" + "refsource":"FEDORA", + "name":"FEDORA-2019-bcad44b5d6", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-79b5790566", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/" + "refsource":"FEDORA", + "name":"FEDORA-2019-79b5790566", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:4317", - "url": "https://access.redhat.com/errata/RHSA-2019:4317" + "refsource":"REDHAT", + "name":"RHSA-2019:4317", + "url":"https://access.redhat.com/errata/RHSA-2019:4317" }, { - "refsource": "REDHAT", - "name": "RHSA-2020:0057", - "url": "https://access.redhat.com/errata/RHSA-2020:0057" + "refsource":"REDHAT", + "name":"RHSA-2020:0057", + "url":"https://access.redhat.com/errata/RHSA-2020:0057" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean." + "lang":"eng", + "value":"In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean." } ] } diff --git a/2019/10xxx/CVE-2019-10088.json b/2019/10xxx/CVE-2019-10088.json index 5a1686157d2..67e23979ba8 100644 --- a/2019/10xxx/CVE-2019-10088.json +++ b/2019/10xxx/CVE-2019-10088.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10088", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-10088", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "Apache", - "product": { - "product_data": [ + "vendor_name":"Apache", + "product":{ + "product_data":[ { - "product_name": "Apache Tika", - "version": { - "version_data": [ + "product_name":"Apache Tika", + "version":{ + "version_data":[ { - "version_value": "1.7 to 1.21" + "version_value":"1.7 to 1.21" } ] } @@ -30,52 +31,55 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "DoS/OOM" + "lang":"eng", + "value":"DoS/OOM" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "CONFIRM", - "name": "https://lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e1b7e08@%3Cdev.tika.apache.org%3E", - "url": "https://lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e1b7e08@%3Cdev.tika.apache.org%3E" + "refsource":"CONFIRM", + "name":"https://lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e1b7e08@%3Cdev.tika.apache.org%3E", + "url":"https://lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e1b7e08@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url": "https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url":"https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url": "https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url":"https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url": "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url":"https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190828-0004/", - "url": "https://security.netapp.com/advisory/ntap-20190828-0004/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190828-0004/", + "url":"https://security.netapp.com/advisory/ntap-20190828-0004/" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later." + "lang":"eng", + "value":"A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later." } ] } diff --git a/2019/10xxx/CVE-2019-10092.json b/2019/10xxx/CVE-2019-10092.json index 0145cc466b9..53853dba144 100644 --- a/2019/10xxx/CVE-2019-10092.json +++ b/2019/10xxx/CVE-2019-10092.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10092", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-10092", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "n/a", - "product": { - "product_data": [ + "vendor_name":"n/a", + "product":{ + "product_data":[ { - "product_name": "Apache HTTP Server", - "version": { - "version_data": [ + "product_name":"Apache HTTP Server", + "version":{ + "version_data":[ { - "version_value": "2.4.0 to 2.4.39" + "version_value":"2.4.0 to 2.4.39" } ] } @@ -30,52 +31,55 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Limited cross-site scriptingcross-site scripting in mod_proxy" + "lang":"eng", + "value":"Limited cross-site scriptingcross-site scripting in mod_proxy" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "name": "https://httpd.apache.org/security/vulnerabilities_24.html", - "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + "refsource":"MISC", + "name":"https://httpd.apache.org/security/vulnerabilities_24.html", + "url":"https://httpd.apache.org/security/vulnerabilities_24.html" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1900-2] apache2 regression update", - "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190930 [SECURITY] [DLA 1900-2] apache2 regression update", + "url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "BUGTRAQ", - "name": "20191016 [SECURITY] [DSA 4509-3] apache2 security update", - "url": "https://seclists.org/bugtraq/2019/Oct/24" + "refsource":"BUGTRAQ", + "name":"20191016 [SECURITY] [DSA 4509-3] apache2 security update", + "url":"https://seclists.org/bugtraq/2019/Oct/24" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:4126", - "url": "https://access.redhat.com/errata/RHSA-2019:4126" + "refsource":"REDHAT", + "name":"RHSA-2019:4126", + "url":"https://access.redhat.com/errata/RHSA-2019:4126" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed." + "lang":"eng", + "value":"In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed." } ] } diff --git a/2019/10xxx/CVE-2019-10093.json b/2019/10xxx/CVE-2019-10093.json index 97197b1c195..d7e8780fa3b 100644 --- a/2019/10xxx/CVE-2019-10093.json +++ b/2019/10xxx/CVE-2019-10093.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10093", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-10093", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "Apache", - "product": { - "product_data": [ + "vendor_name":"Apache", + "product":{ + "product_data":[ { - "product_name": "Apache Tika", - "version": { - "version_data": [ + "product_name":"Apache Tika", + "version":{ + "version_data":[ { - "version_value": "1.19 to 1.21" + "version_value":"1.19 to 1.21" } ] } @@ -30,52 +31,55 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "DoS" + "lang":"eng", + "value":"DoS" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "CONFIRM", - "name": "https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21@%3Cdev.tika.apache.org%3E", - "url": "https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21@%3Cdev.tika.apache.org%3E" + "refsource":"CONFIRM", + "name":"https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21@%3Cdev.tika.apache.org%3E", + "url":"https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url": "https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url":"https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url": "https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url":"https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url": "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url":"https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190828-0004/", - "url": "https://security.netapp.com/advisory/ntap-20190828-0004/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190828-0004/", + "url":"https://security.netapp.com/advisory/ntap-20190828-0004/" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later." + "lang":"eng", + "value":"In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later." } ] } diff --git a/2019/10xxx/CVE-2019-10094.json b/2019/10xxx/CVE-2019-10094.json index 883b13f4dc1..b03bd5b2c80 100644 --- a/2019/10xxx/CVE-2019-10094.json +++ b/2019/10xxx/CVE-2019-10094.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10094", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-10094", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "Apache", - "product": { - "product_data": [ + "vendor_name":"Apache", + "product":{ + "product_data":[ { - "product_name": "Apache Tika", - "version": { - "version_data": [ + "product_name":"Apache Tika", + "version":{ + "version_data":[ { - "version_value": "1.7 to 1.21" + "version_value":"1.7 to 1.21" } ] } @@ -30,47 +31,50 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "DoS" + "lang":"eng", + "value":"DoS" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "CONFIRM", - "name": "https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61@%3Cdev.tika.apache.org%3E", - "url": "https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61@%3Cdev.tika.apache.org%3E" + "refsource":"CONFIRM", + "name":"https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61@%3Cdev.tika.apache.org%3E", + "url":"https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url": "https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url":"https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url": "https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url":"https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url": "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url":"https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later." + "lang":"eng", + "value":"A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later." } ] } diff --git a/2019/10xxx/CVE-2019-10098.json b/2019/10xxx/CVE-2019-10098.json index 8f3cf884e05..195bf77e75f 100644 --- a/2019/10xxx/CVE-2019-10098.json +++ b/2019/10xxx/CVE-2019-10098.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10098", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-10098", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "n/a", - "product": { - "product_data": [ + "vendor_name":"n/a", + "product":{ + "product_data":[ { - "product_name": "Apache HTTP Server", - "version": { - "version_data": [ + "product_name":"Apache HTTP Server", + "version":{ + "version_data":[ { - "version_value": "2.4.0 to 2.4.39" + "version_value":"2.4.0 to 2.4.39" } ] } @@ -30,37 +31,40 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "mod_rewrite CWE-601 open redirect" + "lang":"eng", + "value":"mod_rewrite CWE-601 open redirect" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "name": "https://httpd.apache.org/security/vulnerabilities_24.html", - "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + "refsource":"MISC", + "name":"https://httpd.apache.org/security/vulnerabilities_24.html", + "url":"https://httpd.apache.org/security/vulnerabilities_24.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL." + "lang":"eng", + "value":"In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL." } ] } diff --git a/2019/10xxx/CVE-2019-10246.json b/2019/10xxx/CVE-2019-10246.json index d2ac04f7b76..53eaace3264 100644 --- a/2019/10xxx/CVE-2019-10246.json +++ b/2019/10xxx/CVE-2019-10246.json @@ -1,85 +1,89 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@eclipse.org", - "ID": "CVE-2019-10246", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"security@eclipse.org", + "ID":"CVE-2019-10246", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Eclipse Jetty", - "version": { - "version_data": [ + "product_name":"Eclipse Jetty", + "version":{ + "version_data":[ { - "version_affected": "=", - "version_value": "9.2.27" + "version_affected":"=", + "version_value":"9.2.27" }, { - "version_affected": "=", - "version_value": "9.3.26" + "version_affected":"=", + "version_value":"9.3.26" }, { - "version_affected": "=", - "version_value": "9.4.16" + "version_affected":"=", + "version_value":"9.4.16" } ] } } ] }, - "vendor_name": "The Eclipse Foundation" + "vendor_name":"The Eclipse Foundation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories." + "lang":"eng", + "value":"In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-213: Intentional Information Exposure" + "lang":"eng", + "value":"CWE-213: Intentional Information Exposure" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576", - "refsource": "CONFIRM", - "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576" + "name":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576", + "refsource":"CONFIRM", + "url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190509-0003/", - "url": "https://security.netapp.com/advisory/ntap-20190509-0003/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190509-0003/", + "url":"https://security.netapp.com/advisory/ntap-20190509-0003/" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource":"MLIST", + "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/10xxx/CVE-2019-10247.json b/2019/10xxx/CVE-2019-10247.json index b375cd55842..b90e5d6447d 100644 --- a/2019/10xxx/CVE-2019-10247.json +++ b/2019/10xxx/CVE-2019-10247.json @@ -1,113 +1,117 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@eclipse.org", - "ID": "CVE-2019-10247", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"security@eclipse.org", + "ID":"CVE-2019-10247", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Eclipse Jetty", - "version": { - "version_data": [ + "product_name":"Eclipse Jetty", + "version":{ + "version_data":[ { - "version_affected": "=", - "version_value": "7.x" + "version_affected":"=", + "version_value":"7.x" }, { - "version_affected": "=", - "version_value": "8.x" + "version_affected":"=", + "version_value":"8.x" }, { - "version_affected": "<=", - "version_value": "9.2.27" + "version_affected":"<=", + "version_value":"9.2.27" }, { - "version_affected": "<=", - "version_value": "9.3.26" + "version_affected":"<=", + "version_value":"9.3.26" }, { - "version_affected": "<=", - "version_value": "9.4.16" + "version_affected":"<=", + "version_value":"9.4.16" } ] } } ] }, - "vendor_name": "The Eclipse Foundation" + "vendor_name":"The Eclipse Foundation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context." + "lang":"eng", + "value":"In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-213: Intentional Information Exposure" + "lang":"eng", + "value":"CWE-213: Intentional Information Exposure" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577", - "refsource": "CONFIRM", - "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577" + "name":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577", + "refsource":"CONFIRM", + "url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190509-0003/", - "url": "https://security.netapp.com/advisory/ntap-20190509-0003/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190509-0003/", + "url":"https://security.netapp.com/advisory/ntap-20190509-0003/" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.", - "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.", + "url":"https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", - "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", + "url":"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource":"MLIST", + "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/11xxx/CVE-2019-11358.json b/2019/11xxx/CVE-2019-11358.json index f6e31caa712..cad2d750cd7 100644 --- a/2019/11xxx/CVE-2019-11358.json +++ b/2019/11xxx/CVE-2019-11358.json @@ -1,301 +1,305 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-11358", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-11358", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype." + "lang":"eng", + "value":"jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "CONFIRM", - "name": "https://www.synology.com/security/advisory/Synology_SA_19_19", - "url": "https://www.synology.com/security/advisory/Synology_SA_19_19" + "refsource":"CONFIRM", + "name":"https://www.synology.com/security/advisory/Synology_SA_19_19", + "url":"https://www.synology.com/security/advisory/Synology_SA_19_19" }, { - "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009", - "refsource": "MISC", - "name": "https://backdropcms.org/security/backdrop-sa-core-2019-009" + "url":"https://backdropcms.org/security/backdrop-sa-core-2019-009", + "refsource":"MISC", + "name":"https://backdropcms.org/security/backdrop-sa-core-2019-009" }, { - "url": "https://www.drupal.org/sa-core-2019-006", - "refsource": "MISC", - "name": "https://www.drupal.org/sa-core-2019-006" + "url":"https://www.drupal.org/sa-core-2019-006", + "refsource":"MISC", + "name":"https://www.drupal.org/sa-core-2019-006" }, { - "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", - "refsource": "MISC", - "name": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" + "url":"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", + "refsource":"MISC", + "name":"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { - "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", - "refsource": "MISC", - "name": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006" + "url":"https://snyk.io/vuln/SNYK-JS-JQUERY-174006", + "refsource":"MISC", + "name":"https://snyk.io/vuln/SNYK-JS-JQUERY-174006" }, { - "url": "https://github.com/jquery/jquery/pull/4333", - "refsource": "MISC", - "name": "https://github.com/jquery/jquery/pull/4333" + "url":"https://github.com/jquery/jquery/pull/4333", + "refsource":"MISC", + "name":"https://github.com/jquery/jquery/pull/4333" }, { - "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", - "refsource": "MISC", - "name": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" + "url":"https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", + "refsource":"MISC", + "name":"https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" }, { - "refsource": "DEBIAN", - "name": "DSA-4434", - "url": "https://www.debian.org/security/2019/dsa-4434" + "refsource":"DEBIAN", + "name":"DSA-4434", + "url":"https://www.debian.org/security/2019/dsa-4434" }, { - "refsource": "BUGTRAQ", - "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update", - "url": "https://seclists.org/bugtraq/2019/Apr/32" + "refsource":"BUGTRAQ", + "name":"20190421 [SECURITY] [DSA 4434-1] drupal7 security update", + "url":"https://seclists.org/bugtraq/2019/Apr/32" }, { - "refsource": "BID", - "name": "108023", - "url": "http://www.securityfocus.com/bid/108023" + "refsource":"BID", + "name":"108023", + "url":"http://www.securityfocus.com/bid/108023" }, { - "refsource": "MLIST", - "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", - "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E" + "refsource":"MLIST", + "name":"[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", + "url":"https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", - "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E" + "refsource":"MLIST", + "name":"[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", + "url":"https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", - "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E" + "refsource":"MLIST", + "name":"[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", + "url":"https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", - "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E" + "refsource":"MLIST", + "name":"[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", + "url":"https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", - "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E" + "refsource":"MLIST", + "name":"[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", + "url":"https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-eba8e44ee6", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/" + "refsource":"FEDORA", + "name":"FEDORA-2019-eba8e44ee6", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-1a3edd7e8a", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/" + "refsource":"FEDORA", + "name":"FEDORA-2019-1a3edd7e8a", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-7eaf0bbe7c", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/" + "refsource":"FEDORA", + "name":"FEDORA-2019-7eaf0bbe7c", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-2a0ce0c58c", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/" + "refsource":"FEDORA", + "name":"FEDORA-2019-2a0ce0c58c", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-a06dffab1c", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/" + "refsource":"FEDORA", + "name":"FEDORA-2019-a06dffab1c", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-f563e66380", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/" + "refsource":"FEDORA", + "name":"FEDORA-2019-f563e66380", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/" }, { - "refsource": "BUGTRAQ", - "name": "20190509 dotCMS v5.1.1 Vulnerabilities", - "url": "https://seclists.org/bugtraq/2019/May/18" + "refsource":"BUGTRAQ", + "name":"20190509 dotCMS v5.1.1 Vulnerabilities", + "url":"https://seclists.org/bugtraq/2019/May/18" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", - "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", + "url":"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { - "refsource": "FULLDISC", - "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", - "url": "http://seclists.org/fulldisclosure/2019/May/11" + "refsource":"FULLDISC", + "name":"20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", + "url":"http://seclists.org/fulldisclosure/2019/May/11" }, { - "refsource": "FULLDISC", - "name": "20190510 dotCMS v5.1.1 Vulnerabilities", - "url": "http://seclists.org/fulldisclosure/2019/May/10" + "refsource":"FULLDISC", + "name":"20190510 dotCMS v5.1.1 Vulnerabilities", + "url":"http://seclists.org/fulldisclosure/2019/May/10" }, { - "refsource": "FULLDISC", - "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", - "url": "http://seclists.org/fulldisclosure/2019/May/13" + "refsource":"FULLDISC", + "name":"20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", + "url":"http://seclists.org/fulldisclosure/2019/May/13" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)", - "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2" + "refsource":"MLIST", + "name":"[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)", + "url":"http://www.openwall.com/lists/oss-security/2019/06/03/2" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", - "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", + "url":"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1456", - "url": "https://access.redhat.com/errata/RHSA-2019:1456" + "refsource":"REDHAT", + "name":"RHSA-2019:1456", + "url":"https://access.redhat.com/errata/RHSA-2019:1456" }, { - "refsource": "DEBIAN", - "name": "DSA-4460", - "url": "https://www.debian.org/security/2019/dsa-4460" + "refsource":"DEBIAN", + "name":"DSA-4460", + "url":"https://www.debian.org/security/2019/dsa-4460" }, { - "refsource": "BUGTRAQ", - "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update", - "url": "https://seclists.org/bugtraq/2019/Jun/12" + "refsource":"BUGTRAQ", + "name":"20190612 [SECURITY] [DSA 4460-1] mediawiki security update", + "url":"https://seclists.org/bugtraq/2019/Jun/12" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "MISC", - "name": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", - "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/" + "refsource":"MISC", + "name":"https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", + "url":"https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1839", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1839", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" }, { - "refsource": "REDHAT", - "name": "RHBA-2019:1570", - "url": "https://access.redhat.com/errata/RHBA-2019:1570" + "refsource":"REDHAT", + "name":"RHBA-2019:1570", + "url":"https://access.redhat.com/errata/RHBA-2019:1570" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1872", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1872", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" }, { - "refsource": "MLIST", - "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", - "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E" + "refsource":"MLIST", + "name":"[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", + "url":"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2587", - "url": "https://access.redhat.com/errata/RHSA-2019:2587" + "refsource":"REDHAT", + "name":"RHSA-2019:2587", + "url":"https://access.redhat.com/errata/RHSA-2019:2587" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190919-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190919-0001/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190919-0001/", + "url":"https://security.netapp.com/advisory/ntap-20190919-0001/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3023", - "url": "https://access.redhat.com/errata/RHSA-2019:3023" + "refsource":"REDHAT", + "name":"RHSA-2019:3023", + "url":"https://access.redhat.com/errata/RHSA-2019:3023" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3024", - "url": "https://access.redhat.com/errata/RHSA-2019:3024" + "refsource":"REDHAT", + "name":"RHSA-2019:3024", + "url":"https://access.redhat.com/errata/RHSA-2019:3024" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource":"MLIST", + "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { - "refsource": "CONFIRM", - "name": "https://www.tenable.com/security/tns-2019-08", - "url": "https://www.tenable.com/security/tns-2019-08" + "refsource":"CONFIRM", + "name":"https://www.tenable.com/security/tns-2019-08", + "url":"https://www.tenable.com/security/tns-2019-08" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/11xxx/CVE-2019-11477.json b/2019/11xxx/CVE-2019-11477.json index cf30c1f3f0a..58384f03d5a 100644 --- a/2019/11xxx/CVE-2019-11477.json +++ b/2019/11xxx/CVE-2019-11477.json @@ -1,244 +1,248 @@ + { - "CVE_data_meta": { - "AKA": "SACK Panic", - "ASSIGNER": "security@ubuntu.com", - "DATE_PUBLIC": "2019-06-17T00:00:00.000Z", - "ID": "CVE-2019-11477", - "STATE": "PUBLIC", - "TITLE": "Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs" + "CVE_data_meta":{ + "AKA":"SACK Panic", + "ASSIGNER":"security@ubuntu.com", + "DATE_PUBLIC":"2019-06-17T00:00:00.000Z", + "ID":"CVE-2019-11477", + "STATE":"PUBLIC", + "TITLE":"Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Linux kernel", - "version": { - "version_data": [ + "product_name":"Linux kernel", + "version":{ + "version_data":[ { - "version_affected": "<", - "version_name": "4.4", - "version_value": "4.4.182" + "version_affected":"<", + "version_name":"4.4", + "version_value":"4.4.182" }, { - "version_affected": "<", - "version_name": "4.9", - "version_value": "4.9.182" + "version_affected":"<", + "version_name":"4.9", + "version_value":"4.9.182" }, { - "version_affected": "<", - "version_name": "4.14", - "version_value": "4.14.127" + "version_affected":"<", + "version_name":"4.14", + "version_value":"4.14.127" }, { - "version_affected": "<", - "version_name": "4.19", - "version_value": "4.19.52" + "version_affected":"<", + "version_name":"4.19", + "version_value":"4.19.52" }, { - "version_affected": "<", - "version_name": "5.1", - "version_value": "5.1.11" + "version_affected":"<", + "version_name":"5.1", + "version_value":"5.1.11" } ] } } ] }, - "vendor_name": "Linux" + "vendor_name":"Linux" } ] } }, - "credit": [ + "credit":[ { - "lang": "eng", - "value": "Jonathan Looney from Netflix" + "lang":"eng", + "value":"Jonathan Looney from Netflix" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff." + "lang":"eng", + "value":"Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff." } ] }, - "generator": { - "engine": "Vulnogram 0.0.7" + "generator":{ + "engine":"Vulnogram 0.0.7" }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" + "impact":{ + "cvss":{ + "attackComplexity":"LOW", + "attackVector":"NETWORK", + "availabilityImpact":"HIGH", + "baseScore":7.5, + "baseSeverity":"HIGH", + "confidentialityImpact":"NONE", + "integrityImpact":"NONE", + "privilegesRequired":"NONE", + "scope":"UNCHANGED", + "userInteraction":"NONE", + "vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-190 Integer Overflow or Wraparound" + "lang":"eng", + "value":"CWE-190 Integer Overflow or Wraparound" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff", - "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff" + "refsource":"MISC", + "url":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff", + "name":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff" }, { - "refsource": "MISC", - "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", - "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" + "refsource":"MISC", + "url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", + "name":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { - "refsource": "MISC", - "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", - "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" + "refsource":"MISC", + "url":"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", + "name":"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { - "refsource": "MISC", - "url": "https://access.redhat.com/security/vulnerabilities/tcpsack", - "name": "https://access.redhat.com/security/vulnerabilities/tcpsack" + "refsource":"MISC", + "url":"https://access.redhat.com/security/vulnerabilities/tcpsack", + "name":"https://access.redhat.com/security/vulnerabilities/tcpsack" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K78234183", - "url": "https://support.f5.com/csp/article/K78234183" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K78234183", + "url":"https://support.f5.com/csp/article/K78234183" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", - "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", + "url":"http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html" }, { - "refsource": "CONFIRM", - "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", - "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" + "refsource":"CONFIRM", + "name":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", + "url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { - "refsource": "CERT-VN", - "name": "VU#905115", - "url": "https://www.kb.cert.org/vuls/id/905115" + "refsource":"CERT-VN", + "name":"VU#905115", + "url":"https://www.kb.cert.org/vuls/id/905115" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues", - "url": "http://www.openwall.com/lists/oss-security/2019/06/20/3" + "refsource":"MLIST", + "name":"[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues", + "url":"http://www.openwall.com/lists/oss-security/2019/06/20/3" }, { - "refsource": "CONFIRM", - "name": "https://www.synology.com/security/advisory/Synology_SA_19_28", - "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" + "refsource":"CONFIRM", + "name":"https://www.synology.com/security/advisory/Synology_SA_19_28", + "url":"https://www.synology.com/security/advisory/Synology_SA_19_28" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190625-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190625-0001/", + "url":"https://security.netapp.com/advisory/ntap-20190625-0001/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1594", - "url": "https://access.redhat.com/errata/RHSA-2019:1594" + "refsource":"REDHAT", + "name":"RHSA-2019:1594", + "url":"https://access.redhat.com/errata/RHSA-2019:1594" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1602", - "url": "https://access.redhat.com/errata/RHSA-2019:1602" + "refsource":"REDHAT", + "name":"RHSA-2019:1602", + "url":"https://access.redhat.com/errata/RHSA-2019:1602" }, { - "refsource": "CONFIRM", - "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006", - "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006" + "refsource":"CONFIRM", + "name":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006", + "url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006" }, { - "refsource": "CONFIRM", - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287" + "refsource":"CONFIRM", + "name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10287", + "url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10287" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", - "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" + "refsource":"MLIST", + "name":"[oss-security] 20190628 Re: linux-distros membership application - Microsoft", + "url":"http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { - "refsource": "CONFIRM", - "name": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", - "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html" + "refsource":"CONFIRM", + "name":"http://www.vmware.com/security/advisories/VMSA-2019-0010.html", + "url":"http://www.vmware.com/security/advisories/VMSA-2019-0010.html" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", - "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" + "refsource":"MLIST", + "name":"[oss-security] 20190706 Re: linux-distros membership application - Microsoft", + "url":"http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", - "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" + "refsource":"MLIST", + "name":"[oss-security] 20190706 Re: linux-distros membership application - Microsoft", + "url":"http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1699", - "url": "https://access.redhat.com/errata/RHSA-2019:1699" + "refsource":"REDHAT", + "name":"RHSA-2019:1699", + "url":"https://access.redhat.com/errata/RHSA-2019:1699" }, { - "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" + "refsource":"CONFIRM", + "name":"https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", + "url":"https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { - "refsource": "MISC", - "name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", - "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" + "refsource":"MISC", + "name":"https://www.us-cert.gov/ics/advisories/icsa-19-253-03", + "url":"https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", - "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", + "url":"http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" }, { - "refsource": "MLIST", - "name": "[oss-security] 20191023 Membership application for linux-distros - VMware", - "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1" + "refsource":"MLIST", + "name":"[oss-security] 20191023 Membership application for linux-distros - VMware", + "url":"http://www.openwall.com/lists/oss-security/2019/10/24/1" }, { - "refsource": "MLIST", - "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", - "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" + "refsource":"MLIST", + "name":"[oss-security] 20191029 Re: Membership application for linux-distros - VMware", + "url":"http://www.openwall.com/lists/oss-security/2019/10/29/3" }, { - "refsource": "CONFIRM", - "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en", - "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en" + "refsource":"CONFIRM", + "name":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en", + "url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "advisory": "https://usn.ubuntu.com/4017-1", - "defect": [ + "source":{ + "advisory":"https://usn.ubuntu.com/4017-1", + "defect":[ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831637" ], - "discovery": "UNKNOWN" + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11478.json b/2019/11xxx/CVE-2019-11478.json index 1edf4ccc9ce..fc83e8bbeab 100644 --- a/2019/11xxx/CVE-2019-11478.json +++ b/2019/11xxx/CVE-2019-11478.json @@ -1,243 +1,247 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@ubuntu.com", - "DATE_PUBLIC": "2019-06-17T00:00:00.000Z", - "ID": "CVE-2019-11478", - "STATE": "PUBLIC", - "TITLE": "SACK can cause extensive memory use via fragmented resend queue" + "CVE_data_meta":{ + "ASSIGNER":"security@ubuntu.com", + "DATE_PUBLIC":"2019-06-17T00:00:00.000Z", + "ID":"CVE-2019-11478", + "STATE":"PUBLIC", + "TITLE":"SACK can cause extensive memory use via fragmented resend queue" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Linux kernel", - "version": { - "version_data": [ + "product_name":"Linux kernel", + "version":{ + "version_data":[ { - "version_affected": "<", - "version_name": "4.4", - "version_value": "4.4.182" + "version_affected":"<", + "version_name":"4.4", + "version_value":"4.4.182" }, { - "version_affected": "<", - "version_name": "4.9", - "version_value": "4.9.182" + "version_affected":"<", + "version_name":"4.9", + "version_value":"4.9.182" }, { - "version_affected": "<", - "version_name": "4.14", - "version_value": "4.14.127" + "version_affected":"<", + "version_name":"4.14", + "version_value":"4.14.127" }, { - "version_affected": "<", - "version_name": "4.19", - "version_value": "4.19.52" + "version_affected":"<", + "version_name":"4.19", + "version_value":"4.19.52" }, { - "version_affected": "<", - "version_name": "5.1", - "version_value": "5.1.11" + "version_affected":"<", + "version_name":"5.1", + "version_value":"5.1.11" } ] } } ] }, - "vendor_name": "Linux" + "vendor_name":"Linux" } ] } }, - "credit": [ + "credit":[ { - "lang": "eng", - "value": "Jonathan Looney from Netflix" + "lang":"eng", + "value":"Jonathan Looney from Netflix" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e." + "lang":"eng", + "value":"Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e." } ] }, - "generator": { - "engine": "Vulnogram 0.0.7" + "generator":{ + "engine":"Vulnogram 0.0.7" }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 5.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "version": "3.0" + "impact":{ + "cvss":{ + "attackComplexity":"LOW", + "attackVector":"NETWORK", + "availabilityImpact":"LOW", + "baseScore":5.3, + "baseSeverity":"MEDIUM", + "confidentialityImpact":"NONE", + "integrityImpact":"NONE", + "privilegesRequired":"NONE", + "scope":"UNCHANGED", + "userInteraction":"NONE", + "vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version":"3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-770 Allocation of Resources Without Limits or Throttling" + "lang":"eng", + "value":"CWE-770 Allocation of Resources Without Limits or Throttling" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", - "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" + "refsource":"MISC", + "url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", + "name":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { - "refsource": "MISC", - "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", - "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" + "refsource":"MISC", + "url":"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", + "name":"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { - "refsource": "MISC", - "url": "https://access.redhat.com/security/vulnerabilities/tcpsack", - "name": "https://access.redhat.com/security/vulnerabilities/tcpsack" + "refsource":"MISC", + "url":"https://access.redhat.com/security/vulnerabilities/tcpsack", + "name":"https://access.redhat.com/security/vulnerabilities/tcpsack" }, { - "refsource": "MISC", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e", - "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e" + "refsource":"MISC", + "url":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e", + "name":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K26618426", - "url": "https://support.f5.com/csp/article/K26618426" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K26618426", + "url":"https://support.f5.com/csp/article/K26618426" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", - "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", + "url":"http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html" }, { - "refsource": "CONFIRM", - "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", - "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" + "refsource":"CONFIRM", + "name":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", + "url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { - "refsource": "CERT-VN", - "name": "VU#905115", - "url": "https://www.kb.cert.org/vuls/id/905115" + "refsource":"CERT-VN", + "name":"VU#905115", + "url":"https://www.kb.cert.org/vuls/id/905115" }, { - "refsource": "CONFIRM", - "name": "https://www.synology.com/security/advisory/Synology_SA_19_28", - "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" + "refsource":"CONFIRM", + "name":"https://www.synology.com/security/advisory/Synology_SA_19_28", + "url":"https://www.synology.com/security/advisory/Synology_SA_19_28" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190625-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190625-0001/", + "url":"https://security.netapp.com/advisory/ntap-20190625-0001/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1594", - "url": "https://access.redhat.com/errata/RHSA-2019:1594" + "refsource":"REDHAT", + "name":"RHSA-2019:1594", + "url":"https://access.redhat.com/errata/RHSA-2019:1594" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1602", - "url": "https://access.redhat.com/errata/RHSA-2019:1602" + "refsource":"REDHAT", + "name":"RHSA-2019:1602", + "url":"https://access.redhat.com/errata/RHSA-2019:1602" }, { - "refsource": "CONFIRM", - "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007", - "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007" + "refsource":"CONFIRM", + "name":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007", + "url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007" }, { - "refsource": "CONFIRM", - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287" + "refsource":"CONFIRM", + "name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10287", + "url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10287" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", - "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" + "refsource":"MLIST", + "name":"[oss-security] 20190628 Re: linux-distros membership application - Microsoft", + "url":"http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { - "refsource": "CONFIRM", - "name": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", - "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html" + "refsource":"CONFIRM", + "name":"http://www.vmware.com/security/advisories/VMSA-2019-0010.html", + "url":"http://www.vmware.com/security/advisories/VMSA-2019-0010.html" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", - "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" + "refsource":"MLIST", + "name":"[oss-security] 20190706 Re: linux-distros membership application - Microsoft", + "url":"http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", - "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" + "refsource":"MLIST", + "name":"[oss-security] 20190706 Re: linux-distros membership application - Microsoft", + "url":"http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1699", - "url": "https://access.redhat.com/errata/RHSA-2019:1699" + "refsource":"REDHAT", + "name":"RHSA-2019:1699", + "url":"https://access.redhat.com/errata/RHSA-2019:1699" }, { - "refsource": "BUGTRAQ", - "name": "20190722 [SECURITY] [DSA 4484-1] linux security update", - "url": "https://seclists.org/bugtraq/2019/Jul/30" + "refsource":"BUGTRAQ", + "name":"20190722 [SECURITY] [DSA 4484-1] linux security update", + "url":"https://seclists.org/bugtraq/2019/Jul/30" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html", - "url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html", + "url":"http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html" }, { - "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" + "refsource":"CONFIRM", + "name":"https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", + "url":"https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { - "refsource": "MISC", - "name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", - "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" + "refsource":"MISC", + "name":"https://www.us-cert.gov/ics/advisories/icsa-19-253-03", + "url":"https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", - "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", + "url":"http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" }, { - "refsource": "MLIST", - "name": "[oss-security] 20191023 Membership application for linux-distros - VMware", - "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1" + "refsource":"MLIST", + "name":"[oss-security] 20191023 Membership application for linux-distros - VMware", + "url":"http://www.openwall.com/lists/oss-security/2019/10/24/1" }, { - "refsource": "MLIST", - "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", - "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" + "refsource":"MLIST", + "name":"[oss-security] 20191029 Re: Membership application for linux-distros - VMware", + "url":"http://www.openwall.com/lists/oss-security/2019/10/29/3" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "advisory": "https://usn.ubuntu.com/4017-1", - "defect": [ + "source":{ + "advisory":"https://usn.ubuntu.com/4017-1", + "defect":[ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831638" ], - "discovery": "UNKNOWN" + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11479.json b/2019/11xxx/CVE-2019-11479.json index 0909cbc3314..3e0a7414856 100644 --- a/2019/11xxx/CVE-2019-11479.json +++ b/2019/11xxx/CVE-2019-11479.json @@ -1,231 +1,235 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@ubuntu.com", - "DATE_PUBLIC": "2019-06-17T00:00:00.000Z", - "ID": "CVE-2019-11479", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"security@ubuntu.com", + "DATE_PUBLIC":"2019-06-17T00:00:00.000Z", + "ID":"CVE-2019-11479", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Linux kernel", - "version": { - "version_data": [ + "product_name":"Linux kernel", + "version":{ + "version_data":[ { - "version_affected": "<", - "version_name": "4.4", - "version_value": "4.4.182" + "version_affected":"<", + "version_name":"4.4", + "version_value":"4.4.182" }, { - "version_affected": "<", - "version_name": "4.9", - "version_value": "4.9.182" + "version_affected":"<", + "version_name":"4.9", + "version_value":"4.9.182" }, { - "version_affected": "<", - "version_name": "4.14", - "version_value": "4.14.127" + "version_affected":"<", + "version_name":"4.14", + "version_value":"4.14.127" }, { - "version_affected": "<", - "version_name": "4.19", - "version_value": "4.19.52" + "version_affected":"<", + "version_name":"4.19", + "version_value":"4.19.52" }, { - "version_affected": "<", - "version_name": "5.1", - "version_value": "5.1.11" + "version_affected":"<", + "version_name":"5.1", + "version_value":"5.1.11" } ] } } ] }, - "vendor_name": "Linux" + "vendor_name":"Linux" } ] } }, - "credit": [ + "credit":[ { - "lang": "eng", - "value": "Jonathan Looney from Netflix" + "lang":"eng", + "value":"Jonathan Looney from Netflix" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363." + "lang":"eng", + "value":"Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363." } ] }, - "generator": { - "engine": "Vulnogram 0.0.7" + "generator":{ + "engine":"Vulnogram 0.0.7" }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 5.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "version": "3.0" + "impact":{ + "cvss":{ + "attackComplexity":"LOW", + "attackVector":"NETWORK", + "availabilityImpact":"LOW", + "baseScore":5.3, + "baseSeverity":"MEDIUM", + "confidentialityImpact":"NONE", + "integrityImpact":"NONE", + "privilegesRequired":"NONE", + "scope":"UNCHANGED", + "userInteraction":"NONE", + "vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version":"3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-405 Asymmetric Resource Consumption (Amplification)" + "lang":"eng", + "value":"CWE-405 Asymmetric Resource Consumption (Amplification)" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", - "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" + "refsource":"MISC", + "url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", + "name":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { - "refsource": "MISC", - "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", - "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" + "refsource":"MISC", + "url":"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", + "name":"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { - "refsource": "MISC", - "url": "https://access.redhat.com/security/vulnerabilities/tcpsack", - "name": "https://access.redhat.com/security/vulnerabilities/tcpsack" + "refsource":"MISC", + "url":"https://access.redhat.com/security/vulnerabilities/tcpsack", + "name":"https://access.redhat.com/security/vulnerabilities/tcpsack" }, { - "refsource": "MISC", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363", - "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363" + "refsource":"MISC", + "url":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363", + "name":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363" }, { - "refsource": "MISC", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6", - "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6" + "refsource":"MISC", + "url":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6", + "name":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K35421172", - "url": "https://support.f5.com/csp/article/K35421172" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K35421172", + "url":"https://support.f5.com/csp/article/K35421172" }, { - "refsource": "BID", - "name": "108818", - "url": "http://www.securityfocus.com/bid/108818" + "refsource":"BID", + "name":"108818", + "url":"http://www.securityfocus.com/bid/108818" }, { - "refsource": "CONFIRM", - "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", - "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" + "refsource":"CONFIRM", + "name":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", + "url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { - "refsource": "CERT-VN", - "name": "VU#905115", - "url": "https://www.kb.cert.org/vuls/id/905115" + "refsource":"CERT-VN", + "name":"VU#905115", + "url":"https://www.kb.cert.org/vuls/id/905115" }, { - "refsource": "CONFIRM", - "name": "https://www.synology.com/security/advisory/Synology_SA_19_28", - "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" + "refsource":"CONFIRM", + "name":"https://www.synology.com/security/advisory/Synology_SA_19_28", + "url":"https://www.synology.com/security/advisory/Synology_SA_19_28" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190625-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190625-0001/", + "url":"https://security.netapp.com/advisory/ntap-20190625-0001/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1594", - "url": "https://access.redhat.com/errata/RHSA-2019:1594" + "refsource":"REDHAT", + "name":"RHSA-2019:1594", + "url":"https://access.redhat.com/errata/RHSA-2019:1594" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1602", - "url": "https://access.redhat.com/errata/RHSA-2019:1602" + "refsource":"REDHAT", + "name":"RHSA-2019:1602", + "url":"https://access.redhat.com/errata/RHSA-2019:1602" }, { - "refsource": "CONFIRM", - "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008", - "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008" + "refsource":"CONFIRM", + "name":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008", + "url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008" }, { - "refsource": "CONFIRM", - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287" + "refsource":"CONFIRM", + "name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10287", + "url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10287" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", - "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" + "refsource":"MLIST", + "name":"[oss-security] 20190628 Re: linux-distros membership application - Microsoft", + "url":"http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { - "refsource": "UBUNTU", - "name": "USN-4041-2", - "url": "https://usn.ubuntu.com/4041-2/" + "refsource":"UBUNTU", + "name":"USN-4041-2", + "url":"https://usn.ubuntu.com/4041-2/" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", - "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" + "refsource":"MLIST", + "name":"[oss-security] 20190706 Re: linux-distros membership application - Microsoft", + "url":"http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", - "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" + "refsource":"MLIST", + "name":"[oss-security] 20190706 Re: linux-distros membership application - Microsoft", + "url":"http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1699", - "url": "https://access.redhat.com/errata/RHSA-2019:1699" + "refsource":"REDHAT", + "name":"RHSA-2019:1699", + "url":"https://access.redhat.com/errata/RHSA-2019:1699" }, { - "refsource": "UBUNTU", - "name": "USN-4041-1", - "url": "https://usn.ubuntu.com/4041-1/" + "refsource":"UBUNTU", + "name":"USN-4041-1", + "url":"https://usn.ubuntu.com/4041-1/" }, { - "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" + "refsource":"CONFIRM", + "name":"https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", + "url":"https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { - "refsource": "MISC", - "name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", - "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" + "refsource":"MISC", + "name":"https://www.us-cert.gov/ics/advisories/icsa-19-253-03", + "url":"https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K35421172?utm_source=f5support&utm_medium=RSS", - "url": "https://support.f5.com/csp/article/K35421172?utm_source=f5support&utm_medium=RSS" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K35421172?utm_source=f5support&utm_medium=RSS", + "url":"https://support.f5.com/csp/article/K35421172?utm_source=f5support&utm_medium=RSS" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "defect": [ + "source":{ + "defect":[ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1832286" ], - "discovery": "UNKNOWN" + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12086.json b/2019/12xxx/CVE-2019-12086.json index f32e263ec61..6d7301e47ed 100644 --- a/2019/12xxx/CVE-2019-12086.json +++ b/2019/12xxx/CVE-2019-12086.json @@ -1,216 +1,220 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-12086", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-12086", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation." + "lang":"eng", + "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", - "refsource": "MISC", - "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" + "url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "refsource":"MISC", + "name":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { - "url": "http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/", - "refsource": "MISC", - "name": "http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/" + "url":"http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/", + "refsource":"MISC", + "name":"http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/" }, { - "url": "https://github.com/FasterXML/jackson-databind/issues/2326", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/issues/2326" + "url":"https://github.com/FasterXML/jackson-databind/issues/2326", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/issues/2326" }, { - "refsource": "CONFIRM", - "name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9", - "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9" + "refsource":"CONFIRM", + "name":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9", + "url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9" }, { - "refsource": "MLIST", - "name": "[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757", - "url": "https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E" + "refsource":"MLIST", + "name":"[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757", + "url":"https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html" }, { - "refsource": "DEBIAN", - "name": "DSA-4452", - "url": "https://www.debian.org/security/2019/dsa-4452" + "refsource":"DEBIAN", + "name":"DSA-4452", + "url":"https://www.debian.org/security/2019/dsa-4452" }, { - "refsource": "BUGTRAQ", - "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", - "url": "https://seclists.org/bugtraq/2019/May/68" + "refsource":"BUGTRAQ", + "name":"20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", + "url":"https://seclists.org/bugtraq/2019/May/68" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190530-0003/", - "url": "https://security.netapp.com/advisory/ntap-20190530-0003/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190530-0003/", + "url":"https://security.netapp.com/advisory/ntap-20190530-0003/" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "BID", - "name": "109227", - "url": "http://www.securityfocus.com/bid/109227" + "refsource":"BID", + "name":"109227", + "url":"http://www.securityfocus.com/bid/109227" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-99ff6aa32c", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" + "refsource":"FEDORA", + "name":"FEDORA-2019-99ff6aa32c", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" }, { - "refsource": "MLIST", - "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", - "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" + "refsource":"MLIST", + "name":"[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", + "url":"https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-ae6a703b8f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" + "refsource":"FEDORA", + "name":"FEDORA-2019-ae6a703b8f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-fb23eccc03", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" + "refsource":"FEDORA", + "name":"FEDORA-2019-fb23eccc03", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2858", - "url": "https://access.redhat.com/errata/RHSA-2019:2858" + "refsource":"REDHAT", + "name":"RHSA-2019:2858", + "url":"https://access.redhat.com/errata/RHSA-2019:2858" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2937", - "url": "https://access.redhat.com/errata/RHSA-2019:2937" + "refsource":"REDHAT", + "name":"RHSA-2019:2937", + "url":"https://access.redhat.com/errata/RHSA-2019:2937" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2935", - "url": "https://access.redhat.com/errata/RHSA-2019:2935" + "refsource":"REDHAT", + "name":"RHSA-2019:2935", + "url":"https://access.redhat.com/errata/RHSA-2019:2935" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2936", - "url": "https://access.redhat.com/errata/RHSA-2019:2936" + "refsource":"REDHAT", + "name":"RHSA-2019:2936", + "url":"https://access.redhat.com/errata/RHSA-2019:2936" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2938", - "url": "https://access.redhat.com/errata/RHSA-2019:2938" + "refsource":"REDHAT", + "name":"RHSA-2019:2938", + "url":"https://access.redhat.com/errata/RHSA-2019:2938" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2998", - "url": "https://access.redhat.com/errata/RHSA-2019:2998" + "refsource":"REDHAT", + "name":"RHSA-2019:2998", + "url":"https://access.redhat.com/errata/RHSA-2019:2998" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3044", - "url": "https://access.redhat.com/errata/RHSA-2019:3044" + "refsource":"REDHAT", + "name":"RHSA-2019:3044", + "url":"https://access.redhat.com/errata/RHSA-2019:3044" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3045", - "url": "https://access.redhat.com/errata/RHSA-2019:3045" + "refsource":"REDHAT", + "name":"RHSA-2019:3045", + "url":"https://access.redhat.com/errata/RHSA-2019:3045" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3050", - "url": "https://access.redhat.com/errata/RHSA-2019:3050" + "refsource":"REDHAT", + "name":"RHSA-2019:3050", + "url":"https://access.redhat.com/errata/RHSA-2019:3050" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3046", - "url": "https://access.redhat.com/errata/RHSA-2019:3046" + "refsource":"REDHAT", + "name":"RHSA-2019:3046", + "url":"https://access.redhat.com/errata/RHSA-2019:3046" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3149", - "url": "https://access.redhat.com/errata/RHSA-2019:3149" + "refsource":"REDHAT", + "name":"RHSA-2019:3149", + "url":"https://access.redhat.com/errata/RHSA-2019:3149" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3200", - "url": "https://access.redhat.com/errata/RHSA-2019:3200" + "refsource":"REDHAT", + "name":"RHSA-2019:3200", + "url":"https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource": "MLIST", - "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource":"MLIST", + "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/12xxx/CVE-2019-12384.json b/2019/12xxx/CVE-2019-12384.json index 4bd09f980ee..73c8ac98112 100644 --- a/2019/12xxx/CVE-2019-12384.json +++ b/2019/12xxx/CVE-2019-12384.json @@ -1,261 +1,265 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-12384", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-12384", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible." + "lang":"eng", + "value":"FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://doyensec.com/research.html", - "refsource": "MISC", - "name": "https://doyensec.com/research.html" + "url":"https://doyensec.com/research.html", + "refsource":"MISC", + "name":"https://doyensec.com/research.html" }, { - "url": "https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad" + "url":"https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html" }, { - "refsource": "CONFIRM", - "name": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html", - "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html" + "refsource":"CONFIRM", + "name":"https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html", + "url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190703-0002/", - "url": "https://security.netapp.com/advisory/ntap-20190703-0002/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190703-0002/", + "url":"https://security.netapp.com/advisory/ntap-20190703-0002/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1820", - "url": "https://access.redhat.com/errata/RHSA-2019:1820" + "refsource":"REDHAT", + "name":"RHSA-2019:1820", + "url":"https://access.redhat.com/errata/RHSA-2019:1820" }, { - "refsource": "MISC", - "name": "https://blog.doyensec.com/2019/07/22/jackson-gadgets.html", - "url": "https://blog.doyensec.com/2019/07/22/jackson-gadgets.html" + "refsource":"MISC", + "name":"https://blog.doyensec.com/2019/07/22/jackson-gadgets.html", + "url":"https://blog.doyensec.com/2019/07/22/jackson-gadgets.html" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", - "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" + "refsource":"MLIST", + "name":"[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", + "url":"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2720", - "url": "https://access.redhat.com/errata/RHSA-2019:2720" + "refsource":"REDHAT", + "name":"RHSA-2019:2720", + "url":"https://access.redhat.com/errata/RHSA-2019:2720" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-99ff6aa32c", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" + "refsource":"FEDORA", + "name":"FEDORA-2019-99ff6aa32c", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" }, { - "refsource": "MLIST", - "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", - "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" + "refsource":"MLIST", + "name":"[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", + "url":"https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-ae6a703b8f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" + "refsource":"FEDORA", + "name":"FEDORA-2019-ae6a703b8f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-fb23eccc03", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" + "refsource":"FEDORA", + "name":"FEDORA-2019-fb23eccc03", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2858", - "url": "https://access.redhat.com/errata/RHSA-2019:2858" + "refsource":"REDHAT", + "name":"RHSA-2019:2858", + "url":"https://access.redhat.com/errata/RHSA-2019:2858" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2937", - "url": "https://access.redhat.com/errata/RHSA-2019:2937" + "refsource":"REDHAT", + "name":"RHSA-2019:2937", + "url":"https://access.redhat.com/errata/RHSA-2019:2937" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2935", - "url": "https://access.redhat.com/errata/RHSA-2019:2935" + "refsource":"REDHAT", + "name":"RHSA-2019:2935", + "url":"https://access.redhat.com/errata/RHSA-2019:2935" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2936", - "url": "https://access.redhat.com/errata/RHSA-2019:2936" + "refsource":"REDHAT", + "name":"RHSA-2019:2936", + "url":"https://access.redhat.com/errata/RHSA-2019:2936" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2938", - "url": "https://access.redhat.com/errata/RHSA-2019:2938" + "refsource":"REDHAT", + "name":"RHSA-2019:2938", + "url":"https://access.redhat.com/errata/RHSA-2019:2938" }, { - "refsource": "DEBIAN", - "name": "DSA-4542", - "url": "https://www.debian.org/security/2019/dsa-4542" + "refsource":"DEBIAN", + "name":"DSA-4542", + "url":"https://www.debian.org/security/2019/dsa-4542" }, { - "refsource": "BUGTRAQ", - "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", - "url": "https://seclists.org/bugtraq/2019/Oct/6" + "refsource":"BUGTRAQ", + "name":"20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", + "url":"https://seclists.org/bugtraq/2019/Oct/6" }, { - "refsource": "MLIST", - "name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix", - "url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E" + "refsource":"MLIST", + "name":"[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix", + "url":"https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2998", - "url": "https://access.redhat.com/errata/RHSA-2019:2998" + "refsource":"REDHAT", + "name":"RHSA-2019:2998", + "url":"https://access.redhat.com/errata/RHSA-2019:2998" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3149", - "url": "https://access.redhat.com/errata/RHSA-2019:3149" + "refsource":"REDHAT", + "name":"RHSA-2019:3149", + "url":"https://access.redhat.com/errata/RHSA-2019:3149" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3200", - "url": "https://access.redhat.com/errata/RHSA-2019:3200" + "refsource":"REDHAT", + "name":"RHSA-2019:3200", + "url":"https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3292", - "url": "https://access.redhat.com/errata/RHSA-2019:3292" + "refsource":"REDHAT", + "name":"RHSA-2019:3292", + "url":"https://access.redhat.com/errata/RHSA-2019:3292" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3297", - "url": "https://access.redhat.com/errata/RHSA-2019:3297" + "refsource":"REDHAT", + "name":"RHSA-2019:3297", + "url":"https://access.redhat.com/errata/RHSA-2019:3297" }, { - "refsource": "MLIST", - "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource":"MLIST", + "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3901", - "url": "https://access.redhat.com/errata/RHSA-2019:3901" + "refsource":"REDHAT", + "name":"RHSA-2019:3901", + "url":"https://access.redhat.com/errata/RHSA-2019:3901" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:4352", - "url": "https://access.redhat.com/errata/RHSA-2019:4352" + "refsource":"REDHAT", + "name":"RHSA-2019:4352", + "url":"https://access.redhat.com/errata/RHSA-2019:4352" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/12xxx/CVE-2019-12406.json b/2019/12xxx/CVE-2019-12406.json index 9065dd7da7a..54352da2e7d 100644 --- a/2019/12xxx/CVE-2019-12406.json +++ b/2019/12xxx/CVE-2019-12406.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-12406", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-12406", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "n/a", - "product": { - "product_data": [ + "vendor_name":"n/a", + "product":{ + "product_data":[ { - "product_name": "Apache CXF", - "version": { - "version_data": [ + "product_name":"Apache CXF", + "version":{ + "version_data":[ { - "version_value": "Apache CXF versions before 3.3.4 and 3.2.11" + "version_value":"Apache CXF versions before 3.3.4 and 3.2.11" } ] } @@ -30,32 +31,35 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Denial of Service" + "lang":"eng", + "value":"Denial of Service" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "CONFIRM", - "name": "http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.asc", - "url": "http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.asc" + "refsource":"CONFIRM", + "name":"http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.asc", + "url":"http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.asc" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property \"attachment-max-count\"." + "lang":"eng", + "value":"Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property \"attachment-max-count\"." } ] } diff --git a/2019/12xxx/CVE-2019-12415.json b/2019/12xxx/CVE-2019-12415.json index 34c699e4944..f9bcfd5d065 100644 --- a/2019/12xxx/CVE-2019-12415.json +++ b/2019/12xxx/CVE-2019-12415.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-12415", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-12415", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "n/a", - "product": { - "product_data": [ + "vendor_name":"n/a", + "product":{ + "product_data":[ { - "product_name": "Apache POI", - "version": { - "version_data": [ + "product_name":"Apache POI", + "version":{ + "version_data":[ { - "version_value": "Apache POI up to 4.1.0" + "version_value":"Apache POI up to 4.1.0" } ] } @@ -30,47 +31,50 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Information Disclosure" + "lang":"eng", + "value":"Information Disclosure" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "name": "https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@%3Cannounce.apache.org%3E", - "url": "https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@%3Cannounce.apache.org%3E" + "refsource":"MISC", + "name":"https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@%3Cannounce.apache.org%3E", + "url":"https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@%3Cannounce.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-user] 20191105 Is tika-parsers exposed to CVE-2019-12415", - "url": "https://lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c@%3Cuser.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-user] 20191105 Is tika-parsers exposed to CVE-2019-12415", + "url":"https://lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c@%3Cuser.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-user] 20191105 Re: Is tika-parsers exposed to CVE-2019-12415", - "url": "https://lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007@%3Cuser.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-user] 20191105 Re: Is tika-parsers exposed to CVE-2019-12415", + "url":"https://lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007@%3Cuser.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-user] 20191106 Re: Is tika-parsers exposed to CVE-2019-12415", - "url": "https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c@%3Cuser.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-user] 20191106 Re: Is tika-parsers exposed to CVE-2019-12415", + "url":"https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c@%3Cuser.tika.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing." + "lang":"eng", + "value":"In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing." } ] } diff --git a/2019/12xxx/CVE-2019-12419.json b/2019/12xxx/CVE-2019-12419.json index 2330be8ea3c..83539ad99e0 100644 --- a/2019/12xxx/CVE-2019-12419.json +++ b/2019/12xxx/CVE-2019-12419.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-12419", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-12419", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "Apache", - "product": { - "product_data": [ + "vendor_name":"Apache", + "product":{ + "product_data":[ { - "product_name": "Apache CXF", - "version": { - "version_data": [ + "product_name":"Apache CXF", + "version":{ + "version_data":[ { - "version_value": "versions before 3.3.4 and 3.2.11" + "version_value":"versions before 3.3.4 and 3.2.11" } ] } @@ -30,32 +31,35 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Apache CXF OpenId Connect token service does not properly validate the clientId" + "lang":"eng", + "value":"Apache CXF OpenId Connect token service does not properly validate the clientId" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "CONFIRM", - "name": "http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc", - "url": "http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc" + "refsource":"CONFIRM", + "name":"http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc", + "url":"http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client." + "lang":"eng", + "value":"Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client." } ] } diff --git a/2019/12xxx/CVE-2019-12814.json b/2019/12xxx/CVE-2019-12814.json index fd8897ee5a1..f8615ae7a61 100644 --- a/2019/12xxx/CVE-2019-12814.json +++ b/2019/12xxx/CVE-2019-12814.json @@ -1,311 +1,315 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-12814", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-12814", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server." + "lang":"eng", + "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "CONFIRM", - "name": "https://github.com/FasterXML/jackson-databind/issues/2341", - "url": "https://github.com/FasterXML/jackson-databind/issues/2341" + "refsource":"CONFIRM", + "name":"https://github.com/FasterXML/jackson-databind/issues/2341", + "url":"https://github.com/FasterXML/jackson-databind/issues/2341" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html" }, { - "refsource": "MLIST", - "name": "[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0@%3Cnotifications.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0@%3Cnotifications.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957@%3Cissues.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957@%3Cissues.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1@%3Cissues.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1@%3Cissues.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731@%3Cdev.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731@%3Cdev.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324@%3Cnotifications.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324@%3Cnotifications.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682@%3Cnotifications.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682@%3Cnotifications.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4@%3Cnotifications.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4@%3Cnotifications.zookeeper.apache.org%3E" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190625-0006/", - "url": "https://security.netapp.com/advisory/ntap-20190625-0006/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190625-0006/", + "url":"https://security.netapp.com/advisory/ntap-20190625-0006/" }, { - "refsource": "MLIST", - "name": "[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f@%3Cissues.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f@%3Cissues.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2@%3Cnotifications.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2@%3Cnotifications.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3@%3Cissues.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3@%3Cissues.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c@%3Cissues.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c@%3Cissues.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560@%3Cissues.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560@%3Cissues.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209@%3Cissues.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209@%3Cissues.zookeeper.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "MLIST", - "name": "[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1", - "url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd@%3Ccommits.accumulo.apache.org%3E" + "refsource":"MLIST", + "name":"[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1", + "url":"https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd@%3Ccommits.accumulo.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", - "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" + "refsource":"MLIST", + "name":"[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", + "url":"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-99ff6aa32c", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" + "refsource":"FEDORA", + "name":"FEDORA-2019-99ff6aa32c", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" }, { - "refsource": "MLIST", - "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", - "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" + "refsource":"MLIST", + "name":"[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", + "url":"https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-ae6a703b8f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" + "refsource":"FEDORA", + "name":"FEDORA-2019-ae6a703b8f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-fb23eccc03", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" + "refsource":"FEDORA", + "name":"FEDORA-2019-fb23eccc03", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2858", - "url": "https://access.redhat.com/errata/RHSA-2019:2858" + "refsource":"REDHAT", + "name":"RHSA-2019:2858", + "url":"https://access.redhat.com/errata/RHSA-2019:2858" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2937", - "url": "https://access.redhat.com/errata/RHSA-2019:2937" + "refsource":"REDHAT", + "name":"RHSA-2019:2937", + "url":"https://access.redhat.com/errata/RHSA-2019:2937" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2935", - "url": "https://access.redhat.com/errata/RHSA-2019:2935" + "refsource":"REDHAT", + "name":"RHSA-2019:2935", + "url":"https://access.redhat.com/errata/RHSA-2019:2935" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2936", - "url": "https://access.redhat.com/errata/RHSA-2019:2936" + "refsource":"REDHAT", + "name":"RHSA-2019:2936", + "url":"https://access.redhat.com/errata/RHSA-2019:2936" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2938", - "url": "https://access.redhat.com/errata/RHSA-2019:2938" + "refsource":"REDHAT", + "name":"RHSA-2019:2938", + "url":"https://access.redhat.com/errata/RHSA-2019:2938" }, { - "refsource": "MLIST", - "name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix", - "url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E" + "refsource":"MLIST", + "name":"[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix", + "url":"https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3044", - "url": "https://access.redhat.com/errata/RHSA-2019:3044" + "refsource":"REDHAT", + "name":"RHSA-2019:3044", + "url":"https://access.redhat.com/errata/RHSA-2019:3044" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3045", - "url": "https://access.redhat.com/errata/RHSA-2019:3045" + "refsource":"REDHAT", + "name":"RHSA-2019:3045", + "url":"https://access.redhat.com/errata/RHSA-2019:3045" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3050", - "url": "https://access.redhat.com/errata/RHSA-2019:3050" + "refsource":"REDHAT", + "name":"RHSA-2019:3050", + "url":"https://access.redhat.com/errata/RHSA-2019:3050" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3046", - "url": "https://access.redhat.com/errata/RHSA-2019:3046" + "refsource":"REDHAT", + "name":"RHSA-2019:3046", + "url":"https://access.redhat.com/errata/RHSA-2019:3046" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3149", - "url": "https://access.redhat.com/errata/RHSA-2019:3149" + "refsource":"REDHAT", + "name":"RHSA-2019:3149", + "url":"https://access.redhat.com/errata/RHSA-2019:3149" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3200", - "url": "https://access.redhat.com/errata/RHSA-2019:3200" + "refsource":"REDHAT", + "name":"RHSA-2019:3200", + "url":"https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3292", - "url": "https://access.redhat.com/errata/RHSA-2019:3292" + "refsource":"REDHAT", + "name":"RHSA-2019:3292", + "url":"https://access.redhat.com/errata/RHSA-2019:3292" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3297", - "url": "https://access.redhat.com/errata/RHSA-2019:3297" + "refsource":"REDHAT", + "name":"RHSA-2019:3297", + "url":"https://access.redhat.com/errata/RHSA-2019:3297" }, { - "refsource": "MLIST", - "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource":"MLIST", + "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/13xxx/CVE-2019-13117.json b/2019/13xxx/CVE-2019-13117.json index 71e9a71dd90..811b5747507 100644 --- a/2019/13xxx/CVE-2019-13117.json +++ b/2019/13xxx/CVE-2019-13117.json @@ -1,96 +1,100 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-13117", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-13117", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character." + "lang":"eng", + "value":"In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1", - "refsource": "MISC", - "name": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1" + "url":"https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1", + "refsource":"MISC", + "name":"https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1" }, { - "url": "https://oss-fuzz.com/testcase-detail/5631739747106816", - "refsource": "MISC", - "name": "https://oss-fuzz.com/testcase-detail/5631739747106816" + "url":"https://oss-fuzz.com/testcase-detail/5631739747106816", + "refsource":"MISC", + "name":"https://oss-fuzz.com/testcase-detail/5631739747106816" }, { - "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471", - "refsource": "MISC", - "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471" + "url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471", + "refsource":"MISC", + "name":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190806-0004/", - "url": "https://security.netapp.com/advisory/ntap-20190806-0004/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190806-0004/", + "url":"https://security.netapp.com/advisory/ntap-20190806-0004/" }, { - "refsource": "UBUNTU", - "name": "USN-4164-1", - "url": "https://usn.ubuntu.com/4164-1/" + "refsource":"UBUNTU", + "name":"USN-4164-1", + "url":"https://usn.ubuntu.com/4164-1/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-fdf6ec39b4", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/" + "refsource":"FEDORA", + "name":"FEDORA-2019-fdf6ec39b4", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/" }, { - "refsource": "MLIST", - "name": "[oss-security] 20191117 Nokogiri security update v1.10.5", - "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2" + "refsource":"MLIST", + "name":"[oss-security] 20191117 Nokogiri security update v1.10.5", + "url":"http://www.openwall.com/lists/oss-security/2019/11/17/2" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/13xxx/CVE-2019-13118.json b/2019/13xxx/CVE-2019-13118.json index dd85f0ef476..b7899589470 100644 --- a/2019/13xxx/CVE-2019-13118.json +++ b/2019/13xxx/CVE-2019-13118.json @@ -1,236 +1,240 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-13118", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-13118", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data." + "lang":"eng", + "value":"In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b", - "refsource": "MISC", - "name": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b" + "url":"https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b", + "refsource":"MISC", + "name":"https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b" }, { - "url": "https://oss-fuzz.com/testcase-detail/5197371471822848", - "refsource": "MISC", - "name": "https://oss-fuzz.com/testcase-detail/5197371471822848" + "url":"https://oss-fuzz.com/testcase-detail/5197371471822848", + "refsource":"MISC", + "name":"https://oss-fuzz.com/testcase-detail/5197371471822848" }, { - "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069", - "refsource": "MISC", - "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069" + "url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069", + "refsource":"MISC", + "name":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT210348", - "url": "https://support.apple.com/kb/HT210348" + "refsource":"CONFIRM", + "name":"https://support.apple.com/kb/HT210348", + "url":"https://support.apple.com/kb/HT210348" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT210353", - "url": "https://support.apple.com/kb/HT210353" + "refsource":"CONFIRM", + "name":"https://support.apple.com/kb/HT210353", + "url":"https://support.apple.com/kb/HT210353" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT210351", - "url": "https://support.apple.com/kb/HT210351" + "refsource":"CONFIRM", + "name":"https://support.apple.com/kb/HT210351", + "url":"https://support.apple.com/kb/HT210351" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT210346", - "url": "https://support.apple.com/kb/HT210346" + "refsource":"CONFIRM", + "name":"https://support.apple.com/kb/HT210346", + "url":"https://support.apple.com/kb/HT210346" }, { - "refsource": "BUGTRAQ", - "name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4", - "url": "https://seclists.org/bugtraq/2019/Jul/35" + "refsource":"BUGTRAQ", + "name":"20190723 APPLE-SA-2019-7-22-1 iOS 12.4", + "url":"https://seclists.org/bugtraq/2019/Jul/35" }, { - "refsource": "BUGTRAQ", - "name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4", - "url": "https://seclists.org/bugtraq/2019/Jul/37" + "refsource":"BUGTRAQ", + "name":"20190723 APPLE-SA-2019-7-22-5 tvOS 12.4", + "url":"https://seclists.org/bugtraq/2019/Jul/37" }, { - "refsource": "BUGTRAQ", - "name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3", - "url": "https://seclists.org/bugtraq/2019/Jul/36" + "refsource":"BUGTRAQ", + "name":"20190723 APPLE-SA-2019-7-22-4 watchOS 5.3", + "url":"https://seclists.org/bugtraq/2019/Jul/36" }, { - "refsource": "FULLDISC", - "name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3", - "url": "http://seclists.org/fulldisclosure/2019/Jul/24" + "refsource":"FULLDISC", + "name":"20190723 APPLE-SA-2019-7-22-4 watchOS 5.3", + "url":"http://seclists.org/fulldisclosure/2019/Jul/24" }, { - "refsource": "FULLDISC", - "name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4", - "url": "http://seclists.org/fulldisclosure/2019/Jul/23" + "refsource":"FULLDISC", + "name":"20190723 APPLE-SA-2019-7-22-1 iOS 12.4", + "url":"http://seclists.org/fulldisclosure/2019/Jul/23" }, { - "refsource": "FULLDISC", - "name": "20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", - "url": "http://seclists.org/fulldisclosure/2019/Jul/22" + "refsource":"FULLDISC", + "name":"20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", + "url":"http://seclists.org/fulldisclosure/2019/Jul/22" }, { - "refsource": "FULLDISC", - "name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4", - "url": "http://seclists.org/fulldisclosure/2019/Jul/26" + "refsource":"FULLDISC", + "name":"20190723 APPLE-SA-2019-7-22-5 tvOS 12.4", + "url":"http://seclists.org/fulldisclosure/2019/Jul/26" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT210356", - "url": "https://support.apple.com/kb/HT210356" + "refsource":"CONFIRM", + "name":"https://support.apple.com/kb/HT210356", + "url":"https://support.apple.com/kb/HT210356" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT210357", - "url": "https://support.apple.com/kb/HT210357" + "refsource":"CONFIRM", + "name":"https://support.apple.com/kb/HT210357", + "url":"https://support.apple.com/kb/HT210357" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT210358", - "url": "https://support.apple.com/kb/HT210358" + "refsource":"CONFIRM", + "name":"https://support.apple.com/kb/HT210358", + "url":"https://support.apple.com/kb/HT210358" }, { - "refsource": "BUGTRAQ", - "name": "20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6", - "url": "https://seclists.org/bugtraq/2019/Jul/42" + "refsource":"BUGTRAQ", + "name":"20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6", + "url":"https://seclists.org/bugtraq/2019/Jul/42" }, { - "refsource": "BUGTRAQ", - "name": "20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6", - "url": "https://seclists.org/bugtraq/2019/Jul/40" + "refsource":"BUGTRAQ", + "name":"20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6", + "url":"https://seclists.org/bugtraq/2019/Jul/40" }, { - "refsource": "BUGTRAQ", - "name": "20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13", - "url": "https://seclists.org/bugtraq/2019/Jul/41" + "refsource":"BUGTRAQ", + "name":"20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13", + "url":"https://seclists.org/bugtraq/2019/Jul/41" }, { - "refsource": "FULLDISC", - "name": "20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6", - "url": "http://seclists.org/fulldisclosure/2019/Jul/31" + "refsource":"FULLDISC", + "name":"20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6", + "url":"http://seclists.org/fulldisclosure/2019/Jul/31" }, { - "refsource": "FULLDISC", - "name": "20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13", - "url": "http://seclists.org/fulldisclosure/2019/Jul/37" + "refsource":"FULLDISC", + "name":"20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13", + "url":"http://seclists.org/fulldisclosure/2019/Jul/37" }, { - "refsource": "FULLDISC", - "name": "20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6", - "url": "http://seclists.org/fulldisclosure/2019/Jul/38" + "refsource":"FULLDISC", + "name":"20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6", + "url":"http://seclists.org/fulldisclosure/2019/Jul/38" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190806-0004/", - "url": "https://security.netapp.com/advisory/ntap-20190806-0004/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190806-0004/", + "url":"https://security.netapp.com/advisory/ntap-20190806-0004/" }, { - "refsource": "BUGTRAQ", - "name": "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4", - "url": "https://seclists.org/bugtraq/2019/Aug/25" + "refsource":"BUGTRAQ", + "name":"20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4", + "url":"https://seclists.org/bugtraq/2019/Aug/25" }, { - "refsource": "BUGTRAQ", - "name": "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3", - "url": "https://seclists.org/bugtraq/2019/Aug/22" + "refsource":"BUGTRAQ", + "name":"20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3", + "url":"https://seclists.org/bugtraq/2019/Aug/22" }, { - "refsource": "BUGTRAQ", - "name": "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4", - "url": "https://seclists.org/bugtraq/2019/Aug/23" + "refsource":"BUGTRAQ", + "name":"20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4", + "url":"https://seclists.org/bugtraq/2019/Aug/23" }, { - "refsource": "BUGTRAQ", - "name": "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", - "url": "https://seclists.org/bugtraq/2019/Aug/21" + "refsource":"BUGTRAQ", + "name":"20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", + "url":"https://seclists.org/bugtraq/2019/Aug/21" }, { - "refsource": "FULLDISC", - "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3", - "url": "http://seclists.org/fulldisclosure/2019/Aug/14" + "refsource":"FULLDISC", + "name":"20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3", + "url":"http://seclists.org/fulldisclosure/2019/Aug/14" }, { - "refsource": "FULLDISC", - "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", - "url": "http://seclists.org/fulldisclosure/2019/Aug/11" + "refsource":"FULLDISC", + "name":"20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", + "url":"http://seclists.org/fulldisclosure/2019/Aug/11" }, { - "refsource": "FULLDISC", - "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4", - "url": "http://seclists.org/fulldisclosure/2019/Aug/13" + "refsource":"FULLDISC", + "name":"20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4", + "url":"http://seclists.org/fulldisclosure/2019/Aug/13" }, { - "refsource": "FULLDISC", - "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4", - "url": "http://seclists.org/fulldisclosure/2019/Aug/15" + "refsource":"FULLDISC", + "name":"20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4", + "url":"http://seclists.org/fulldisclosure/2019/Aug/15" }, { - "refsource": "UBUNTU", - "name": "USN-4164-1", - "url": "https://usn.ubuntu.com/4164-1/" + "refsource":"UBUNTU", + "name":"USN-4164-1", + "url":"https://usn.ubuntu.com/4164-1/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-fdf6ec39b4", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/" + "refsource":"FEDORA", + "name":"FEDORA-2019-fdf6ec39b4", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/" }, { - "refsource": "MLIST", - "name": "[oss-security] 20191117 Nokogiri security update v1.10.5", - "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2" + "refsource":"MLIST", + "name":"[oss-security] 20191117 Nokogiri security update v1.10.5", + "url":"http://www.openwall.com/lists/oss-security/2019/11/17/2" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/14xxx/CVE-2019-14379.json b/2019/14xxx/CVE-2019-14379.json index 45c83e7656f..ddf0e5ed88c 100644 --- a/2019/14xxx/CVE-2019-14379.json +++ b/2019/14xxx/CVE-2019-14379.json @@ -1,301 +1,305 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-14379", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-14379", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution." + "lang":"eng", + "value":"SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://github.com/FasterXML/jackson-databind/issues/2387", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/issues/2387" + "url":"https://github.com/FasterXML/jackson-databind/issues/2387", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/issues/2387" }, { - "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2" + "url":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html" }, { - "refsource": "MLIST", - "name": "[ambari-commits] 20190813 [ambari] branch branch-2.7 updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379 (#3066)", - "url": "https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f@%3Ccommits.ambari.apache.org%3E" + "refsource":"MLIST", + "name":"[ambari-commits] 20190813 [ambari] branch branch-2.7 updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379 (#3066)", + "url":"https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f@%3Ccommits.ambari.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[ambari-commits] 20190813 [ambari] branch trunk updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379(trunk) (#3067)", - "url": "https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a@%3Ccommits.ambari.apache.org%3E" + "refsource":"MLIST", + "name":"[ambari-commits] 20190813 [ambari] branch trunk updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379(trunk) (#3067)", + "url":"https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a@%3Ccommits.ambari.apache.org%3E" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190814-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190814-0001/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190814-0001/", + "url":"https://security.netapp.com/advisory/ntap-20190814-0001/" }, { - "refsource": "MLIST", - "name": "[pulsar-commits] 20190822 [GitHub] [pulsar] massakam opened a new pull request #5011: [security] Upgrade jackson-databind", - "url": "https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb@%3Ccommits.pulsar.apache.org%3E" + "refsource":"MLIST", + "name":"[pulsar-commits] 20190822 [GitHub] [pulsar] massakam opened a new pull request #5011: [security] Upgrade jackson-databind", + "url":"https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb@%3Ccommits.pulsar.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", - "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" + "refsource":"MLIST", + "name":"[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", + "url":"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2743", - "url": "https://access.redhat.com/errata/RHSA-2019:2743" + "refsource":"REDHAT", + "name":"RHSA-2019:2743", + "url":"https://access.redhat.com/errata/RHSA-2019:2743" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-99ff6aa32c", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" + "refsource":"FEDORA", + "name":"FEDORA-2019-99ff6aa32c", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-ae6a703b8f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" + "refsource":"FEDORA", + "name":"FEDORA-2019-ae6a703b8f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-fb23eccc03", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" + "refsource":"FEDORA", + "name":"FEDORA-2019-fb23eccc03", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" }, { - "refsource": "MLIST", - "name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues", - "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E" + "refsource":"MLIST", + "name":"[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues", + "url":"https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2858", - "url": "https://access.redhat.com/errata/RHSA-2019:2858" + "refsource":"REDHAT", + "name":"RHSA-2019:2858", + "url":"https://access.redhat.com/errata/RHSA-2019:2858" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2937", - "url": "https://access.redhat.com/errata/RHSA-2019:2937" + "refsource":"REDHAT", + "name":"RHSA-2019:2937", + "url":"https://access.redhat.com/errata/RHSA-2019:2937" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2935", - "url": "https://access.redhat.com/errata/RHSA-2019:2935" + "refsource":"REDHAT", + "name":"RHSA-2019:2935", + "url":"https://access.redhat.com/errata/RHSA-2019:2935" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2936", - "url": "https://access.redhat.com/errata/RHSA-2019:2936" + "refsource":"REDHAT", + "name":"RHSA-2019:2936", + "url":"https://access.redhat.com/errata/RHSA-2019:2936" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2938", - "url": "https://access.redhat.com/errata/RHSA-2019:2938" + "refsource":"REDHAT", + "name":"RHSA-2019:2938", + "url":"https://access.redhat.com/errata/RHSA-2019:2938" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2998", - "url": "https://access.redhat.com/errata/RHSA-2019:2998" + "refsource":"REDHAT", + "name":"RHSA-2019:2998", + "url":"https://access.redhat.com/errata/RHSA-2019:2998" }, { - "refsource": "MLIST", - "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue opened a new pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379", - "url": "https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f@%3Cissues.iceberg.apache.org%3E" + "refsource":"MLIST", + "name":"[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue opened a new pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379", + "url":"https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f@%3Cissues.iceberg.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah opened a new pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379", - "url": "https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d@%3Cissues.iceberg.apache.org%3E" + "refsource":"MLIST", + "name":"[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah opened a new pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379", + "url":"https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d@%3Cissues.iceberg.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", - "url": "https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815@%3Cissues.iceberg.apache.org%3E" + "refsource":"MLIST", + "name":"[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", + "url":"https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815@%3Cissues.iceberg.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", - "url": "https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf@%3Cissues.iceberg.apache.org%3E" + "refsource":"MLIST", + "name":"[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", + "url":"https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf@%3Cissues.iceberg.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue closed pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379", - "url": "https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17@%3Cissues.iceberg.apache.org%3E" + "refsource":"MLIST", + "name":"[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue closed pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379", + "url":"https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17@%3Cissues.iceberg.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue merged pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379", - "url": "https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54@%3Cissues.iceberg.apache.org%3E" + "refsource":"MLIST", + "name":"[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue merged pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379", + "url":"https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54@%3Cissues.iceberg.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #533: Update Jackson to 2.9.10 for CVE-2019-14379", - "url": "https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d@%3Cissues.iceberg.apache.org%3E" + "refsource":"MLIST", + "name":"[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #533: Update Jackson to 2.9.10 for CVE-2019-14379", + "url":"https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d@%3Cissues.iceberg.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHBA-2019:2824", - "url": "https://access.redhat.com/errata/RHBA-2019:2824" + "refsource":"REDHAT", + "name":"RHBA-2019:2824", + "url":"https://access.redhat.com/errata/RHBA-2019:2824" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3044", - "url": "https://access.redhat.com/errata/RHSA-2019:3044" + "refsource":"REDHAT", + "name":"RHSA-2019:3044", + "url":"https://access.redhat.com/errata/RHSA-2019:3044" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3045", - "url": "https://access.redhat.com/errata/RHSA-2019:3045" + "refsource":"REDHAT", + "name":"RHSA-2019:3045", + "url":"https://access.redhat.com/errata/RHSA-2019:3045" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3050", - "url": "https://access.redhat.com/errata/RHSA-2019:3050" + "refsource":"REDHAT", + "name":"RHSA-2019:3050", + "url":"https://access.redhat.com/errata/RHSA-2019:3050" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3046", - "url": "https://access.redhat.com/errata/RHSA-2019:3046" + "refsource":"REDHAT", + "name":"RHSA-2019:3046", + "url":"https://access.redhat.com/errata/RHSA-2019:3046" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3149", - "url": "https://access.redhat.com/errata/RHSA-2019:3149" + "refsource":"REDHAT", + "name":"RHSA-2019:3149", + "url":"https://access.redhat.com/errata/RHSA-2019:3149" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3200", - "url": "https://access.redhat.com/errata/RHSA-2019:3200" + "refsource":"REDHAT", + "name":"RHSA-2019:3200", + "url":"https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource": "MLIST", - "name": "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", - "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E" + "refsource":"MLIST", + "name":"[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", + "url":"https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3292", - "url": "https://access.redhat.com/errata/RHSA-2019:3292" + "refsource":"REDHAT", + "name":"RHSA-2019:3292", + "url":"https://access.redhat.com/errata/RHSA-2019:3292" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3297", - "url": "https://access.redhat.com/errata/RHSA-2019:3297" + "refsource":"REDHAT", + "name":"RHSA-2019:3297", + "url":"https://access.redhat.com/errata/RHSA-2019:3297" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3901", - "url": "https://access.redhat.com/errata/RHSA-2019:3901" + "refsource":"REDHAT", + "name":"RHSA-2019:3901", + "url":"https://access.redhat.com/errata/RHSA-2019:3901" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/14xxx/CVE-2019-14439.json b/2019/14xxx/CVE-2019-14439.json index 1218dc01aa7..5e18ba0583f 100644 --- a/2019/14xxx/CVE-2019-14439.json +++ b/2019/14xxx/CVE-2019-14439.json @@ -1,181 +1,185 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-14439", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-14439", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath." + "lang":"eng", + "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2" + "url":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2" }, { - "url": "https://github.com/FasterXML/jackson-databind/issues/2389", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/issues/2389" + "url":"https://github.com/FasterXML/jackson-databind/issues/2389", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/issues/2389" }, { - "url": "https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b" + "url":"https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190814-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190814-0001/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190814-0001/", + "url":"https://security.netapp.com/advisory/ntap-20190814-0001/" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", - "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" + "refsource":"MLIST", + "name":"[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", + "url":"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", - "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" + "refsource":"MLIST", + "name":"[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", + "url":"https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-ae6a703b8f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" + "refsource":"FEDORA", + "name":"FEDORA-2019-ae6a703b8f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-fb23eccc03", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" + "refsource":"FEDORA", + "name":"FEDORA-2019-fb23eccc03", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" }, { - "refsource": "DEBIAN", - "name": "DSA-4542", - "url": "https://www.debian.org/security/2019/dsa-4542" + "refsource":"DEBIAN", + "name":"DSA-4542", + "url":"https://www.debian.org/security/2019/dsa-4542" }, { - "refsource": "BUGTRAQ", - "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", - "url": "https://seclists.org/bugtraq/2019/Oct/6" + "refsource":"BUGTRAQ", + "name":"20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", + "url":"https://seclists.org/bugtraq/2019/Oct/6" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3200", - "url": "https://access.redhat.com/errata/RHSA-2019:3200" + "refsource":"REDHAT", + "name":"RHSA-2019:3200", + "url":"https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource": "MLIST", - "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource":"MLIST", + "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/14xxx/CVE-2019-14540.json b/2019/14xxx/CVE-2019-14540.json index bdd8df4e213..9787fd0af6a 100644 --- a/2019/14xxx/CVE-2019-14540.json +++ b/2019/14xxx/CVE-2019-14540.json @@ -1,166 +1,170 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-14540", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-14540", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig." + "lang":"eng", + "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/issues/2449", - "url": "https://github.com/FasterXML/jackson-databind/issues/2449" + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/issues/2449", + "url":"https://github.com/FasterXML/jackson-databind/issues/2449" }, { - "refsource": "CONFIRM", - "name": "https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x", - "url": "https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x" + "refsource":"CONFIRM", + "name":"https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x", + "url":"https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x" }, { - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/issues/2410", - "url": "https://github.com/FasterXML/jackson-databind/issues/2410" + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/issues/2410", + "url":"https://github.com/FasterXML/jackson-databind/issues/2410" }, { - "refsource": "MLIST", - "name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues", - "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E" + "refsource":"MLIST", + "name":"[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues", + "url":"https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version", - "url": "https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E" + "refsource":"MLIST", + "name":"[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version", + "url":"https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-notifications] 20190925 [GitHub] [zookeeper] maoling commented on issue #1097: ZOOKEEPER-3559 - Update Jackson to 2.9.10", - "url": "https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6@%3Cnotifications.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-notifications] 20190925 [GitHub] [zookeeper] maoling commented on issue #1097: ZOOKEEPER-3559 - Update Jackson to 2.9.10", + "url":"https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6@%3Cnotifications.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version", - "url": "https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E" + "refsource":"MLIST", + "name":"[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version", + "url":"https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", - "url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E" + "refsource":"MLIST", + "name":"[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", + "url":"https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", - "url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E" + "refsource":"MLIST", + "name":"[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", + "url":"https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", - "url": "https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E" + "refsource":"MLIST", + "name":"[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", + "url":"https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20191004-0002/", - "url": "https://security.netapp.com/advisory/ntap-20191004-0002/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20191004-0002/", + "url":"https://security.netapp.com/advisory/ntap-20191004-0002/" }, { - "refsource": "DEBIAN", - "name": "DSA-4542", - "url": "https://www.debian.org/security/2019/dsa-4542" + "refsource":"DEBIAN", + "name":"DSA-4542", + "url":"https://www.debian.org/security/2019/dsa-4542" }, { - "refsource": "BUGTRAQ", - "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", - "url": "https://seclists.org/bugtraq/2019/Oct/6" + "refsource":"BUGTRAQ", + "name":"20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", + "url":"https://seclists.org/bugtraq/2019/Oct/6" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-b171554877", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" + "refsource":"FEDORA", + "name":"FEDORA-2019-b171554877", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3200", - "url": "https://access.redhat.com/errata/RHSA-2019:3200" + "refsource":"REDHAT", + "name":"RHSA-2019:3200", + "url":"https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-cf87377f5f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" + "refsource":"FEDORA", + "name":"FEDORA-2019-cf87377f5f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" }, { - "refsource": "MLIST", - "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource":"MLIST", + "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/15xxx/CVE-2019-15845.json b/2019/15xxx/CVE-2019-15845.json index 7a17728eaa3..6432cbe6195 100644 --- a/2019/15xxx/CVE-2019-15845.json +++ b/2019/15xxx/CVE-2019-15845.json @@ -1,86 +1,90 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-15845", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-15845", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions." + "lang":"eng", + "value":"Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://hackerone.com/reports/449617", - "refsource": "MISC", - "name": "https://hackerone.com/reports/449617" + "url":"https://hackerone.com/reports/449617", + "refsource":"MISC", + "name":"https://hackerone.com/reports/449617" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20191125 [SECURITY] [DLA 2007-1] ruby2.1 security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20191125 [SECURITY] [DLA 2007-1] ruby2.1 security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" }, { - "refsource": "UBUNTU", - "name": "USN-4201-1", - "url": "https://usn.ubuntu.com/4201-1/" + "refsource":"UBUNTU", + "name":"USN-4201-1", + "url":"https://usn.ubuntu.com/4201-1/" }, { - "refsource": "BUGTRAQ", - "name": "20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", - "url": "https://seclists.org/bugtraq/2019/Dec/31" + "refsource":"BUGTRAQ", + "name":"20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", + "url":"https://seclists.org/bugtraq/2019/Dec/31" }, { - "refsource": "BUGTRAQ", - "name": "20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", - "url": "https://seclists.org/bugtraq/2019/Dec/32" + "refsource":"BUGTRAQ", + "name":"20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", + "url":"https://seclists.org/bugtraq/2019/Dec/32" }, { - "refsource": "DEBIAN", - "name": "DSA-4587", - "url": "https://www.debian.org/security/2019/dsa-4587" + "refsource":"DEBIAN", + "name":"DSA-4587", + "url":"https://www.debian.org/security/2019/dsa-4587" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16168.json b/2019/16xxx/CVE-2019-16168.json index 6dfa708700b..29c2a098f8c 100644 --- a/2019/16xxx/CVE-2019-16168.json +++ b/2019/16xxx/CVE-2019-16168.json @@ -1,96 +1,100 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-16168", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-16168", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a \"severe division by zero in the query planner.\"" + "lang":"eng", + "value":"In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a \"severe division by zero in the query planner.\"" } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html", - "refsource": "MISC", - "name": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html" + "url":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html", + "refsource":"MISC", + "name":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html" }, { - "url": "https://www.sqlite.org/src/timeline?c=98357d8c1263920b", - "refsource": "MISC", - "name": "https://www.sqlite.org/src/timeline?c=98357d8c1263920b" + "url":"https://www.sqlite.org/src/timeline?c=98357d8c1263920b", + "refsource":"MISC", + "name":"https://www.sqlite.org/src/timeline?c=98357d8c1263920b" }, { - "url": "https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62", - "refsource": "MISC", - "name": "https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62" + "url":"https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62", + "refsource":"MISC", + "name":"https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190926-0003/", - "url": "https://security.netapp.com/advisory/ntap-20190926-0003/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190926-0003/", + "url":"https://security.netapp.com/advisory/ntap-20190926-0003/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2300", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2300", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2298", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2298", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html" }, { - "refsource": "UBUNTU", - "name": "USN-4205-1", - "url": "https://usn.ubuntu.com/4205-1/" + "refsource":"UBUNTU", + "name":"USN-4205-1", + "url":"https://usn.ubuntu.com/4205-1/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-b1636e0b70", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/" + "refsource":"FEDORA", + "name":"FEDORA-2019-b1636e0b70", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16201.json b/2019/16xxx/CVE-2019-16201.json index 2e6ff5abd78..a250b6c81bb 100644 --- a/2019/16xxx/CVE-2019-16201.json +++ b/2019/16xxx/CVE-2019-16201.json @@ -1,86 +1,90 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-16201", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-16201", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network." + "lang":"eng", + "value":"WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://hackerone.com/reports/661722", - "refsource": "MISC", - "name": "https://hackerone.com/reports/661722" + "url":"https://hackerone.com/reports/661722", + "refsource":"MISC", + "name":"https://hackerone.com/reports/661722" }, { - "refsource": "MISC", - "name": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", - "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" + "refsource":"MISC", + "name":"https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", + "url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html" }, { - "refsource": "BUGTRAQ", - "name": "20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", - "url": "https://seclists.org/bugtraq/2019/Dec/31" + "refsource":"BUGTRAQ", + "name":"20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", + "url":"https://seclists.org/bugtraq/2019/Dec/31" }, { - "refsource": "BUGTRAQ", - "name": "20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", - "url": "https://seclists.org/bugtraq/2019/Dec/32" + "refsource":"BUGTRAQ", + "name":"20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", + "url":"https://seclists.org/bugtraq/2019/Dec/32" }, { - "refsource": "DEBIAN", - "name": "DSA-4587", - "url": "https://www.debian.org/security/2019/dsa-4587" + "refsource":"DEBIAN", + "name":"DSA-4587", + "url":"https://www.debian.org/security/2019/dsa-4587" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16254.json b/2019/16xxx/CVE-2019-16254.json index f828fe0c696..3f71d365a5f 100644 --- a/2019/16xxx/CVE-2019-16254.json +++ b/2019/16xxx/CVE-2019-16254.json @@ -1,111 +1,115 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-16254", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-16254", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF." + "lang":"eng", + "value":"Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://hackerone.com/reports/331984", - "refsource": "MISC", - "name": "https://hackerone.com/reports/331984" + "url":"https://hackerone.com/reports/331984", + "refsource":"MISC", + "name":"https://hackerone.com/reports/331984" }, { - "refsource": "MISC", - "name": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", - "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" + "refsource":"MISC", + "name":"https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", + "url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" }, { - "refsource": "CONFIRM", - "name": "https://www.ruby-lang.org/ja/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/", - "url": "https://www.ruby-lang.org/ja/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/" + "refsource":"CONFIRM", + "name":"https://www.ruby-lang.org/ja/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/", + "url":"https://www.ruby-lang.org/ja/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/" }, { - "refsource": "CONFIRM", - "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/", - "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/" + "refsource":"CONFIRM", + "name":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/", + "url":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/" }, { - "refsource": "CONFIRM", - "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/", - "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/" + "refsource":"CONFIRM", + "name":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/", + "url":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/" }, { - "refsource": "CONFIRM", - "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", - "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/" + "refsource":"CONFIRM", + "name":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", + "url":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html" }, { - "refsource": "BUGTRAQ", - "name": "20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", - "url": "https://seclists.org/bugtraq/2019/Dec/31" + "refsource":"BUGTRAQ", + "name":"20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", + "url":"https://seclists.org/bugtraq/2019/Dec/31" }, { - "refsource": "BUGTRAQ", - "name": "20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", - "url": "https://seclists.org/bugtraq/2019/Dec/32" + "refsource":"BUGTRAQ", + "name":"20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", + "url":"https://seclists.org/bugtraq/2019/Dec/32" }, { - "refsource": "DEBIAN", - "name": "DSA-4587", - "url": "https://www.debian.org/security/2019/dsa-4587" + "refsource":"DEBIAN", + "name":"DSA-4587", + "url":"https://www.debian.org/security/2019/dsa-4587" }, { - "refsource": "DEBIAN", - "name": "DSA-4586", - "url": "https://www.debian.org/security/2019/dsa-4586" + "refsource":"DEBIAN", + "name":"DSA-4586", + "url":"https://www.debian.org/security/2019/dsa-4586" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16255.json b/2019/16xxx/CVE-2019-16255.json index 561883940bc..d168a35bbf3 100644 --- a/2019/16xxx/CVE-2019-16255.json +++ b/2019/16xxx/CVE-2019-16255.json @@ -1,106 +1,110 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-16255", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-16255", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the \"command\" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method." + "lang":"eng", + "value":"Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the \"command\" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://hackerone.com/reports/327512", - "refsource": "MISC", - "name": "https://hackerone.com/reports/327512" + "url":"https://hackerone.com/reports/327512", + "refsource":"MISC", + "name":"https://hackerone.com/reports/327512" }, { - "refsource": "MISC", - "name": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", - "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" + "refsource":"MISC", + "name":"https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", + "url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" }, { - "refsource": "CONFIRM", - "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/", - "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/" + "refsource":"CONFIRM", + "name":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/", + "url":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/" }, { - "refsource": "CONFIRM", - "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/", - "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/" + "refsource":"CONFIRM", + "name":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/", + "url":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/" }, { - "refsource": "CONFIRM", - "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", - "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/" + "refsource":"CONFIRM", + "name":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", + "url":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/" }, { - "refsource": "CONFIRM", - "name": "https://www.ruby-lang.org/ja/news/2019/10/01/code-injection-shell-test-cve-2019-16255/", - "url": "https://www.ruby-lang.org/ja/news/2019/10/01/code-injection-shell-test-cve-2019-16255/" + "refsource":"CONFIRM", + "name":"https://www.ruby-lang.org/ja/news/2019/10/01/code-injection-shell-test-cve-2019-16255/", + "url":"https://www.ruby-lang.org/ja/news/2019/10/01/code-injection-shell-test-cve-2019-16255/" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html" }, { - "refsource": "BUGTRAQ", - "name": "20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", - "url": "https://seclists.org/bugtraq/2019/Dec/31" + "refsource":"BUGTRAQ", + "name":"20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", + "url":"https://seclists.org/bugtraq/2019/Dec/31" }, { - "refsource": "BUGTRAQ", - "name": "20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", - "url": "https://seclists.org/bugtraq/2019/Dec/32" + "refsource":"BUGTRAQ", + "name":"20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", + "url":"https://seclists.org/bugtraq/2019/Dec/32" }, { - "refsource": "DEBIAN", - "name": "DSA-4587", - "url": "https://www.debian.org/security/2019/dsa-4587" + "refsource":"DEBIAN", + "name":"DSA-4587", + "url":"https://www.debian.org/security/2019/dsa-4587" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16335.json b/2019/16xxx/CVE-2019-16335.json index 377f7d26677..a77d1546052 100644 --- a/2019/16xxx/CVE-2019-16335.json +++ b/2019/16xxx/CVE-2019-16335.json @@ -1,151 +1,155 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-16335", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-16335", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540." + "lang":"eng", + "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://github.com/FasterXML/jackson-databind/issues/2449", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/issues/2449" + "url":"https://github.com/FasterXML/jackson-databind/issues/2449", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/issues/2449" }, { - "refsource": "MLIST", - "name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues", - "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E" + "refsource":"MLIST", + "name":"[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues", + "url":"https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version", - "url": "https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E" + "refsource":"MLIST", + "name":"[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version", + "url":"https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version", - "url": "https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E" + "refsource":"MLIST", + "name":"[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version", + "url":"https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", - "url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E" + "refsource":"MLIST", + "name":"[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", + "url":"https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", - "url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E" + "refsource":"MLIST", + "name":"[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", + "url":"https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", - "url": "https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E" + "refsource":"MLIST", + "name":"[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", + "url":"https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20191004-0002/", - "url": "https://security.netapp.com/advisory/ntap-20191004-0002/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20191004-0002/", + "url":"https://security.netapp.com/advisory/ntap-20191004-0002/" }, { - "refsource": "DEBIAN", - "name": "DSA-4542", - "url": "https://www.debian.org/security/2019/dsa-4542" + "refsource":"DEBIAN", + "name":"DSA-4542", + "url":"https://www.debian.org/security/2019/dsa-4542" }, { - "refsource": "BUGTRAQ", - "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", - "url": "https://seclists.org/bugtraq/2019/Oct/6" + "refsource":"BUGTRAQ", + "name":"20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", + "url":"https://seclists.org/bugtraq/2019/Oct/6" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-b171554877", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" + "refsource":"FEDORA", + "name":"FEDORA-2019-b171554877", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3200", - "url": "https://access.redhat.com/errata/RHSA-2019:3200" + "refsource":"REDHAT", + "name":"RHSA-2019:3200", + "url":"https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-cf87377f5f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" + "refsource":"FEDORA", + "name":"FEDORA-2019-cf87377f5f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" }, { - "refsource": "MLIST", - "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource":"MLIST", + "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16775.json b/2019/16xxx/CVE-2019-16775.json index 9c6cbe414b6..63ada53ca89 100644 --- a/2019/16xxx/CVE-2019-16775.json +++ b/2019/16xxx/CVE-2019-16775.json @@ -1,90 +1,94 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security-advisories@github.com", - "ID": "CVE-2019-16775", - "STATE": "PUBLIC", - "TITLE": "Unauthorized File Access in npm CLI before before version 6.13.3" + "CVE_data_meta":{ + "ASSIGNER":"security-advisories@github.com", + "ID":"CVE-2019-16775", + "STATE":"PUBLIC", + "TITLE":"Unauthorized File Access in npm CLI before before version 6.13.3" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "cli", - "version": { - "version_data": [ + "product_name":"cli", + "version":{ + "version_data":[ { - "version_affected": "<", - "version_name": "< 6.13.3", - "version_value": "6.13.3" + "version_affected":"<", + "version_name":"< 6.13.3", + "version_value":"6.13.3" } ] } } ] }, - "vendor_name": "npm" + "vendor_name":"npm" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user\u2019s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." + "lang":"eng", + "value":"Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user\u2019s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." } ] }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 7.7, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", - "version": "3.1" + "impact":{ + "cvss":{ + "attackComplexity":"HIGH", + "attackVector":"NETWORK", + "availabilityImpact":"NONE", + "baseScore":7.7, + "baseSeverity":"HIGH", + "confidentialityImpact":"HIGH", + "integrityImpact":"HIGH", + "privilegesRequired":"LOW", + "scope":"CHANGED", + "userInteraction":"REQUIRED", + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", + "version":"3.1" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + "lang":"eng", + "value":"CWE-61: UNIX Symbolic Link (Symlink) Following" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx", - "refsource": "CONFIRM", - "url": "https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx" + "name":"https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx", + "refsource":"CONFIRM", + "url":"https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx" }, { - "name": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", - "refsource": "MISC", - "url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" + "name":"https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", + "refsource":"MISC", + "url":"https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "advisory": "GHSA-m6cx-g6qm-p2cx", - "discovery": "UNKNOWN" + "source":{ + "advisory":"GHSA-m6cx-g6qm-p2cx", + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16776.json b/2019/16xxx/CVE-2019-16776.json index 7ed553dca88..627699a9e54 100644 --- a/2019/16xxx/CVE-2019-16776.json +++ b/2019/16xxx/CVE-2019-16776.json @@ -1,90 +1,94 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security-advisories@github.com", - "ID": "CVE-2019-16776", - "STATE": "PUBLIC", - "TITLE": "Unauthorized File Access in npm CLI before before version 6.13.3" + "CVE_data_meta":{ + "ASSIGNER":"security-advisories@github.com", + "ID":"CVE-2019-16776", + "STATE":"PUBLIC", + "TITLE":"Unauthorized File Access in npm CLI before before version 6.13.3" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "cli", - "version": { - "version_data": [ + "product_name":"cli", + "version":{ + "version_data":[ { - "version_affected": "<", - "version_name": "< 6.13.3", - "version_value": "6.13.3" + "version_affected":"<", + "version_name":"< 6.13.3", + "version_value":"6.13.3" } ] } } ] }, - "vendor_name": "npm" + "vendor_name":"npm" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user\u2019s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." + "lang":"eng", + "value":"Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user\u2019s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." } ] }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 7.7, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", - "version": "3.1" + "impact":{ + "cvss":{ + "attackComplexity":"HIGH", + "attackVector":"NETWORK", + "availabilityImpact":"NONE", + "baseScore":7.7, + "baseSeverity":"HIGH", + "confidentialityImpact":"HIGH", + "integrityImpact":"HIGH", + "privilegesRequired":"LOW", + "scope":"CHANGED", + "userInteraction":"REQUIRED", + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", + "version":"3.1" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + "lang":"eng", + "value":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", - "refsource": "MISC", - "url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" + "name":"https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", + "refsource":"MISC", + "url":"https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" }, { - "name": "https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46", - "refsource": "CONFIRM", - "url": "https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46" + "name":"https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46", + "refsource":"CONFIRM", + "url":"https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "advisory": "GHSA-x8qc-rrcw-4r46", - "discovery": "UNKNOWN" + "source":{ + "advisory":"GHSA-x8qc-rrcw-4r46", + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16777.json b/2019/16xxx/CVE-2019-16777.json index 22c6e705297..e69fbe83afa 100644 --- a/2019/16xxx/CVE-2019-16777.json +++ b/2019/16xxx/CVE-2019-16777.json @@ -1,90 +1,94 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security-advisories@github.com", - "ID": "CVE-2019-16777", - "STATE": "PUBLIC", - "TITLE": "Arbitrary File Overwrite in npm CLI" + "CVE_data_meta":{ + "ASSIGNER":"security-advisories@github.com", + "ID":"CVE-2019-16777", + "STATE":"PUBLIC", + "TITLE":"Arbitrary File Overwrite in npm CLI" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "cli", - "version": { - "version_data": [ + "product_name":"cli", + "version":{ + "version_data":[ { - "version_affected": "<", - "version_name": "< 6.13.4", - "version_value": "6.13.4" + "version_affected":"<", + "version_name":"< 6.13.4", + "version_value":"6.13.4" } ] } } ] }, - "vendor_name": "npm" + "vendor_name":"npm" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." + "lang":"eng", + "value":"Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." } ] }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 7.7, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", - "version": "3.1" + "impact":{ + "cvss":{ + "attackComplexity":"HIGH", + "attackVector":"NETWORK", + "availabilityImpact":"NONE", + "baseScore":7.7, + "baseSeverity":"HIGH", + "confidentialityImpact":"HIGH", + "integrityImpact":"HIGH", + "privilegesRequired":"LOW", + "scope":"CHANGED", + "userInteraction":"REQUIRED", + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", + "version":"3.1" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + "lang":"eng", + "value":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", - "refsource": "MISC", - "url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" + "name":"https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", + "refsource":"MISC", + "url":"https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" }, { - "name": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr", - "refsource": "CONFIRM", - "url": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr" + "name":"https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr", + "refsource":"CONFIRM", + "url":"https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "advisory": "GHSA-4328-8hgf-7wjr", - "discovery": "UNKNOWN" + "source":{ + "advisory":"GHSA-4328-8hgf-7wjr", + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16942.json b/2019/16xxx/CVE-2019-16942.json index e7ee1f243d7..6af8876352e 100644 --- a/2019/16xxx/CVE-2019-16942.json +++ b/2019/16xxx/CVE-2019-16942.json @@ -1,136 +1,140 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-16942", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-16942", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling." + "lang":"eng", + "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", - "refsource": "MISC", - "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" + "url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "refsource":"MISC", + "name":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { - "url": "https://github.com/FasterXML/jackson-databind/issues/2478", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/issues/2478" + "url":"https://github.com/FasterXML/jackson-databind/issues/2478", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/issues/2478" }, { - "refsource": "MISC", - "name": "https://issues.apache.org/jira/browse/GEODE-7255", - "url": "https://issues.apache.org/jira/browse/GEODE-7255" + "refsource":"MISC", + "name":"https://issues.apache.org/jira/browse/GEODE-7255", + "url":"https://issues.apache.org/jira/browse/GEODE-7255" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" }, { - "refsource": "DEBIAN", - "name": "DSA-4542", - "url": "https://www.debian.org/security/2019/dsa-4542" + "refsource":"DEBIAN", + "name":"DSA-4542", + "url":"https://www.debian.org/security/2019/dsa-4542" }, { - "refsource": "BUGTRAQ", - "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", - "url": "https://seclists.org/bugtraq/2019/Oct/6" + "refsource":"BUGTRAQ", + "name":"20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", + "url":"https://seclists.org/bugtraq/2019/Oct/6" }, { - "refsource": "MLIST", - "name": "[geode-issues] 20191008 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942", - "url": "https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370@%3Cissues.geode.apache.org%3E" + "refsource":"MLIST", + "name":"[geode-issues] 20191008 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942", + "url":"https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370@%3Cissues.geode.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[geode-issues] 20191011 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942", - "url": "https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5@%3Cissues.geode.apache.org%3E" + "refsource":"MLIST", + "name":"[geode-issues] 20191011 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942", + "url":"https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5@%3Cissues.geode.apache.org%3E" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-b171554877", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" + "refsource":"FEDORA", + "name":"FEDORA-2019-b171554877", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20191017-0006/", - "url": "https://security.netapp.com/advisory/ntap-20191017-0006/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20191017-0006/", + "url":"https://security.netapp.com/advisory/ntap-20191017-0006/" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-cf87377f5f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" + "refsource":"FEDORA", + "name":"FEDORA-2019-cf87377f5f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3901", - "url": "https://access.redhat.com/errata/RHSA-2019:3901" + "refsource":"REDHAT", + "name":"RHSA-2019:3901", + "url":"https://access.redhat.com/errata/RHSA-2019:3901" }, { - "refsource": "MLIST", - "name": "[geode-issues] 20191230 [jira] [Closed] (GEODE-7255) Need to pick up CVE-2019-16942", - "url": "https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954@%3Cissues.geode.apache.org%3E" + "refsource":"MLIST", + "name":"[geode-issues] 20191230 [jira] [Closed] (GEODE-7255) Need to pick up CVE-2019-16942", + "url":"https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954@%3Cissues.geode.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16943.json b/2019/16xxx/CVE-2019-16943.json index 19e5773e680..66bfc4b3ca0 100644 --- a/2019/16xxx/CVE-2019-16943.json +++ b/2019/16xxx/CVE-2019-16943.json @@ -1,121 +1,125 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-16943", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-16943", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling." + "lang":"eng", + "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", - "refsource": "MISC", - "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" + "url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "refsource":"MISC", + "name":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { - "url": "https://github.com/FasterXML/jackson-databind/issues/2478", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/issues/2478" + "url":"https://github.com/FasterXML/jackson-databind/issues/2478", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/issues/2478" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" }, { - "refsource": "DEBIAN", - "name": "DSA-4542", - "url": "https://www.debian.org/security/2019/dsa-4542" + "refsource":"DEBIAN", + "name":"DSA-4542", + "url":"https://www.debian.org/security/2019/dsa-4542" }, { - "refsource": "BUGTRAQ", - "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", - "url": "https://seclists.org/bugtraq/2019/Oct/6" + "refsource":"BUGTRAQ", + "name":"20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", + "url":"https://seclists.org/bugtraq/2019/Oct/6" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-b171554877", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" + "refsource":"FEDORA", + "name":"FEDORA-2019-b171554877", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20191017-0006/", - "url": "https://security.netapp.com/advisory/ntap-20191017-0006/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20191017-0006/", + "url":"https://security.netapp.com/advisory/ntap-20191017-0006/" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-cf87377f5f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" + "refsource":"FEDORA", + "name":"FEDORA-2019-cf87377f5f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" }, { - "refsource": "MLIST", - "name": "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", - "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E" + "refsource":"MLIST", + "name":"[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", + "url":"https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)", - "url": "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E" + "refsource":"MLIST", + "name":"[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)", + "url":"https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/17xxx/CVE-2019-17091.json b/2019/17xxx/CVE-2019-17091.json index 2665943ecc7..987f2c94f58 100644 --- a/2019/17xxx/CVE-2019-17091.json +++ b/2019/17xxx/CVE-2019-17091.json @@ -1,111 +1,115 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-17091", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-17091", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled." + "lang":"eng", + "value":"faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244", - "refsource": "MISC", - "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244" + "url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244", + "refsource":"MISC", + "name":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244" }, { - "url": "https://github.com/eclipse-ee4j/mojarra/pull/4567", - "refsource": "MISC", - "name": "https://github.com/eclipse-ee4j/mojarra/pull/4567" + "url":"https://github.com/eclipse-ee4j/mojarra/pull/4567", + "refsource":"MISC", + "name":"https://github.com/eclipse-ee4j/mojarra/pull/4567" }, { - "url": "https://github.com/eclipse-ee4j/mojarra/issues/4556", - "refsource": "MISC", - "name": "https://github.com/eclipse-ee4j/mojarra/issues/4556" + "url":"https://github.com/eclipse-ee4j/mojarra/issues/4556", + "refsource":"MISC", + "name":"https://github.com/eclipse-ee4j/mojarra/issues/4556" }, { - "url": "https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txt", - "refsource": "MISC", - "name": "https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txt" + "url":"https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txt", + "refsource":"MISC", + "name":"https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txt" }, { - "url": "https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASE", - "refsource": "MISC", - "name": "https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASE" + "url":"https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASE", + "refsource":"MISC", + "name":"https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASE" }, { - "url": "https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dcee", - "refsource": "MISC", - "name": "https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dcee" + "url":"https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dcee", + "refsource":"MISC", + "name":"https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dcee" }, { - "url": "https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81f", - "refsource": "MISC", - "name": "https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81f" + "url":"https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81f", + "refsource":"MISC", + "name":"https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81f" }, { - "url": "https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20", - "refsource": "MISC", - "name": "https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20" + "url":"https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20", + "refsource":"MISC", + "name":"https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20" }, { - "url": "https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fe", - "refsource": "MISC", - "name": "https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fe" + "url":"https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fe", + "refsource":"MISC", + "name":"https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fe" }, { - "url": "https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4", - "refsource": "MISC", - "name": "https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4" + "url":"https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4", + "refsource":"MISC", + "name":"https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/17xxx/CVE-2019-17267.json b/2019/17xxx/CVE-2019-17267.json index 3193bde5b3f..1ad9952c828 100644 --- a/2019/17xxx/CVE-2019-17267.json +++ b/2019/17xxx/CVE-2019-17267.json @@ -1,96 +1,100 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-17267", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-17267", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup." + "lang":"eng", + "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://github.com/FasterXML/jackson-databind/issues/2460", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/issues/2460" + "url":"https://github.com/FasterXML/jackson-databind/issues/2460", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/issues/2460" }, { - "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10" + "url":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20191017-0006/", - "url": "https://security.netapp.com/advisory/ntap-20191017-0006/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20191017-0006/", + "url":"https://security.netapp.com/advisory/ntap-20191017-0006/" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3200", - "url": "https://access.redhat.com/errata/RHSA-2019:3200" + "refsource":"REDHAT", + "name":"RHSA-2019:3200", + "url":"https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/17xxx/CVE-2019-17359.json b/2019/17xxx/CVE-2019-17359.json index 0f1cf94ded0..7333c3d72f3 100644 --- a/2019/17xxx/CVE-2019-17359.json +++ b/2019/17xxx/CVE-2019-17359.json @@ -1,71 +1,75 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-17359", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-17359", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64." + "lang":"eng", + "value":"The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://www.bouncycastle.org/releasenotes.html", - "refsource": "MISC", - "name": "https://www.bouncycastle.org/releasenotes.html" + "url":"https://www.bouncycastle.org/releasenotes.html", + "refsource":"MISC", + "name":"https://www.bouncycastle.org/releasenotes.html" }, { - "url": "https://www.bouncycastle.org/latest_releases.html", - "refsource": "MISC", - "name": "https://www.bouncycastle.org/latest_releases.html" + "url":"https://www.bouncycastle.org/latest_releases.html", + "refsource":"MISC", + "name":"https://www.bouncycastle.org/latest_releases.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20191024-0006/", - "url": "https://security.netapp.com/advisory/ntap-20191024-0006/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20191024-0006/", + "url":"https://security.netapp.com/advisory/ntap-20191024-0006/" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/17xxx/CVE-2019-17531.json b/2019/17xxx/CVE-2019-17531.json index 53774035636..fdad6e9052a 100644 --- a/2019/17xxx/CVE-2019-17531.json +++ b/2019/17xxx/CVE-2019-17531.json @@ -1,86 +1,90 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-17531", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-17531", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload." + "lang":"eng", + "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", - "refsource": "MISC", - "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" + "url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "refsource":"MISC", + "name":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { - "url": "https://github.com/FasterXML/jackson-databind/issues/2498", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/issues/2498" + "url":"https://github.com/FasterXML/jackson-databind/issues/2498", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/issues/2498" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20191024-0005/", - "url": "https://security.netapp.com/advisory/ntap-20191024-0005/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20191024-0005/", + "url":"https://security.netapp.com/advisory/ntap-20191024-0005/" }, { - "refsource": "MLIST", - "name": "[pulsar-commits] 20191127 [GitHub] [pulsar] massakam opened a new pull request #5758: Bump jackson libraries to 2.10.1", - "url": "https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5@%3Ccommits.pulsar.apache.org%3E" + "refsource":"MLIST", + "name":"[pulsar-commits] 20191127 [GitHub] [pulsar] massakam opened a new pull request #5758: Bump jackson libraries to 2.10.1", + "url":"https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5@%3Ccommits.pulsar.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:4192", - "url": "https://access.redhat.com/errata/RHSA-2019:4192" + "refsource":"REDHAT", + "name":"RHSA-2019:4192", + "url":"https://access.redhat.com/errata/RHSA-2019:4192" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/1xxx/CVE-2019-1547.json b/2019/1xxx/CVE-2019-1547.json index fe2e4a136e3..a0e16c19b79 100644 --- a/2019/1xxx/CVE-2019-1547.json +++ b/2019/1xxx/CVE-2019-1547.json @@ -1,197 +1,201 @@ + { - "CVE_data_meta": { - "ASSIGNER": "openssl-security@openssl.org", - "DATE_PUBLIC": "2019-09-10", - "ID": "CVE-2019-1547", - "STATE": "PUBLIC", - "TITLE": "ECDSA remote timing attack" + "CVE_data_meta":{ + "ASSIGNER":"openssl-security@openssl.org", + "DATE_PUBLIC":"2019-09-10", + "ID":"CVE-2019-1547", + "STATE":"PUBLIC", + "TITLE":"ECDSA remote timing attack" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "OpenSSL", - "version": { - "version_data": [ + "product_name":"OpenSSL", + "version":{ + "version_data":[ { - "version_value": "Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" + "version_value":"Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" }, { - "version_value": "Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)" + "version_value":"Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)" }, { - "version_value": "Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)" + "version_value":"Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)" } ] } } ] }, - "vendor_name": "OpenSSL" + "vendor_name":"OpenSSL" } ] } }, - "credit": [ + "credit":[ { - "lang": "eng", - "value": "Cesar Pereida Garc\u00eda, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley" + "lang":"eng", + "value":"Cesar Pereida Garc\u00eda, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)." + "lang":"eng", + "value":"Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)." } ] }, - "impact": [ + "impact":[ { - "lang": "eng", - "url": "https://www.openssl.org/policies/secpolicy.html#Low", - "value": "Low" + "lang":"eng", + "url":"https://www.openssl.org/policies/secpolicy.html#Low", + "value":"Low" } ], - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Timing side channel" + "lang":"eng", + "value":"Timing side channel" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.openssl.org/news/secadv/20190910.txt", - "refsource": "CONFIRM", - "url": "https://www.openssl.org/news/secadv/20190910.txt" + "name":"https://www.openssl.org/news/secadv/20190910.txt", + "refsource":"CONFIRM", + "url":"https://www.openssl.org/news/secadv/20190910.txt" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46" }, { - "refsource": "MISC", - "name": "https://arxiv.org/abs/1909.01785", - "url": "https://arxiv.org/abs/1909.01785" + "refsource":"MISC", + "name":"https://arxiv.org/abs/1909.01785", + "url":"https://arxiv.org/abs/1909.01785" }, { - "refsource": "BUGTRAQ", - "name": "20190912 [slackware-security] openssl (SSA:2019-254-03)", - "url": "https://seclists.org/bugtraq/2019/Sep/25" + "refsource":"BUGTRAQ", + "name":"20190912 [slackware-security] openssl (SSA:2019-254-03)", + "url":"https://seclists.org/bugtraq/2019/Sep/25" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "url": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "url":"http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190919-0002/", - "url": "https://security.netapp.com/advisory/ntap-20190919-0002/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190919-0002/", + "url":"https://security.netapp.com/advisory/ntap-20190919-0002/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2158", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2158", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-d15aac6c4e", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/" + "refsource":"FEDORA", + "name":"FEDORA-2019-d15aac6c4e", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2189", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2189", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-d51641f152", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/" + "refsource":"FEDORA", + "name":"FEDORA-2019-d51641f152", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/" }, { - "refsource": "BUGTRAQ", - "name": "20191001 [SECURITY] [DSA 4539-1] openssl security update", - "url": "https://seclists.org/bugtraq/2019/Oct/1" + "refsource":"BUGTRAQ", + "name":"20191001 [SECURITY] [DSA 4539-1] openssl security update", + "url":"https://seclists.org/bugtraq/2019/Oct/1" }, { - "refsource": "BUGTRAQ", - "name": "20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update", - "url": "https://seclists.org/bugtraq/2019/Oct/0" + "refsource":"BUGTRAQ", + "name":"20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update", + "url":"https://seclists.org/bugtraq/2019/Oct/0" }, { - "refsource": "DEBIAN", - "name": "DSA-4539", - "url": "https://www.debian.org/security/2019/dsa-4539" + "refsource":"DEBIAN", + "name":"DSA-4539", + "url":"https://www.debian.org/security/2019/dsa-4539" }, { - "refsource": "DEBIAN", - "name": "DSA-4540", - "url": "https://www.debian.org/security/2019/dsa-4540" + "refsource":"DEBIAN", + "name":"DSA-4540", + "url":"https://www.debian.org/security/2019/dsa-4540" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2268", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2268", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2269", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2269", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K73422160?utm_source=f5support&utm_medium=RSS", - "url": "https://support.f5.com/csp/article/K73422160?utm_source=f5support&utm_medium=RSS" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K73422160?utm_source=f5support&utm_medium=RSS", + "url":"https://support.f5.com/csp/article/K73422160?utm_source=f5support&utm_medium=RSS" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "GENTOO", - "name": "GLSA-201911-04", - "url": "https://security.gentoo.org/glsa/201911-04" + "refsource":"GENTOO", + "name":"GLSA-201911-04", + "url":"https://security.gentoo.org/glsa/201911-04" }, { - "refsource": "CONFIRM", - "name": "https://www.tenable.com/security/tns-2019-08", - "url": "https://www.tenable.com/security/tns-2019-08" + "refsource":"CONFIRM", + "name":"https://www.tenable.com/security/tns-2019-08", + "url":"https://www.tenable.com/security/tns-2019-08" }, { - "refsource": "CONFIRM", - "name": "https://www.tenable.com/security/tns-2019-09", - "url": "https://www.tenable.com/security/tns-2019-09" + "refsource":"CONFIRM", + "name":"https://www.tenable.com/security/tns-2019-09", + "url":"https://www.tenable.com/security/tns-2019-09" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/1xxx/CVE-2019-1549.json b/2019/1xxx/CVE-2019-1549.json index fb959235816..cc04908f335 100644 --- a/2019/1xxx/CVE-2019-1549.json +++ b/2019/1xxx/CVE-2019-1549.json @@ -1,121 +1,125 @@ + { - "CVE_data_meta": { - "ASSIGNER": "openssl-security@openssl.org", - "DATE_PUBLIC": "2019-09-10", - "ID": "CVE-2019-1549", - "STATE": "PUBLIC", - "TITLE": "Fork Protection" + "CVE_data_meta":{ + "ASSIGNER":"openssl-security@openssl.org", + "DATE_PUBLIC":"2019-09-10", + "ID":"CVE-2019-1549", + "STATE":"PUBLIC", + "TITLE":"Fork Protection" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "OpenSSL", - "version": { - "version_data": [ + "product_name":"OpenSSL", + "version":{ + "version_data":[ { - "version_value": "Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" + "version_value":"Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" } ] } } ] }, - "vendor_name": "OpenSSL" + "vendor_name":"OpenSSL" } ] } }, - "credit": [ + "credit":[ { - "lang": "eng", - "value": "Matt Caswell" + "lang":"eng", + "value":"Matt Caswell" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)." + "lang":"eng", + "value":"OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)." } ] }, - "impact": [ + "impact":[ { - "lang": "eng", - "url": "https://www.openssl.org/policies/secpolicy.html#Low", - "value": "Low" + "lang":"eng", + "url":"https://www.openssl.org/policies/secpolicy.html#Low", + "value":"Low" } ], - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Random Number Generation" + "lang":"eng", + "value":"Random Number Generation" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.openssl.org/news/secadv/20190910.txt", - "refsource": "CONFIRM", - "url": "https://www.openssl.org/news/secadv/20190910.txt" + "name":"https://www.openssl.org/news/secadv/20190910.txt", + "refsource":"CONFIRM", + "url":"https://www.openssl.org/news/secadv/20190910.txt" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190919-0002/", - "url": "https://security.netapp.com/advisory/ntap-20190919-0002/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190919-0002/", + "url":"https://security.netapp.com/advisory/ntap-20190919-0002/" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K44070243", - "url": "https://support.f5.com/csp/article/K44070243" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K44070243", + "url":"https://support.f5.com/csp/article/K44070243" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-d15aac6c4e", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/" + "refsource":"FEDORA", + "name":"FEDORA-2019-d15aac6c4e", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-d51641f152", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/" + "refsource":"FEDORA", + "name":"FEDORA-2019-d51641f152", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/" }, { - "refsource": "BUGTRAQ", - "name": "20191001 [SECURITY] [DSA 4539-1] openssl security update", - "url": "https://seclists.org/bugtraq/2019/Oct/1" + "refsource":"BUGTRAQ", + "name":"20191001 [SECURITY] [DSA 4539-1] openssl security update", + "url":"https://seclists.org/bugtraq/2019/Oct/1" }, { - "refsource": "DEBIAN", - "name": "DSA-4539", - "url": "https://www.debian.org/security/2019/dsa-4539" + "refsource":"DEBIAN", + "name":"DSA-4539", + "url":"https://www.debian.org/security/2019/dsa-4539" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K44070243?utm_source=f5support&utm_medium=RSS", - "url": "https://support.f5.com/csp/article/K44070243?utm_source=f5support&utm_medium=RSS" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K44070243?utm_source=f5support&utm_medium=RSS", + "url":"https://support.f5.com/csp/article/K44070243?utm_source=f5support&utm_medium=RSS" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/1xxx/CVE-2019-1552.json b/2019/1xxx/CVE-2019-1552.json index 94fdb4edf41..1134643284e 100644 --- a/2019/1xxx/CVE-2019-1552.json +++ b/2019/1xxx/CVE-2019-1552.json @@ -1,147 +1,151 @@ + { - "CVE_data_meta": { - "ASSIGNER": "openssl-security@openssl.org", - "DATE_PUBLIC": "2019-07-30", - "ID": "CVE-2019-1552", - "STATE": "PUBLIC", - "TITLE": "Windows builds with insecure path defaults" + "CVE_data_meta":{ + "ASSIGNER":"openssl-security@openssl.org", + "DATE_PUBLIC":"2019-07-30", + "ID":"CVE-2019-1552", + "STATE":"PUBLIC", + "TITLE":"Windows builds with insecure path defaults" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "OpenSSL", - "version": { - "version_data": [ + "product_name":"OpenSSL", + "version":{ + "version_data":[ { - "version_value": "Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" + "version_value":"Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" }, { - "version_value": "Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)" + "version_value":"Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)" }, { - "version_value": "Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)" + "version_value":"Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)" } ] } } ] }, - "vendor_name": "OpenSSL" + "vendor_name":"OpenSSL" } ] } }, - "credit": [ + "credit":[ { - "lang": "eng", - "value": "Rich Mirch" + "lang":"eng", + "value":"Rich Mirch" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be '/usr/local'. However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of 'C:/usr/local', which may be world writable, which enables untrusted users to modify OpenSSL's default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc. For OpenSSL 1.0.2, '/usr/local/ssl' is used as default for OPENSSLDIR on all Unix and Windows targets, including Visual C builds. However, some build instructions for the diverse Windows targets on 1.0.2 encourage you to specify your own --prefix. OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)." + "lang":"eng", + "value":"OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be '/usr/local'. However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of 'C:/usr/local', which may be world writable, which enables untrusted users to modify OpenSSL's default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc. For OpenSSL 1.0.2, '/usr/local/ssl' is used as default for OPENSSLDIR on all Unix and Windows targets, including Visual C builds. However, some build instructions for the diverse Windows targets on 1.0.2 encourage you to specify your own --prefix. OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)." } ] }, - "impact": [ + "impact":[ { - "lang": "eng", - "url": "https://www.openssl.org/policies/secpolicy.html#Low", - "value": "Low" + "lang":"eng", + "url":"https://www.openssl.org/policies/secpolicy.html#Low", + "value":"Low" } ], - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Insecure defaults" + "lang":"eng", + "value":"Insecure defaults" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.openssl.org/news/secadv/20190730.txt", - "refsource": "CONFIRM", - "url": "https://www.openssl.org/news/secadv/20190730.txt" + "name":"https://www.openssl.org/news/secadv/20190730.txt", + "refsource":"CONFIRM", + "url":"https://www.openssl.org/news/secadv/20190730.txt" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=54aa9d51b09d67e90db443f682cface795f5af9e", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=54aa9d51b09d67e90db443f682cface795f5af9e" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=54aa9d51b09d67e90db443f682cface795f5af9e", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=54aa9d51b09d67e90db443f682cface795f5af9e" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e32bc855a81a2d48d215c506bdeb4f598045f7e9", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e32bc855a81a2d48d215c506bdeb4f598045f7e9" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e32bc855a81a2d48d215c506bdeb4f598045f7e9", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e32bc855a81a2d48d215c506bdeb4f598045f7e9" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b15a19c148384e73338aa7c5b12652138e35ed28", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b15a19c148384e73338aa7c5b12652138e35ed28" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b15a19c148384e73338aa7c5b12652138e35ed28", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b15a19c148384e73338aa7c5b12652138e35ed28" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d333ebaf9c77332754a9d5e111e2f53e1de54fdd", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d333ebaf9c77332754a9d5e111e2f53e1de54fdd" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d333ebaf9c77332754a9d5e111e2f53e1de54fdd", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d333ebaf9c77332754a9d5e111e2f53e1de54fdd" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190823-0006/", - "url": "https://security.netapp.com/advisory/ntap-20190823-0006/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190823-0006/", + "url":"https://security.netapp.com/advisory/ntap-20190823-0006/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-db06efdea1", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" + "refsource":"FEDORA", + "name":"FEDORA-2019-db06efdea1", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-00c25b9379", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" + "refsource":"FEDORA", + "name":"FEDORA-2019-00c25b9379", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-9a0a7c0986", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" + "refsource":"FEDORA", + "name":"FEDORA-2019-9a0a7c0986", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K94041354", - "url": "https://support.f5.com/csp/article/K94041354" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K94041354", + "url":"https://support.f5.com/csp/article/K94041354" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K94041354?utm_source=f5support&utm_medium=RSS", - "url": "https://support.f5.com/csp/article/K94041354?utm_source=f5support&utm_medium=RSS" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K94041354?utm_source=f5support&utm_medium=RSS", + "url":"https://support.f5.com/csp/article/K94041354?utm_source=f5support&utm_medium=RSS" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "CONFIRM", - "name": "https://www.tenable.com/security/tns-2019-08", - "url": "https://www.tenable.com/security/tns-2019-08" + "refsource":"CONFIRM", + "name":"https://www.tenable.com/security/tns-2019-08", + "url":"https://www.tenable.com/security/tns-2019-08" }, { - "refsource": "CONFIRM", - "name": "https://www.tenable.com/security/tns-2019-09", - "url": "https://www.tenable.com/security/tns-2019-09" + "refsource":"CONFIRM", + "name":"https://www.tenable.com/security/tns-2019-09", + "url":"https://www.tenable.com/security/tns-2019-09" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/1xxx/CVE-2019-1559.json b/2019/1xxx/CVE-2019-1559.json index de9e558738b..582aff8b302 100644 --- a/2019/1xxx/CVE-2019-1559.json +++ b/2019/1xxx/CVE-2019-1559.json @@ -1,236 +1,240 @@ + { - "CVE_data_meta": { - "ASSIGNER": "openssl-security@openssl.org", - "DATE_PUBLIC": "2019-02-26", - "ID": "CVE-2019-1559", - "STATE": "PUBLIC", - "TITLE": "0-byte record padding oracle" + "CVE_data_meta":{ + "ASSIGNER":"openssl-security@openssl.org", + "DATE_PUBLIC":"2019-02-26", + "ID":"CVE-2019-1559", + "STATE":"PUBLIC", + "TITLE":"0-byte record padding oracle" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "OpenSSL", - "version": { - "version_data": [ + "product_name":"OpenSSL", + "version":{ + "version_data":[ { - "version_value": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)" + "version_value":"Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)" } ] } } ] }, - "vendor_name": "OpenSSL" + "vendor_name":"OpenSSL" } ] } }, - "credit": [ + "credit":[ { - "lang": "eng", - "value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt" + "lang":"eng", + "value":"Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)." + "lang":"eng", + "value":"If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)." } ] }, - "impact": [ + "impact":[ { - "lang": "eng", - "url": "https://www.openssl.org/policies/secpolicy.html#Moderate", - "value": "Moderate" + "lang":"eng", + "url":"https://www.openssl.org/policies/secpolicy.html#Moderate", + "value":"Moderate" } ], - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Padding Oracle" + "lang":"eng", + "value":"Padding Oracle" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://security.netapp.com/advisory/ntap-20190301-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20190301-0001/" + "name":"https://security.netapp.com/advisory/ntap-20190301-0001/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20190301-0001/" }, { - "name": "https://security.netapp.com/advisory/ntap-20190301-0002/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20190301-0002/" + "name":"https://security.netapp.com/advisory/ntap-20190301-0002/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20190301-0002/" }, { - "name": "107174", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/107174" + "name":"107174", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/107174" }, { - "name": "GLSA-201903-10", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201903-10" + "name":"GLSA-201903-10", + "refsource":"GENTOO", + "url":"https://security.gentoo.org/glsa/201903-10" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e" }, { - "name": "USN-3899-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3899-1/" + "name":"USN-3899-1", + "refsource":"UBUNTU", + "url":"https://usn.ubuntu.com/3899-1/" }, { - "name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html" + "name":"[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html" }, { - "name": "https://www.openssl.org/news/secadv/20190226.txt", - "refsource": "CONFIRM", - "url": "https://www.openssl.org/news/secadv/20190226.txt" + "name":"https://www.openssl.org/news/secadv/20190226.txt", + "refsource":"CONFIRM", + "url":"https://www.openssl.org/news/secadv/20190226.txt" }, { - "name": "DSA-4400", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2019/dsa-4400" + "name":"DSA-4400", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2019/dsa-4400" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K18549143", - "url": "https://support.f5.com/csp/article/K18549143" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K18549143", + "url":"https://support.f5.com/csp/article/K18549143" }, { - "refsource": "CONFIRM", - "name": "https://www.tenable.com/security/tns-2019-02", - "url": "https://www.tenable.com/security/tns-2019-02" + "refsource":"CONFIRM", + "name":"https://www.tenable.com/security/tns-2019-02", + "url":"https://www.tenable.com/security/tns-2019-02" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1076", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1076", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1105", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1105", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1173", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1173", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1175", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1175", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190423-0002/", - "url": "https://security.netapp.com/advisory/ntap-20190423-0002/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190423-0002/", + "url":"https://security.netapp.com/advisory/ntap-20190423-0002/" }, { - "refsource": "CONFIRM", - "name": "https://www.tenable.com/security/tns-2019-03", - "url": "https://www.tenable.com/security/tns-2019-03" + "refsource":"CONFIRM", + "name":"https://www.tenable.com/security/tns-2019-03", + "url":"https://www.tenable.com/security/tns-2019-03" }, { - "refsource": "CONFIRM", - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10282", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10282" + "refsource":"CONFIRM", + "name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10282", + "url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10282" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1432", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1432", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1637", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1637", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2304", - "url": "https://access.redhat.com/errata/RHSA-2019:2304" + "refsource":"REDHAT", + "name":"RHSA-2019:2304", + "url":"https://access.redhat.com/errata/RHSA-2019:2304" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2439", - "url": "https://access.redhat.com/errata/RHSA-2019:2439" + "refsource":"REDHAT", + "name":"RHSA-2019:2439", + "url":"https://access.redhat.com/errata/RHSA-2019:2439" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2437", - "url": "https://access.redhat.com/errata/RHSA-2019:2437" + "refsource":"REDHAT", + "name":"RHSA-2019:2437", + "url":"https://access.redhat.com/errata/RHSA-2019:2437" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2471", - "url": "https://access.redhat.com/errata/RHSA-2019:2471" + "refsource":"REDHAT", + "name":"RHSA-2019:2471", + "url":"https://access.redhat.com/errata/RHSA-2019:2471" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-db06efdea1", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" + "refsource":"FEDORA", + "name":"FEDORA-2019-db06efdea1", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-00c25b9379", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" + "refsource":"FEDORA", + "name":"FEDORA-2019-00c25b9379", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-9a0a7c0986", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" + "refsource":"FEDORA", + "name":"FEDORA-2019-9a0a7c0986", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS", - "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS", + "url":"https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3929", - "url": "https://access.redhat.com/errata/RHSA-2019:3929" + "refsource":"REDHAT", + "name":"RHSA-2019:3929", + "url":"https://access.redhat.com/errata/RHSA-2019:3929" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3931", - "url": "https://access.redhat.com/errata/RHSA-2019:3931" + "refsource":"REDHAT", + "name":"RHSA-2019:3931", + "url":"https://access.redhat.com/errata/RHSA-2019:3931" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/1xxx/CVE-2019-1563.json b/2019/1xxx/CVE-2019-1563.json index 44456564cf5..97e85db00b9 100644 --- a/2019/1xxx/CVE-2019-1563.json +++ b/2019/1xxx/CVE-2019-1563.json @@ -1,187 +1,191 @@ + { - "CVE_data_meta": { - "ASSIGNER": "openssl-security@openssl.org", - "DATE_PUBLIC": "2019-09-10", - "ID": "CVE-2019-1563", - "STATE": "PUBLIC", - "TITLE": "Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey" + "CVE_data_meta":{ + "ASSIGNER":"openssl-security@openssl.org", + "DATE_PUBLIC":"2019-09-10", + "ID":"CVE-2019-1563", + "STATE":"PUBLIC", + "TITLE":"Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "OpenSSL", - "version": { - "version_data": [ + "product_name":"OpenSSL", + "version":{ + "version_data":[ { - "version_value": "Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" + "version_value":"Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" }, { - "version_value": "Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)" + "version_value":"Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)" }, { - "version_value": "Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)" + "version_value":"Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)" } ] } } ] }, - "vendor_name": "OpenSSL" + "vendor_name":"OpenSSL" } ] } }, - "credit": [ + "credit":[ { - "lang": "eng", - "value": "Bernd Edlinger" + "lang":"eng", + "value":"Bernd Edlinger" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)." + "lang":"eng", + "value":"In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)." } ] }, - "impact": [ + "impact":[ { - "lang": "eng", - "url": "https://www.openssl.org/policies/secpolicy.html#Low", - "value": "Low" + "lang":"eng", + "url":"https://www.openssl.org/policies/secpolicy.html#Low", + "value":"Low" } ], - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Padding Oracle" + "lang":"eng", + "value":"Padding Oracle" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.openssl.org/news/secadv/20190910.txt", - "refsource": "CONFIRM", - "url": "https://www.openssl.org/news/secadv/20190910.txt" + "name":"https://www.openssl.org/news/secadv/20190910.txt", + "refsource":"CONFIRM", + "url":"https://www.openssl.org/news/secadv/20190910.txt" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f" }, { - "refsource": "BUGTRAQ", - "name": "20190912 [slackware-security] openssl (SSA:2019-254-03)", - "url": "https://seclists.org/bugtraq/2019/Sep/25" + "refsource":"BUGTRAQ", + "name":"20190912 [slackware-security] openssl (SSA:2019-254-03)", + "url":"https://seclists.org/bugtraq/2019/Sep/25" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "url": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "url":"http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190919-0002/", - "url": "https://security.netapp.com/advisory/ntap-20190919-0002/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190919-0002/", + "url":"https://security.netapp.com/advisory/ntap-20190919-0002/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2158", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2158", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-d15aac6c4e", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/" + "refsource":"FEDORA", + "name":"FEDORA-2019-d15aac6c4e", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2189", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2189", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-d51641f152", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/" + "refsource":"FEDORA", + "name":"FEDORA-2019-d51641f152", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/" }, { - "refsource": "BUGTRAQ", - "name": "20191001 [SECURITY] [DSA 4539-1] openssl security update", - "url": "https://seclists.org/bugtraq/2019/Oct/1" + "refsource":"BUGTRAQ", + "name":"20191001 [SECURITY] [DSA 4539-1] openssl security update", + "url":"https://seclists.org/bugtraq/2019/Oct/1" }, { - "refsource": "BUGTRAQ", - "name": "20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update", - "url": "https://seclists.org/bugtraq/2019/Oct/0" + "refsource":"BUGTRAQ", + "name":"20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update", + "url":"https://seclists.org/bugtraq/2019/Oct/0" }, { - "refsource": "DEBIAN", - "name": "DSA-4539", - "url": "https://www.debian.org/security/2019/dsa-4539" + "refsource":"DEBIAN", + "name":"DSA-4539", + "url":"https://www.debian.org/security/2019/dsa-4539" }, { - "refsource": "DEBIAN", - "name": "DSA-4540", - "url": "https://www.debian.org/security/2019/dsa-4540" + "refsource":"DEBIAN", + "name":"DSA-4540", + "url":"https://www.debian.org/security/2019/dsa-4540" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2268", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2268", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2269", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2269", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K97324400?utm_source=f5support&utm_medium=RSS", - "url": "https://support.f5.com/csp/article/K97324400?utm_source=f5support&utm_medium=RSS" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K97324400?utm_source=f5support&utm_medium=RSS", + "url":"https://support.f5.com/csp/article/K97324400?utm_source=f5support&utm_medium=RSS" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "GENTOO", - "name": "GLSA-201911-04", - "url": "https://security.gentoo.org/glsa/201911-04" + "refsource":"GENTOO", + "name":"GLSA-201911-04", + "url":"https://security.gentoo.org/glsa/201911-04" }, { - "refsource": "CONFIRM", - "name": "https://www.tenable.com/security/tns-2019-09", - "url": "https://www.tenable.com/security/tns-2019-09" + "refsource":"CONFIRM", + "name":"https://www.tenable.com/security/tns-2019-09", + "url":"https://www.tenable.com/security/tns-2019-09" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/2xxx/CVE-2019-2904.json b/2019/2xxx/CVE-2019-2904.json index 819348bba61..9f973ea89b9 100644 --- a/2019/2xxx/CVE-2019-2904.json +++ b/2019/2xxx/CVE-2019-2904.json @@ -1,75 +1,79 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2019-2904", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2019-2904", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "JDeveloper", - "version": { - "version_data": [ + "product_name":"JDeveloper", + "version":{ + "version_data":[ { - "version_value": "11.1.1.9.0", - "version_affected": "=" + "version_value":"11.1.1.9.0", + "version_affected":"=" }, { - "version_value": "12.1.3.0.0", - "version_affected": "=" + "version_value":"12.1.3.0.0", + "version_affected":"=" }, { - "version_value": "12.2.1.3.0", - "version_affected": "=" + "version_value":"12.2.1.3.0", + "version_affected":"=" } ] } } ] }, - "vendor_name": "Oracle Corporation" + "vendor_name":"Oracle Corporation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + "lang":"eng", + "value":"Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF." + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF." } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/" + "refsource":"MISC", + "name":"https://www.zerodayinitiative.com/advisories/ZDI-19-1024/", + "url":"https://www.zerodayinitiative.com/advisories/ZDI-19-1024/" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/3xxx/CVE-2019-3862.json b/2019/3xxx/CVE-2019-3862.json index 81363e7600b..c7dbf74ad86 100644 --- a/2019/3xxx/CVE-2019-3862.json +++ b/2019/3xxx/CVE-2019-3862.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-3862", - "ASSIGNER": "secalert@redhat.com", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-3862", + "ASSIGNER":"secalert@redhat.com", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "The libssh2 Project", - "product": { - "product_data": [ + "vendor_name":"The libssh2 Project", + "product":{ + "product_data":[ { - "product_name": "libssh2", - "version": { - "version_data": [ + "product_name":"libssh2", + "version":{ + "version_data":[ { - "version_value": "1.8.1" + "version_value":"1.8.1" } ] } @@ -30,121 +31,124 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-130" + "lang":"eng", + "value":"CWE-130" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MLIST", - "name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2", - "url": "http://www.openwall.com/lists/oss-security/2019/03/18/3" + "refsource":"MLIST", + "name":"[oss-security] 20190318 [SECURITY ADVISORIES] libssh2", + "url":"http://www.openwall.com/lists/oss-security/2019/03/18/3" }, { - "refsource": "BUGTRAQ", - "name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)", - "url": "https://seclists.org/bugtraq/2019/Mar/25" + "refsource":"BUGTRAQ", + "name":"20190319 [slackware-security] libssh2 (SSA:2019-077-01)", + "url":"https://seclists.org/bugtraq/2019/Mar/25" }, { - "url": "https://www.libssh2.org/CVE-2019-3862.html", - "refsource": "MISC", - "name": "https://www.libssh2.org/CVE-2019-3862.html" + "url":"https://www.libssh2.org/CVE-2019-3862.html", + "refsource":"MISC", + "name":"https://www.libssh2.org/CVE-2019-3862.html" }, { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", - "refsource": "CONFIRM" + "url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", + "name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", + "refsource":"CONFIRM" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "url":"http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html" }, { - "refsource": "BID", - "name": "107485", - "url": "http://www.securityfocus.com/bid/107485" + "refsource":"BID", + "name":"107485", + "url":"http://www.securityfocus.com/bid/107485" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-f31c14682f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/" + "refsource":"FEDORA", + "name":"FEDORA-2019-f31c14682f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/" }, { - "refsource": "CONFIRM", - "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767" + "refsource":"CONFIRM", + "name":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190327-0005/", - "url": "https://security.netapp.com/advisory/ntap-20190327-0005/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190327-0005/", + "url":"https://security.netapp.com/advisory/ntap-20190327-0005/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1075", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1075", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1109", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1109", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-3348cb4934", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/" + "refsource":"FEDORA", + "name":"FEDORA-2019-3348cb4934", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/" }, { - "refsource": "DEBIAN", - "name": "DSA-4431", - "url": "https://www.debian.org/security/2019/dsa-4431" + "refsource":"DEBIAN", + "name":"DSA-4431", + "url":"https://www.debian.org/security/2019/dsa-4431" }, { - "refsource": "BUGTRAQ", - "name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update", - "url": "https://seclists.org/bugtraq/2019/Apr/25" + "refsource":"BUGTRAQ", + "name":"20190415 [SECURITY] [DSA 4431-1] libssh2 security update", + "url":"https://seclists.org/bugtraq/2019/Apr/25" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1884", - "url": "https://access.redhat.com/errata/RHSA-2019:1884" + "refsource":"REDHAT", + "name":"RHSA-2019:1884", + "url":"https://access.redhat.com/errata/RHSA-2019:1884" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory." + "lang":"eng", + "value":"An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory." } ] }, - "impact": { - "cvss": [ + "impact":{ + "cvss":[ [ { - "vectorString": "7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "version": "3.0" + "vectorString":"7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version":"3.0" } ] ] diff --git a/2019/5xxx/CVE-2019-5481.json b/2019/5xxx/CVE-2019-5481.json index 3776b537386..71914cfe4e1 100644 --- a/2019/5xxx/CVE-2019-5481.json +++ b/2019/5xxx/CVE-2019-5481.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-5481", - "ASSIGNER": "support@hackerone.com", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-5481", + "ASSIGNER":"support@hackerone.com", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "n/a", - "product": { - "product_data": [ + "vendor_name":"n/a", + "product":{ + "product_data":[ { - "product_name": "curl", - "version": { - "version_data": [ + "product_name":"curl", + "version":{ + "version_data":[ { - "version_value": "7.52.0 to 7.65.3" + "version_value":"7.52.0 to 7.65.3" } ] } @@ -30,62 +31,65 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Double Free (CWE-415)" + "lang":"eng", + "value":"Double Free (CWE-415)" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "CONFIRM", - "name": "https://curl.haxx.se/docs/CVE-2019-5481.html", - "url": "https://curl.haxx.se/docs/CVE-2019-5481.html" + "refsource":"CONFIRM", + "name":"https://curl.haxx.se/docs/CVE-2019-5481.html", + "url":"https://curl.haxx.se/docs/CVE-2019-5481.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2149", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2149", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-9e6357d82f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/" + "refsource":"FEDORA", + "name":"FEDORA-2019-9e6357d82f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-6d7f6fa2c8", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/" + "refsource":"FEDORA", + "name":"FEDORA-2019-6d7f6fa2c8", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2169", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2169", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-f2a520135e", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/" + "refsource":"FEDORA", + "name":"FEDORA-2019-f2a520135e", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20191004-0003/", - "url": "https://security.netapp.com/advisory/ntap-20191004-0003/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20191004-0003/", + "url":"https://security.netapp.com/advisory/ntap-20191004-0003/" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3." + "lang":"eng", + "value":"Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3." } ] } diff --git a/2019/5xxx/CVE-2019-5482.json b/2019/5xxx/CVE-2019-5482.json index aff1b72d2b6..2a7ed5b7e21 100644 --- a/2019/5xxx/CVE-2019-5482.json +++ b/2019/5xxx/CVE-2019-5482.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-5482", - "ASSIGNER": "support@hackerone.com", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-5482", + "ASSIGNER":"support@hackerone.com", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "n/a", - "product": { - "product_data": [ + "vendor_name":"n/a", + "product":{ + "product_data":[ { - "product_name": "curl", - "version": { - "version_data": [ + "product_name":"curl", + "version":{ + "version_data":[ { - "version_value": "7.19.4 to 7.65.3" + "version_value":"7.19.4 to 7.65.3" } ] } @@ -30,62 +31,65 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Heap Overflow (CWE-122)" + "lang":"eng", + "value":"Heap Overflow (CWE-122)" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "CONFIRM", - "name": "https://curl.haxx.se/docs/CVE-2019-5482.html", - "url": "https://curl.haxx.se/docs/CVE-2019-5482.html" + "refsource":"CONFIRM", + "name":"https://curl.haxx.se/docs/CVE-2019-5482.html", + "url":"https://curl.haxx.se/docs/CVE-2019-5482.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2149", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2149", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-9e6357d82f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/" + "refsource":"FEDORA", + "name":"FEDORA-2019-9e6357d82f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-6d7f6fa2c8", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/" + "refsource":"FEDORA", + "name":"FEDORA-2019-6d7f6fa2c8", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2169", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2169", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-f2a520135e", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/" + "refsource":"FEDORA", + "name":"FEDORA-2019-f2a520135e", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20191004-0003/", - "url": "https://security.netapp.com/advisory/ntap-20191004-0003/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20191004-0003/", + "url":"https://security.netapp.com/advisory/ntap-20191004-0003/" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3." + "lang":"eng", + "value":"Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3." } ] } diff --git a/2019/5xxx/CVE-2019-5718.json b/2019/5xxx/CVE-2019-5718.json index d5ba943ea30..d7ae996b2a0 100644 --- a/2019/5xxx/CVE-2019-5718.json +++ b/2019/5xxx/CVE-2019-5718.json @@ -1,86 +1,90 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5718", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-5718", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check." + "lang":"eng", + "value":"In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373", - "refsource": "MISC", - "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373" + "name":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373", + "refsource":"MISC", + "url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373" }, { - "name": "106482", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/106482" + "name":"106482", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/106482" }, { - "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1", - "refsource": "MISC", - "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1" + "name":"https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1", + "refsource":"MISC", + "url":"https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1" }, { - "name": "https://www.wireshark.org/security/wnpa-sec-2019-03.html", - "refsource": "MISC", - "url": "https://www.wireshark.org/security/wnpa-sec-2019-03.html" + "name":"https://www.wireshark.org/security/wnpa-sec-2019-03.html", + "refsource":"MISC", + "url":"https://www.wireshark.org/security/wnpa-sec-2019-03.html" }, { - "refsource": "DEBIAN", - "name": "DSA-4416", - "url": "https://www.debian.org/security/2019/dsa-4416" + "refsource":"DEBIAN", + "name":"DSA-4416", + "url":"https://www.debian.org/security/2019/dsa-4416" }, { - "refsource": "BUGTRAQ", - "name": "20190324 [SECURITY] [DSA 4416-1] wireshark security update", - "url": "https://seclists.org/bugtraq/2019/Mar/35" + "refsource":"BUGTRAQ", + "name":"20190324 [SECURITY] [DSA 4416-1] wireshark security update", + "url":"https://seclists.org/bugtraq/2019/Mar/35" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/8xxx/CVE-2019-8457.json b/2019/8xxx/CVE-2019-8457.json index 27b0811d66a..d30ef48b5a5 100644 --- a/2019/8xxx/CVE-2019-8457.json +++ b/2019/8xxx/CVE-2019-8457.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-8457", - "ASSIGNER": "cve@checkpoint.com", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-8457", + "ASSIGNER":"cve@checkpoint.com", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "n/a", - "product": { - "product_data": [ + "vendor_name":"n/a", + "product":{ + "product_data":[ { - "product_name": "SQLite", - "version": { - "version_data": [ + "product_name":"SQLite", + "version":{ + "version_data":[ { - "version_value": "From 3.6.0 to 3.27.2 including" + "version_value":"From 3.6.0 to 3.27.2 including" } ] } @@ -30,82 +31,85 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-125: Out-of-bounds Read" + "lang":"eng", + "value":"CWE-125: Out-of-bounds Read" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "name": "https://www.sqlite.org/src/info/90acdbfce9c08858", - "url": "https://www.sqlite.org/src/info/90acdbfce9c08858" + "refsource":"MISC", + "name":"https://www.sqlite.org/src/info/90acdbfce9c08858", + "url":"https://www.sqlite.org/src/info/90acdbfce9c08858" }, { - "refsource": "MISC", - "name": "https://www.sqlite.org/releaselog/3_28_0.html", - "url": "https://www.sqlite.org/releaselog/3_28_0.html" + "refsource":"MISC", + "name":"https://www.sqlite.org/releaselog/3_28_0.html", + "url":"https://www.sqlite.org/releaselog/3_28_0.html" }, { - "refsource": "UBUNTU", - "name": "USN-4004-1", - "url": "https://usn.ubuntu.com/4004-1/" + "refsource":"UBUNTU", + "name":"USN-4004-1", + "url":"https://usn.ubuntu.com/4004-1/" }, { - "refsource": "UBUNTU", - "name": "USN-4004-2", - "url": "https://usn.ubuntu.com/4004-2/" + "refsource":"UBUNTU", + "name":"USN-4004-2", + "url":"https://usn.ubuntu.com/4004-2/" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190606-0002/", - "url": "https://security.netapp.com/advisory/ntap-20190606-0002/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190606-0002/", + "url":"https://security.netapp.com/advisory/ntap-20190606-0002/" }, { - "refsource": "UBUNTU", - "name": "USN-4019-1", - "url": "https://usn.ubuntu.com/4019-1/" + "refsource":"UBUNTU", + "name":"USN-4019-1", + "url":"https://usn.ubuntu.com/4019-1/" }, { - "refsource": "UBUNTU", - "name": "USN-4019-2", - "url": "https://usn.ubuntu.com/4019-2/" + "refsource":"UBUNTU", + "name":"USN-4019-2", + "url":"https://usn.ubuntu.com/4019-2/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1645", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1645", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-02b81266b7", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/" + "refsource":"FEDORA", + "name":"FEDORA-2019-02b81266b7", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-3377813d18", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/" + "refsource":"FEDORA", + "name":"FEDORA-2019-3377813d18", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables." + "lang":"eng", + "value":"SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables." } ] } diff --git a/2019/9xxx/CVE-2019-9208.json b/2019/9xxx/CVE-2019-9208.json index 55e7300edcb..8cd2cdd79eb 100644 --- a/2019/9xxx/CVE-2019-9208.json +++ b/2019/9xxx/CVE-2019-9208.json @@ -1,101 +1,105 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9208", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-9208", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences." + "lang":"eng", + "value":"In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "107203", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/107203" + "name":"107203", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/107203" }, { - "name": "https://www.wireshark.org/security/wnpa-sec-2019-07.html", - "refsource": "MISC", - "url": "https://www.wireshark.org/security/wnpa-sec-2019-07.html" + "name":"https://www.wireshark.org/security/wnpa-sec-2019-07.html", + "refsource":"MISC", + "url":"https://www.wireshark.org/security/wnpa-sec-2019-07.html" }, { - "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2", - "refsource": "MISC", - "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2" + "name":"https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2", + "refsource":"MISC", + "url":"https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2" }, { - "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464", - "refsource": "MISC", - "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464" + "name":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464", + "refsource":"MISC", + "url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464" }, { - "refsource": "DEBIAN", - "name": "DSA-4416", - "url": "https://www.debian.org/security/2019/dsa-4416" + "refsource":"DEBIAN", + "name":"DSA-4416", + "url":"https://www.debian.org/security/2019/dsa-4416" }, { - "refsource": "BUGTRAQ", - "name": "20190324 [SECURITY] [DSA 4416-1] wireshark security update", - "url": "https://seclists.org/bugtraq/2019/Mar/35" + "refsource":"BUGTRAQ", + "name":"20190324 [SECURITY] [DSA 4416-1] wireshark security update", + "url":"https://seclists.org/bugtraq/2019/Mar/35" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1108", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00007.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1108", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00007.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1390", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1390", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html" }, { - "refsource": "UBUNTU", - "name": "USN-3986-1", - "url": "https://usn.ubuntu.com/3986-1/" + "refsource":"UBUNTU", + "name":"USN-3986-1", + "url":"https://usn.ubuntu.com/3986-1/" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/9xxx/CVE-2019-9636.json b/2019/9xxx/CVE-2019-9636.json index ab524500cac..6244c716c7a 100644 --- a/2019/9xxx/CVE-2019-9636.json +++ b/2019/9xxx/CVE-2019-9636.json @@ -1,286 +1,290 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9636", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-9636", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly." + "lang":"eng", + "value":"Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://github.com/python/cpython/pull/12201", - "refsource": "MISC", - "url": "https://github.com/python/cpython/pull/12201" + "name":"https://github.com/python/cpython/pull/12201", + "refsource":"MISC", + "url":"https://github.com/python/cpython/pull/12201" }, { - "name": "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "refsource": "MISC", - "url": "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html" + "name":"https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", + "refsource":"MISC", + "url":"https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html" }, { - "name": "107400", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/107400" + "name":"107400", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/107400" }, { - "name": "https://bugs.python.org/issue36216", - "refsource": "MISC", - "url": "https://bugs.python.org/issue36216" + "name":"https://bugs.python.org/issue36216", + "refsource":"MISC", + "url":"https://bugs.python.org/issue36216" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-243442e600", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/" + "refsource":"FEDORA", + "name":"FEDORA-2019-243442e600", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-6e1938a3c5", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/" + "refsource":"FEDORA", + "name":"FEDORA-2019-6e1938a3c5", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-6baeb15da3", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/" + "refsource":"FEDORA", + "name":"FEDORA-2019-6baeb15da3", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-cf725dd20b", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/" + "refsource":"FEDORA", + "name":"FEDORA-2019-cf725dd20b", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-6b02154aa0", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/" + "refsource":"FEDORA", + "name":"FEDORA-2019-6b02154aa0", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-7d9f3cf3ce", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/" + "refsource":"FEDORA", + "name":"FEDORA-2019-7d9f3cf3ce", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-51f1e08207", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/" + "refsource":"FEDORA", + "name":"FEDORA-2019-51f1e08207", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-a122fe704d", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/" + "refsource":"FEDORA", + "name":"FEDORA-2019-a122fe704d", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-86f32cbab1", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/" + "refsource":"FEDORA", + "name":"FEDORA-2019-86f32cbab1", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0710", - "url": "https://access.redhat.com/errata/RHSA-2019:0710" + "refsource":"REDHAT", + "name":"RHSA-2019:0710", + "url":"https://access.redhat.com/errata/RHSA-2019:0710" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0765", - "url": "https://access.redhat.com/errata/RHSA-2019:0765" + "refsource":"REDHAT", + "name":"RHSA-2019:0765", + "url":"https://access.redhat.com/errata/RHSA-2019:0765" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0806", - "url": "https://access.redhat.com/errata/RHSA-2019:0806" + "refsource":"REDHAT", + "name":"RHSA-2019:0806", + "url":"https://access.redhat.com/errata/RHSA-2019:0806" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1273", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1273", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1282", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1282", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0902", - "url": "https://access.redhat.com/errata/RHSA-2019:0902" + "refsource":"REDHAT", + "name":"RHSA-2019:0902", + "url":"https://access.redhat.com/errata/RHSA-2019:0902" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0981", - "url": "https://access.redhat.com/errata/RHSA-2019:0981" + "refsource":"REDHAT", + "name":"RHSA-2019:0981", + "url":"https://access.redhat.com/errata/RHSA-2019:0981" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0997", - "url": "https://access.redhat.com/errata/RHSA-2019:0997" + "refsource":"REDHAT", + "name":"RHSA-2019:0997", + "url":"https://access.redhat.com/errata/RHSA-2019:0997" }, { - "refsource": "REDHAT", - "name": "RHBA-2019:0959", - "url": "https://access.redhat.com/errata/RHBA-2019:0959" + "refsource":"REDHAT", + "name":"RHBA-2019:0959", + "url":"https://access.redhat.com/errata/RHBA-2019:0959" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1371", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1371", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-1ffd6b6064", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/" + "refsource":"FEDORA", + "name":"FEDORA-2019-1ffd6b6064", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190517-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190517-0001/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190517-0001/", + "url":"https://security.netapp.com/advisory/ntap-20190517-0001/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-ec26883852", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/" + "refsource":"FEDORA", + "name":"FEDORA-2019-ec26883852", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1467", - "url": "https://access.redhat.com/errata/RHSA-2019:1467" + "refsource":"REDHAT", + "name":"RHSA-2019:1467", + "url":"https://access.redhat.com/errata/RHSA-2019:1467" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1580", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1580", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190625 [SECURITY] [DLA 1834-1] python2.7 security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190625 [SECURITY] [DLA 1834-1] python2.7 security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190625 [SECURITY] [DLA 1835-1] python3.4 security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190625 [SECURITY] [DLA 1835-1] python3.4 security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html" }, { - "refsource": "REDHAT", - "name": "RHBA-2019:0764", - "url": "https://access.redhat.com/errata/RHBA-2019:0764" + "refsource":"REDHAT", + "name":"RHBA-2019:0764", + "url":"https://access.redhat.com/errata/RHBA-2019:0764" }, { - "refsource": "REDHAT", - "name": "RHBA-2019:0763", - "url": "https://access.redhat.com/errata/RHBA-2019:0763" + "refsource":"REDHAT", + "name":"RHBA-2019:0763", + "url":"https://access.redhat.com/errata/RHBA-2019:0763" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-7723d4774a", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/" + "refsource":"FEDORA", + "name":"FEDORA-2019-7723d4774a", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-7df59302e0", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/" + "refsource":"FEDORA", + "name":"FEDORA-2019-7df59302e0", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-9bfb4a3e4b", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/" + "refsource":"FEDORA", + "name":"FEDORA-2019-9bfb4a3e4b", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-60a1defcd1", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/" + "refsource":"FEDORA", + "name":"FEDORA-2019-60a1defcd1", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1906", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1906", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html" }, { - "refsource": "UBUNTU", - "name": "USN-4127-2", - "url": "https://usn.ubuntu.com/4127-2/" + "refsource":"UBUNTU", + "name":"USN-4127-2", + "url":"https://usn.ubuntu.com/4127-2/" }, { - "refsource": "UBUNTU", - "name": "USN-4127-1", - "url": "https://usn.ubuntu.com/4127-1/" + "refsource":"UBUNTU", + "name":"USN-4127-1", + "url":"https://usn.ubuntu.com/4127-1/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-5dc275c9f2", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/" + "refsource":"FEDORA", + "name":"FEDORA-2019-5dc275c9f2", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-2b1f72899a", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/" + "refsource":"FEDORA", + "name":"FEDORA-2019-2b1f72899a", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2980", - "url": "https://access.redhat.com/errata/RHSA-2019:2980" + "refsource":"REDHAT", + "name":"RHSA-2019:2980", + "url":"https://access.redhat.com/errata/RHSA-2019:2980" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3170", - "url": "https://access.redhat.com/errata/RHSA-2019:3170" + "refsource":"REDHAT", + "name":"RHSA-2019:3170", + "url":"https://access.redhat.com/errata/RHSA-2019:3170" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-b06ec6159b", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/" + "refsource":"FEDORA", + "name":"FEDORA-2019-b06ec6159b", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-d202cda4f8", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/" + "refsource":"FEDORA", + "name":"FEDORA-2019-d202cda4f8", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-57462fa10d", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/" + "refsource":"FEDORA", + "name":"FEDORA-2019-57462fa10d", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/9xxx/CVE-2019-9936.json b/2019/9xxx/CVE-2019-9936.json index 5c876dade83..99529a5878c 100644 --- a/2019/9xxx/CVE-2019-9936.json +++ b/2019/9xxx/CVE-2019-9936.json @@ -1,111 +1,115 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9936", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-9936", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c." + "lang":"eng", + "value":"In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114382.html", - "refsource": "MISC", - "name": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114382.html" + "url":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114382.html", + "refsource":"MISC", + "name":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114382.html" }, { - "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114394.html", - "refsource": "MISC", - "name": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114394.html" + "url":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114394.html", + "refsource":"MISC", + "name":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114394.html" }, { - "url": "https://sqlite.org/src/info/b3fa58dd7403dbd4", - "refsource": "MISC", - "name": "https://sqlite.org/src/info/b3fa58dd7403dbd4" + "url":"https://sqlite.org/src/info/b3fa58dd7403dbd4", + "refsource":"MISC", + "name":"https://sqlite.org/src/info/b3fa58dd7403dbd4" }, { - "refsource": "BID", - "name": "107562", - "url": "http://www.securityfocus.com/bid/107562" + "refsource":"BID", + "name":"107562", + "url":"http://www.securityfocus.com/bid/107562" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190416-0005/", - "url": "https://security.netapp.com/advisory/ntap-20190416-0005/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190416-0005/", + "url":"https://security.netapp.com/advisory/ntap-20190416-0005/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1372", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1372", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-8641591b3c", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/" + "refsource":"FEDORA", + "name":"FEDORA-2019-8641591b3c", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-a01751837d", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/" + "refsource":"FEDORA", + "name":"FEDORA-2019-a01751837d", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/" }, { - "refsource": "UBUNTU", - "name": "USN-4019-1", - "url": "https://usn.ubuntu.com/4019-1/" + "refsource":"UBUNTU", + "name":"USN-4019-1", + "url":"https://usn.ubuntu.com/4019-1/" }, { - "refsource": "GENTOO", - "name": "GLSA-201908-09", - "url": "https://security.gentoo.org/glsa/201908-09" + "refsource":"GENTOO", + "name":"GLSA-201908-09", + "url":"https://security.gentoo.org/glsa/201908-09" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/9xxx/CVE-2019-9937.json b/2019/9xxx/CVE-2019-9937.json index 002d20d3927..25e97f6b913 100644 --- a/2019/9xxx/CVE-2019-9937.json +++ b/2019/9xxx/CVE-2019-9937.json @@ -1,111 +1,115 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9937", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-9937", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c." + "lang":"eng", + "value":"In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114383.html", - "refsource": "MISC", - "name": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114383.html" + "url":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114383.html", + "refsource":"MISC", + "name":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114383.html" }, { - "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114393.html", - "refsource": "MISC", - "name": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114393.html" + "url":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114393.html", + "refsource":"MISC", + "name":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114393.html" }, { - "url": "https://sqlite.org/src/info/45c73deb440496e8", - "refsource": "MISC", - "name": "https://sqlite.org/src/info/45c73deb440496e8" + "url":"https://sqlite.org/src/info/45c73deb440496e8", + "refsource":"MISC", + "name":"https://sqlite.org/src/info/45c73deb440496e8" }, { - "refsource": "BID", - "name": "107562", - "url": "http://www.securityfocus.com/bid/107562" + "refsource":"BID", + "name":"107562", + "url":"http://www.securityfocus.com/bid/107562" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190416-0005/", - "url": "https://security.netapp.com/advisory/ntap-20190416-0005/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190416-0005/", + "url":"https://security.netapp.com/advisory/ntap-20190416-0005/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1372", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1372", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-8641591b3c", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/" + "refsource":"FEDORA", + "name":"FEDORA-2019-8641591b3c", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-a01751837d", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/" + "refsource":"FEDORA", + "name":"FEDORA-2019-a01751837d", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/" }, { - "refsource": "UBUNTU", - "name": "USN-4019-1", - "url": "https://usn.ubuntu.com/4019-1/" + "refsource":"UBUNTU", + "name":"USN-4019-1", + "url":"https://usn.ubuntu.com/4019-1/" }, { - "refsource": "GENTOO", - "name": "GLSA-201908-09", - "url": "https://security.gentoo.org/glsa/201908-09" + "refsource":"GENTOO", + "name":"GLSA-201908-09", + "url":"https://security.gentoo.org/glsa/201908-09" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } From d7994aa5394f0a9baf0fb03367246f741d8e904a Mon Sep 17 00:00:00 2001 From: zdi-team Date: Tue, 14 Jan 2020 18:00:53 -0600 Subject: [PATCH 071/387] ZDI rejects the following CVEs: A 2019/17xxx/CVE-2019-17149.json A 2019/17xxx/CVE-2019-17150.json --- 2019/17xxx/CVE-2019-17149.json | 18 ++++++++++++++++++ 2019/17xxx/CVE-2019-17150.json | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 2019/17xxx/CVE-2019-17149.json create mode 100644 2019/17xxx/CVE-2019-17150.json diff --git a/2019/17xxx/CVE-2019-17149.json b/2019/17xxx/CVE-2019-17149.json new file mode 100644 index 00000000000..6e9ab4422f3 --- /dev/null +++ b/2019/17xxx/CVE-2019-17149.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17149", + "STATE": "REJECT" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was accidentally assigned. Notes: All CVE users should ignore this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} diff --git a/2019/17xxx/CVE-2019-17150.json b/2019/17xxx/CVE-2019-17150.json new file mode 100644 index 00000000000..b4214f051b1 --- /dev/null +++ b/2019/17xxx/CVE-2019-17150.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17150", + "STATE": "REJECT" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was accidentally assigned. Notes: All CVE users should ignore this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} From a746973f5fd7a91f8bd7bac49d125da7dc6be013 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 00:01:17 +0000 Subject: [PATCH 072/387] "-Synchronized-Data." --- 2020/0xxx/CVE-2020-0601.json | 386 +++++----- 2020/0xxx/CVE-2020-0602.json | 122 +-- 2020/0xxx/CVE-2020-0603.json | 122 +-- 2020/0xxx/CVE-2020-0605.json | 1360 +++++++++++++++++----------------- 2020/0xxx/CVE-2020-0606.json | 1346 ++++++++++++++++----------------- 2020/0xxx/CVE-2020-0607.json | 452 +++++------ 2020/0xxx/CVE-2020-0608.json | 488 ++++++------ 2020/0xxx/CVE-2020-0609.json | 128 ++-- 2020/0xxx/CVE-2020-0610.json | 128 ++-- 2020/0xxx/CVE-2020-0611.json | 458 ++++++------ 2020/0xxx/CVE-2020-0612.json | 116 +-- 2020/0xxx/CVE-2020-0613.json | 416 +++++------ 2020/0xxx/CVE-2020-0614.json | 416 +++++------ 2020/0xxx/CVE-2020-0615.json | 488 ++++++------ 2020/0xxx/CVE-2020-0616.json | 308 ++++---- 2020/0xxx/CVE-2020-0617.json | 178 ++--- 2020/0xxx/CVE-2020-0620.json | 488 ++++++------ 2020/0xxx/CVE-2020-0621.json | 190 ++--- 2020/0xxx/CVE-2020-0622.json | 196 ++--- 2020/0xxx/CVE-2020-0623.json | 416 +++++------ 2020/0xxx/CVE-2020-0624.json | 252 +++---- 2020/0xxx/CVE-2020-0625.json | 488 ++++++------ 2020/0xxx/CVE-2020-0626.json | 488 ++++++------ 2020/0xxx/CVE-2020-0627.json | 488 ++++++------ 2020/0xxx/CVE-2020-0628.json | 488 ++++++------ 2020/0xxx/CVE-2020-0629.json | 488 ++++++------ 2020/0xxx/CVE-2020-0630.json | 482 ++++++------ 2020/0xxx/CVE-2020-0631.json | 488 ++++++------ 2020/0xxx/CVE-2020-0632.json | 488 ++++++------ 2020/0xxx/CVE-2020-0633.json | 374 +++++----- 2020/0xxx/CVE-2020-0634.json | 488 ++++++------ 2020/0xxx/CVE-2020-0635.json | 488 ++++++------ 2020/0xxx/CVE-2020-0636.json | 252 +++---- 2020/0xxx/CVE-2020-0637.json | 164 ++-- 2020/0xxx/CVE-2020-0638.json | 350 ++++----- 2020/0xxx/CVE-2020-0639.json | 488 ++++++------ 2020/0xxx/CVE-2020-0640.json | 424 +++++------ 2020/0xxx/CVE-2020-0641.json | 428 +++++------ 2020/0xxx/CVE-2020-0642.json | 488 ++++++------ 2020/0xxx/CVE-2020-0643.json | 488 ++++++------ 2020/0xxx/CVE-2020-0644.json | 428 +++++------ 2020/0xxx/CVE-2020-0646.json | 1340 ++++++++++++++++----------------- 2020/0xxx/CVE-2020-0647.json | 112 +-- 2020/0xxx/CVE-2020-0650.json | 210 +++--- 2020/0xxx/CVE-2020-0651.json | 210 +++--- 2020/0xxx/CVE-2020-0652.json | 184 ++--- 2020/0xxx/CVE-2020-0653.json | 116 +-- 2020/0xxx/CVE-2020-0654.json | 112 +-- 2020/0xxx/CVE-2020-0656.json | 112 +-- 2020/5xxx/CVE-2020-5501.json | 61 +- 2020/5xxx/CVE-2020-5502.json | 61 +- 51 files changed, 9963 insertions(+), 9767 deletions(-) diff --git a/2020/0xxx/CVE-2020-0601.json b/2020/0xxx/CVE-2020-0601.json index cadd67ff763..48a205f4c45 100644 --- a/2020/0xxx/CVE-2020-0601.json +++ b/2020/0xxx/CVE-2020-0601.json @@ -1,198 +1,200 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0601", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka \u0027Windows CryptoAPI Spoofing Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Spoofing" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0602.json b/2020/0xxx/CVE-2020-0602.json index 235cb9e9b20..259e5db38df 100644 --- a/2020/0xxx/CVE-2020-0602.json +++ b/2020/0xxx/CVE-2020-0602.json @@ -1,66 +1,68 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0602", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "ASP.NET Core", - "version": { - "version_data": [ - { - "version_value": "2.1" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ASP.NET Core", + "version": { + "version_data": [ + { + "version_value": "2.1" + }, + { + "version_value": "3.0" + }, + { + "version_value": "3.1" + } + ] + } + } + ] }, - { - "version_value": "3.0" - }, - { - "version_value": "3.1" - } - ] + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Denial of Service" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0603.json b/2020/0xxx/CVE-2020-0603.json index b588ac0aa01..237c93b457b 100644 --- a/2020/0xxx/CVE-2020-0603.json +++ b/2020/0xxx/CVE-2020-0603.json @@ -1,66 +1,68 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0603", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "ASP.NET Core", - "version": { - "version_data": [ - { - "version_value": "2.1" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ASP.NET Core", + "version": { + "version_data": [ + { + "version_value": "2.1" + }, + { + "version_value": "3.0" + }, + { + "version_value": "3.1" + } + ] + } + } + ] }, - { - "version_value": "3.0" - }, - { - "version_value": "3.1" - } - ] + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0605.json b/2020/0xxx/CVE-2020-0605.json index 1ca4d609484..9bc968ed36b 100644 --- a/2020/0xxx/CVE-2020-0605.json +++ b/2020/0xxx/CVE-2020-0605.json @@ -1,685 +1,687 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0605", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": ".NET Core", - "version": { - "version_data": [ - { - "version_value": "3.0" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": ".NET Core", + "version": { + "version_data": [ + { + "version_value": "3.0" + }, + { + "version_value": "3.1" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.0", + "version": { + "version_data": [ + { + "version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "1903" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.5.2", + "version": { + "version_data": [ + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5.1", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5", + "version": { + "version_data": [ + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "3.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", - "version": { - "version_data": [ - { - "version_value": "Windows RT 8.1" - }, - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2012 R2" - }, - { - "version_value": "Windows Server 2012 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012 R2 (Server Core installation)" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.0", - "version": { - "version_data": [ - { - "version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", - "version": { - "version_data": [ - { - "version_value": "Windows 10 Version 1607 for 32-bit Systems" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.6", - "version": { - "version_data": [ - { - "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "1903" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.5.2", - "version": { - "version_data": [ - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows RT 8.1" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2012 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012 R2 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012" - }, - { - "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "Windows Server 2012 R2" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5.1", - "version": { - "version_data": [ - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5", - "version": { - "version_data": [ - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows Server 2012 R2 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012" - }, - { - "version_value": "Windows Server 2012 (Server Core installation)" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows Server 2012 R2" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027.NET Framework Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0606." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0606.json b/2020/0xxx/CVE-2020-0606.json index bc473d36d8d..e2e4457496b 100644 --- a/2020/0xxx/CVE-2020-0606.json +++ b/2020/0xxx/CVE-2020-0606.json @@ -1,678 +1,680 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0606", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": ".NET Core", - "version": { - "version_data": [ - { - "version_value": "3.0" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": ".NET Core", + "version": { + "version_data": [ + { + "version_value": "3.0" + }, + { + "version_value": "3.1" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "1903" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.0", + "version": { + "version_data": [ + { + "version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5.1", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.5.2", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "3.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", - "version": { - "version_data": [ - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows RT 8.1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012" - }, - { - "version_value": "Windows Server 2012 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012 R2" - }, - { - "version_value": "Windows Server 2012 R2 (Server Core installation)" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "1903" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.6", - "version": { - "version_data": [ - { - "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.0", - "version": { - "version_data": [ - { - "version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5", - "version": { - "version_data": [ - { - "version_value": "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows Server 2012" - }, - { - "version_value": "Windows Server 2012 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012 R2" - }, - { - "version_value": "Windows Server 2012 R2 (Server Core installation)" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5.1", - "version": { - "version_data": [ - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.5.2", - "version": { - "version_data": [ - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows RT 8.1" - }, - { - "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012" - }, - { - "version_value": "Windows Server 2012 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012 R2" - }, - { - "version_value": "Windows Server 2012 R2 (Server Core installation)" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027.NET Framework Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0605." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0607.json b/2020/0xxx/CVE-2020-0607.json index a08f3ea45a1..2c90ee96b62 100644 --- a/2020/0xxx/CVE-2020-0607.json +++ b/2020/0xxx/CVE-2020-0607.json @@ -1,231 +1,233 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0607", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \u0027Microsoft Graphics Components Information Disclosure Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0607" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0607", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0607" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0608.json b/2020/0xxx/CVE-2020-0608.json index 6714b05c873..c23723f8ed4 100644 --- a/2020/0xxx/CVE-2020-0608.json +++ b/2020/0xxx/CVE-2020-0608.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0608", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka \u0027Win32k Information Disclosure Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0608" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0608", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0608" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0609.json b/2020/0xxx/CVE-2020-0609.json index 9c35a255e4d..85a07617ff1 100644 --- a/2020/0xxx/CVE-2020-0609.json +++ b/2020/0xxx/CVE-2020-0609.json @@ -1,69 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0609", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2019" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2016" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 R2" + } + ] + } + } + ] }, - { - "version_value": "2016" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 R2" - } - ] + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka \u0027Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0610." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0610." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0609" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0609", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0609" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0610.json b/2020/0xxx/CVE-2020-0610.json index de261b993df..c16910e3035 100644 --- a/2020/0xxx/CVE-2020-0610.json +++ b/2020/0xxx/CVE-2020-0610.json @@ -1,69 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0610", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2019" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2016" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 R2" + } + ] + } + } + ] }, - { - "version_value": "2016" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 R2" - } - ] + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka \u0027Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0609." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0609." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0611.json b/2020/0xxx/CVE-2020-0611.json index 129bc0055ea..05740f9b5c3 100644 --- a/2020/0xxx/CVE-2020-0611.json +++ b/2020/0xxx/CVE-2020-0611.json @@ -1,234 +1,236 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0611", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka \u0027Remote Desktop Client Remote Code Execution Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0611" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0611", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0611" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0612.json b/2020/0xxx/CVE-2020-0612.json index 269a68353d3..903e80c4ff3 100644 --- a/2020/0xxx/CVE-2020-0612.json +++ b/2020/0xxx/CVE-2020-0612.json @@ -1,63 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0612", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2019" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2016" + } + ] + } + } + ] }, - { - "version_value": "2016" - } - ] + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka \u0027Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Denial of Service" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0612" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0612", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0612" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0613.json b/2020/0xxx/CVE-2020-0613.json index d85522ab441..f69ddb2f569 100644 --- a/2020/0xxx/CVE-2020-0613.json +++ b/2020/0xxx/CVE-2020-0613.json @@ -1,213 +1,215 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0613", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0613" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0613", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0613" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0614.json b/2020/0xxx/CVE-2020-0614.json index d7b12894ad9..257d8092db5 100644 --- a/2020/0xxx/CVE-2020-0614.json +++ b/2020/0xxx/CVE-2020-0614.json @@ -1,213 +1,215 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0614", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0614" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0614", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0614" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0615.json b/2020/0xxx/CVE-2020-0615.json index 8b72caf0555..06d1de329e5 100644 --- a/2020/0xxx/CVE-2020-0615.json +++ b/2020/0xxx/CVE-2020-0615.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0615", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka \u0027Windows Common Log File System Driver Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2020-0639." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0639." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0615" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0615", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0615" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0616.json b/2020/0xxx/CVE-2020-0616.json index 2b3f63f4c92..37ea46281d9 100644 --- a/2020/0xxx/CVE-2020-0616.json +++ b/2020/0xxx/CVE-2020-0616.json @@ -1,159 +1,161 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0616", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1809 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A denial of service vulnerability exists when Windows improperly handles hard links, aka \u0027Microsoft Windows Denial of Service Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Denial of Service" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0616" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0616", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0616" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0617.json b/2020/0xxx/CVE-2020-0617.json index ff9dbe3e32a..ce9dc85bf33 100644 --- a/2020/0xxx/CVE-2020-0617.json +++ b/2020/0xxx/CVE-2020-0617.json @@ -1,94 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0617", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for x64-based Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system, aka \u0027Hyper-V Denial of Service Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Denial of Service" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Hyper-V Denial of Service Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0617" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0617", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0617" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0620.json b/2020/0xxx/CVE-2020-0620.json index e3c41d7241e..5d5398d70ec 100644 --- a/2020/0xxx/CVE-2020-0620.json +++ b/2020/0xxx/CVE-2020-0620.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0620", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files, aka \u0027Microsoft Cryptographic Services Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files, aka 'Microsoft Cryptographic Services Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0620" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0620", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0620" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0621.json b/2020/0xxx/CVE-2020-0621.json index 0fe1ef25f2e..59e94306e2b 100644 --- a/2020/0xxx/CVE-2020-0621.json +++ b/2020/0xxx/CVE-2020-0621.json @@ -1,100 +1,102 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0621", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka \u0027Windows Security Feature Bypass Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Security Feature Bypass" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0621" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0621", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0621" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0622.json b/2020/0xxx/CVE-2020-0622.json index d14965fb422..c13d4e576b1 100644 --- a/2020/0xxx/CVE-2020-0622.json +++ b/2020/0xxx/CVE-2020-0622.json @@ -1,103 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0622", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka \u0027Microsoft Graphics Component Information Disclosure Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0622" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0622", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0622" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0623.json b/2020/0xxx/CVE-2020-0623.json index 4096264b45d..dde53039c0a 100644 --- a/2020/0xxx/CVE-2020-0623.json +++ b/2020/0xxx/CVE-2020-0623.json @@ -1,213 +1,215 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0623", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0623" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0623", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0623" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0624.json b/2020/0xxx/CVE-2020-0624.json index c71abe902d8..205395e1e3f 100644 --- a/2020/0xxx/CVE-2020-0624.json +++ b/2020/0xxx/CVE-2020-0624.json @@ -1,130 +1,132 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0624", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0642." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0642." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0624" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0624", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0624" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0625.json b/2020/0xxx/CVE-2020-0625.json index 3402b09982d..48ea7e67d34 100644 --- a/2020/0xxx/CVE-2020-0625.json +++ b/2020/0xxx/CVE-2020-0625.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0625", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0625" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0625", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0625" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0626.json b/2020/0xxx/CVE-2020-0626.json index 2d0f1f60ce1..d07d93d4755 100644 --- a/2020/0xxx/CVE-2020-0626.json +++ b/2020/0xxx/CVE-2020-0626.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0626", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0626" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0626", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0626" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0627.json b/2020/0xxx/CVE-2020-0627.json index 103da5c01e5..486e4824cb2 100644 --- a/2020/0xxx/CVE-2020-0627.json +++ b/2020/0xxx/CVE-2020-0627.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0627", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0627" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0627", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0627" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0628.json b/2020/0xxx/CVE-2020-0628.json index d5514ce112e..5b18cee0837 100644 --- a/2020/0xxx/CVE-2020-0628.json +++ b/2020/0xxx/CVE-2020-0628.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0628", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0628" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0628", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0628" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0629.json b/2020/0xxx/CVE-2020-0629.json index 8630455ad70..455a1fba755 100644 --- a/2020/0xxx/CVE-2020-0629.json +++ b/2020/0xxx/CVE-2020-0629.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0629", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0629" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0629", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0629" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0630.json b/2020/0xxx/CVE-2020-0630.json index bd8c3f772dd..4119f4dbe9b 100644 --- a/2020/0xxx/CVE-2020-0630.json +++ b/2020/0xxx/CVE-2020-0630.json @@ -1,246 +1,248 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0630", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0630" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0630", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0630" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0631.json b/2020/0xxx/CVE-2020-0631.json index 8cfca47ecc3..82390a011b2 100644 --- a/2020/0xxx/CVE-2020-0631.json +++ b/2020/0xxx/CVE-2020-0631.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0631", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0632, CVE-2020-0633." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0632, CVE-2020-0633." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0631" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0631", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0631" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0632.json b/2020/0xxx/CVE-2020-0632.json index 5882497cf87..05d4b538f4b 100644 --- a/2020/0xxx/CVE-2020-0632.json +++ b/2020/0xxx/CVE-2020-0632.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0632", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0633." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0633." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0632" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0632", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0632" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0633.json b/2020/0xxx/CVE-2020-0633.json index 4df7199cf03..a1f09168e80 100644 --- a/2020/0xxx/CVE-2020-0633.json +++ b/2020/0xxx/CVE-2020-0633.json @@ -1,192 +1,194 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0633", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0633" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0633", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0633" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0634.json b/2020/0xxx/CVE-2020-0634.json index 73a2da8dba1..eaf774c60b9 100644 --- a/2020/0xxx/CVE-2020-0634.json +++ b/2020/0xxx/CVE-2020-0634.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0634", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka \u0027Windows Common Log File System Driver Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0634" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0634", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0634" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0635.json b/2020/0xxx/CVE-2020-0635.json index 8a240a01556..792731310c6 100644 --- a/2020/0xxx/CVE-2020-0635.json +++ b/2020/0xxx/CVE-2020-0635.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0635", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0644." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0644." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0635" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0635", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0635" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0636.json b/2020/0xxx/CVE-2020-0636.json index 0c9acee410a..3eae5de864a 100644 --- a/2020/0xxx/CVE-2020-0636.json +++ b/2020/0xxx/CVE-2020-0636.json @@ -1,130 +1,132 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0636", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files, aka \u0027Windows Subsystem for Linux Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0636" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0636", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0636" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0637.json b/2020/0xxx/CVE-2020-0637.json index 0084967a015..519e158d24f 100644 --- a/2020/0xxx/CVE-2020-0637.json +++ b/2020/0xxx/CVE-2020-0637.json @@ -1,87 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0637", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2019" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + } + ] }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information, aka \u0027Remote Desktop Web Access Information Disclosure Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information, aka 'Remote Desktop Web Access Information Disclosure Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0637" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0637", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0637" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0638.json b/2020/0xxx/CVE-2020-0638.json index 23e4511ed1f..1b1d098fbe9 100644 --- a/2020/0xxx/CVE-2020-0638.json +++ b/2020/0xxx/CVE-2020-0638.json @@ -1,180 +1,182 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0638", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1709 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "version 1803 (Core Installation)" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "version 1803 (Core Installation)" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Update Notification Manager Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0639.json b/2020/0xxx/CVE-2020-0639.json index 6e17b9bee65..97efe5b0f26 100644 --- a/2020/0xxx/CVE-2020-0639.json +++ b/2020/0xxx/CVE-2020-0639.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0639", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka \u0027Windows Common Log File System Driver Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2020-0615." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0615." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0639" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0639", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0639" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0640.json b/2020/0xxx/CVE-2020-0640.json index 85ecc623657..f6c50e979bb 100644 --- a/2020/0xxx/CVE-2020-0640.json +++ b/2020/0xxx/CVE-2020-0640.json @@ -1,216 +1,218 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0640", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Internet Explorer 10", - "version": { - "version_data": [ - { - "version_value": "Windows Server 2012" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 10", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2012" + } + ] + } + }, + { + "product_name": "Internet Explorer 9", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows Server 2019" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Internet Explorer 9", - "version": { - "version_data": [ - { - "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] - } - }, - { - "product_name": "Internet Explorer 11", - "version": { - "version_data": [ - { - "version_value": "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "Windows Server 2019" - }, - { - "version_value": "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "Windows 10 for 32-bit Systems" - }, - { - "version_value": "Windows 10 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value": "Windows Server 2016" - }, - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows RT 8.1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2012 R2" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows Server 2012", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \u0027Internet Explorer Memory Corruption Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0640" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0640", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0640" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0641.json b/2020/0xxx/CVE-2020-0641.json index 99c57d04016..aeba39a4740 100644 --- a/2020/0xxx/CVE-2020-0641.json +++ b/2020/0xxx/CVE-2020-0641.json @@ -1,219 +1,221 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0641", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Microsoft Windows Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0641" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0641", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0641" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0642.json b/2020/0xxx/CVE-2020-0642.json index 83a94728816..12e0a5abdb4 100644 --- a/2020/0xxx/CVE-2020-0642.json +++ b/2020/0xxx/CVE-2020-0642.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0642", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0624." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0624." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0642" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0642", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0642" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0643.json b/2020/0xxx/CVE-2020-0643.json index 84963d3a284..6407ebd9ae0 100644 --- a/2020/0xxx/CVE-2020-0643.json +++ b/2020/0xxx/CVE-2020-0643.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0643", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka \u0027Windows GDI+ Information Disclosure Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI+ Information Disclosure Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0643" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0643", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0643" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0644.json b/2020/0xxx/CVE-2020-0644.json index d2e913d6b15..b9af78d4830 100644 --- a/2020/0xxx/CVE-2020-0644.json +++ b/2020/0xxx/CVE-2020-0644.json @@ -1,219 +1,221 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0644", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0635." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0635." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0644" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0644", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0644" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0646.json b/2020/0xxx/CVE-2020-0646.json index fc3fd8d0f03..9556db0f96c 100644 --- a/2020/0xxx/CVE-2020-0646.json +++ b/2020/0xxx/CVE-2020-0646.json @@ -1,675 +1,677 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0646", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", - "version": { - "version_data": [ - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "1903" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.0", + "version": { + "version_data": [ + { + "version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5.1", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.5.2", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows RT 8.1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012" - }, - { - "version_value": "Windows Server 2012 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012 R2" - }, - { - "version_value": "Windows Server 2012 R2 (Server Core installation)" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", - "version": { - "version_data": [ - { - "version_value": "Windows 10 Version 1607 for 32-bit Systems" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "1903" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.6", - "version": { - "version_data": [ - { - "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.0", - "version": { - "version_data": [ - { - "version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5", - "version": { - "version_data": [ - { - "version_value": "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows Server 2012" - }, - { - "version_value": "Windows Server 2012 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012 R2" - }, - { - "version_value": "Windows Server 2012 R2 (Server Core installation)" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5.1", - "version": { - "version_data": [ - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.5.2", - "version": { - "version_data": [ - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows RT 8.1" - }, - { - "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012" - }, - { - "version_value": "Windows Server 2012 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012 R2" - }, - { - "version_value": "Windows Server 2012 R2 (Server Core installation)" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka \u0027.NET Framework Remote Code Execution Injection Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0647.json b/2020/0xxx/CVE-2020-0647.json index 8c3adbfcebd..b574f284ca3 100644 --- a/2020/0xxx/CVE-2020-0647.json +++ b/2020/0xxx/CVE-2020-0647.json @@ -1,60 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0647", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Office Online Server", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Office Online Server", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka \u0027Microsoft Office Online Spoofing Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Spoofing" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Spoofing Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0647" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0647", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0647" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0650.json b/2020/0xxx/CVE-2020-0650.json index 9d2d579db3f..d150b2fe6c1 100644 --- a/2020/0xxx/CVE-2020-0650.json +++ b/2020/0xxx/CVE-2020-0650.json @@ -1,110 +1,112 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0650", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Office", - "version": { - "version_data": [ - { - "version_value": "2019 for 32-bit editions" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + }, + { + "version_value": "2019 for Mac" + }, + { + "version_value": "2016 for Mac" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft Excel", + "version": { + "version_data": [ + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + } + ] + } + } + ] }, - { - "version_value": "2019 for 64-bit editions" - }, - { - "version_value": "2019 for Mac" - }, - { - "version_value": "2016 for Mac" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Office 365 ProPlus", - "version": { - "version_data": [ - { - "version_value": "32-bit Systems" - }, - { - "version_value": "64-bit Systems" - } - ] - } - }, - { - "product_name": "Microsoft Excel", - "version": { - "version_data": [ - { - "version_value": "2016 (32-bit edition)" - }, - { - "version_value": "2016 (64-bit edition)" - }, - { - "version_value": "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value": "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value": "2013 RT Service Pack 1" - }, - { - "version_value": "2013 Service Pack 1 (32-bit editions)" - }, - { - "version_value": "2013 Service Pack 1 (64-bit editions)" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \u0027Microsoft Excel Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0651, CVE-2020-0653." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0651, CVE-2020-0653." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0650" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0650", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0650" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0651.json b/2020/0xxx/CVE-2020-0651.json index 6d4bc32bb5b..6aa37cd14a7 100644 --- a/2020/0xxx/CVE-2020-0651.json +++ b/2020/0xxx/CVE-2020-0651.json @@ -1,110 +1,112 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0651", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Office", - "version": { - "version_data": [ - { - "version_value": "2019 for 32-bit editions" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + }, + { + "version_value": "2019 for Mac" + }, + { + "version_value": "2016 for Mac" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft Excel", + "version": { + "version_data": [ + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + } + ] + } + } + ] }, - { - "version_value": "2019 for 64-bit editions" - }, - { - "version_value": "2019 for Mac" - }, - { - "version_value": "2016 for Mac" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Office 365 ProPlus", - "version": { - "version_data": [ - { - "version_value": "32-bit Systems" - }, - { - "version_value": "64-bit Systems" - } - ] - } - }, - { - "product_name": "Microsoft Excel", - "version": { - "version_data": [ - { - "version_value": "2016 (32-bit edition)" - }, - { - "version_value": "2016 (64-bit edition)" - }, - { - "version_value": "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value": "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value": "2013 RT Service Pack 1" - }, - { - "version_value": "2013 Service Pack 1 (32-bit editions)" - }, - { - "version_value": "2013 Service Pack 1 (64-bit editions)" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \u0027Microsoft Excel Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0650, CVE-2020-0653." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE-2020-0653." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0651" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0651", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0651" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0652.json b/2020/0xxx/CVE-2020-0652.json index 7dc533b1a2a..e1bf5e2f457 100644 --- a/2020/0xxx/CVE-2020-0652.json +++ b/2020/0xxx/CVE-2020-0652.json @@ -1,97 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0652", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Office", - "version": { - "version_data": [ - { - "version_value": "2019 for 32-bit editions" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + }, + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + } + ] }, - { - "version_value": "2019 for 64-bit editions" - }, - { - "version_value": "2016 (32-bit edition)" - }, - { - "version_value": "2016 (64-bit edition)" - }, - { - "version_value": "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value": "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value": "2013 RT Service Pack 1" - }, - { - "version_value": "2013 Service Pack 1 (32-bit editions)" - }, - { - "version_value": "2013 Service Pack 1 (64-bit editions)" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Office 365 ProPlus", - "version": { - "version_data": [ - { - "version_value": "32-bit Systems" - }, - { - "version_value": "64-bit Systems" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka \u0027Microsoft Office Memory Corruption Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Memory Corruption Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0652" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0652", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0652" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0653.json b/2020/0xxx/CVE-2020-0653.json index 46ec5c20cd7..3dddb60d10c 100644 --- a/2020/0xxx/CVE-2020-0653.json +++ b/2020/0xxx/CVE-2020-0653.json @@ -1,63 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0653", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Office 365 ProPlus", - "version": { - "version_data": [ - { - "version_value": "32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + } + ] }, - { - "version_value": "64-bit Systems" - } - ] + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \u0027Microsoft Excel Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0650, CVE-2020-0651." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE-2020-0651." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0653" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0653", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0653" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0654.json b/2020/0xxx/CVE-2020-0654.json index ae70112fcaf..40b5b82b0d5 100644 --- a/2020/0xxx/CVE-2020-0654.json +++ b/2020/0xxx/CVE-2020-0654.json @@ -1,60 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0654", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "One Drive for Android", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "One Drive for Android", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A security feature bypass vulnerability exists in Microsoft OneDrive App for Android.This could allow an attacker to bypass the passcode or fingerprint requirements of the App.The security update addresses the vulnerability by correcting the way Microsoft OneDrive App for Android handles sharing links., aka \u0027Microsoft OneDrive for Android Security Feature Bypass Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Security Feature Bypass" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Microsoft OneDrive App for Android.This could allow an attacker to bypass the passcode or fingerprint requirements of the App.The security update addresses the vulnerability by correcting the way Microsoft OneDrive App for Android handles sharing links., aka 'Microsoft OneDrive for Android Security Feature Bypass Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0654" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0654", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0654" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0656.json b/2020/0xxx/CVE-2020-0656.json index f58d85a9d0b..ed6a392a91e 100644 --- a/2020/0xxx/CVE-2020-0656.json +++ b/2020/0xxx/CVE-2020-0656.json @@ -1,60 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0656", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Dynamics 365 Field Service (on-premises) v7 series", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dynamics 365 Field Service (on-premises) v7 series", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka \u0027Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Spoofing" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0656" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0656", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0656" + } + ] + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5501.json b/2020/5xxx/CVE-2020-5501.json index 9ff5572b9e5..ba331e22b0c 100644 --- a/2020/5xxx/CVE-2020-5501.json +++ b/2020/5xxx/CVE-2020-5501.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5501", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5501", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "phpBB 3.2.8 allows a CSRF attack that can modify a group avatar." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.phpbb.com/category/security/", + "refsource": "MISC", + "name": "https://blog.phpbb.com/category/security/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.phpbb.com/community/viewtopic.php?f=14&t=2534536", + "url": "https://www.phpbb.com/community/viewtopic.php?f=14&t=2534536" } ] } diff --git a/2020/5xxx/CVE-2020-5502.json b/2020/5xxx/CVE-2020-5502.json index dbdee4f2fce..f84a3f3ce22 100644 --- a/2020/5xxx/CVE-2020-5502.json +++ b/2020/5xxx/CVE-2020-5502.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5502", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5502", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.phpbb.com/category/security/", + "refsource": "MISC", + "name": "https://blog.phpbb.com/category/security/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.phpbb.com/community/viewtopic.php?f=14&t=2534536", + "url": "https://www.phpbb.com/community/viewtopic.php?f=14&t=2534536" } ] } From 9729f00712889cde812d9799cfe78c037a625769 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 01:01:18 +0000 Subject: [PATCH 073/387] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17149.json | 34 +++++++++++++++++----------------- 2019/17xxx/CVE-2019-17150.json | 34 +++++++++++++++++----------------- 2019/19xxx/CVE-2019-19950.json | 5 +++++ 2019/19xxx/CVE-2019-19951.json | 5 +++++ 2019/19xxx/CVE-2019-19953.json | 5 +++++ 5 files changed, 49 insertions(+), 34 deletions(-) diff --git a/2019/17xxx/CVE-2019-17149.json b/2019/17xxx/CVE-2019-17149.json index 6e9ab4422f3..ac112497e1f 100644 --- a/2019/17xxx/CVE-2019-17149.json +++ b/2019/17xxx/CVE-2019-17149.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-17149", - "STATE": "REJECT" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was accidentally assigned. Notes: All CVE users should ignore this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17149", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was accidentally assigned. Notes: All CVE users should ignore this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17150.json b/2019/17xxx/CVE-2019-17150.json index b4214f051b1..230006cbaf3 100644 --- a/2019/17xxx/CVE-2019-17150.json +++ b/2019/17xxx/CVE-2019-17150.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-17150", - "STATE": "REJECT" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was accidentally assigned. Notes: All CVE users should ignore this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17150", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was accidentally assigned. Notes: All CVE users should ignore this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19950.json b/2019/19xxx/CVE-2019-19950.json index c94d6ec5dca..ca6d688e24e 100644 --- a/2019/19xxx/CVE-2019-19950.json +++ b/2019/19xxx/CVE-2019-19950.json @@ -61,6 +61,11 @@ "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4", "refsource": "MISC", "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0055", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html" } ] } diff --git a/2019/19xxx/CVE-2019-19951.json b/2019/19xxx/CVE-2019-19951.json index cea299b4b63..17f790d679c 100644 --- a/2019/19xxx/CVE-2019-19951.json +++ b/2019/19xxx/CVE-2019-19951.json @@ -61,6 +61,11 @@ "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d", "refsource": "MISC", "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0055", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html" } ] } diff --git a/2019/19xxx/CVE-2019-19953.json b/2019/19xxx/CVE-2019-19953.json index 8956aa05be7..2f269b7d62f 100644 --- a/2019/19xxx/CVE-2019-19953.json +++ b/2019/19xxx/CVE-2019-19953.json @@ -61,6 +61,11 @@ "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf", "refsource": "MISC", "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0055", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html" } ] } From 47d678bbb61d01d84a00cffb067f8b11af16ec75 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 02:01:08 +0000 Subject: [PATCH 074/387] "-Synchronized-Data." --- 2018/10xxx/CVE-2018-10536.json | 5 +++ 2018/10xxx/CVE-2018-10537.json | 5 +++ 2018/10xxx/CVE-2018-10538.json | 5 +++ 2018/10xxx/CVE-2018-10539.json | 5 +++ 2018/10xxx/CVE-2018-10540.json | 5 +++ 2018/19xxx/CVE-2018-19840.json | 5 +++ 2018/19xxx/CVE-2018-19841.json | 5 +++ 2019/1010xxx/CVE-2019-1010315.json | 5 +++ 2019/1010xxx/CVE-2019-1010317.json | 5 +++ 2019/1010xxx/CVE-2019-1010319.json | 5 +++ 2019/11xxx/CVE-2019-11498.json | 5 +++ 2019/2xxx/CVE-2019-2224.json | 50 ++---------------------------- 12 files changed, 58 insertions(+), 47 deletions(-) diff --git a/2018/10xxx/CVE-2018-10536.json b/2018/10xxx/CVE-2018-10536.json index b19df5ad4df..ddd82862126 100644 --- a/2018/10xxx/CVE-2018-10536.json +++ b/2018/10xxx/CVE-2018-10536.json @@ -96,6 +96,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e55567b6be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2018/10xxx/CVE-2018-10537.json b/2018/10xxx/CVE-2018-10537.json index a680c0809df..c6c081575e9 100644 --- a/2018/10xxx/CVE-2018-10537.json +++ b/2018/10xxx/CVE-2018-10537.json @@ -96,6 +96,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e55567b6be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2018/10xxx/CVE-2018-10538.json b/2018/10xxx/CVE-2018-10538.json index dc920c566b6..5d0c9eb1c6c 100644 --- a/2018/10xxx/CVE-2018-10538.json +++ b/2018/10xxx/CVE-2018-10538.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e55567b6be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2018/10xxx/CVE-2018-10539.json b/2018/10xxx/CVE-2018-10539.json index 92693e011d9..b3fb4862d7c 100644 --- a/2018/10xxx/CVE-2018-10539.json +++ b/2018/10xxx/CVE-2018-10539.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e55567b6be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2018/10xxx/CVE-2018-10540.json b/2018/10xxx/CVE-2018-10540.json index 36f15a5d659..3247a872fb4 100644 --- a/2018/10xxx/CVE-2018-10540.json +++ b/2018/10xxx/CVE-2018-10540.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e55567b6be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2018/19xxx/CVE-2018-19840.json b/2018/19xxx/CVE-2018-19840.json index 048dd44056b..dcea1123d2e 100644 --- a/2018/19xxx/CVE-2018-19840.json +++ b/2018/19xxx/CVE-2018-19840.json @@ -101,6 +101,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e55567b6be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2018/19xxx/CVE-2018-19841.json b/2018/19xxx/CVE-2018-19841.json index b031d298b84..8532e9f5581 100644 --- a/2018/19xxx/CVE-2018-19841.json +++ b/2018/19xxx/CVE-2018-19841.json @@ -101,6 +101,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e55567b6be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2019/1010xxx/CVE-2019-1010315.json b/2019/1010xxx/CVE-2019-1010315.json index c87522730d5..60eff5a15cd 100644 --- a/2019/1010xxx/CVE-2019-1010315.json +++ b/2019/1010xxx/CVE-2019-1010315.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e55567b6be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2019/1010xxx/CVE-2019-1010317.json b/2019/1010xxx/CVE-2019-1010317.json index 4d24ed94b21..8f4f0f48dfb 100644 --- a/2019/1010xxx/CVE-2019-1010317.json +++ b/2019/1010xxx/CVE-2019-1010317.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e55567b6be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2019/1010xxx/CVE-2019-1010319.json b/2019/1010xxx/CVE-2019-1010319.json index 97cacaa781b..c90c0d01662 100644 --- a/2019/1010xxx/CVE-2019-1010319.json +++ b/2019/1010xxx/CVE-2019-1010319.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e55567b6be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2019/11xxx/CVE-2019-11498.json b/2019/11xxx/CVE-2019-11498.json index 656d51788a2..4a37fb2e938 100644 --- a/2019/11xxx/CVE-2019-11498.json +++ b/2019/11xxx/CVE-2019-11498.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e55567b6be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2019/2xxx/CVE-2019-2224.json b/2019/2xxx/CVE-2019-2224.json index 93d5fe0fbe5..818e1cb2723 100644 --- a/2019/2xxx/CVE-2019-2224.json +++ b/2019/2xxx/CVE-2019-2224.json @@ -4,58 +4,14 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-2224", - "ASSIGNER": "security@android.com", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "Android", - "version": { - "version_data": [ - { - "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote code execution" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/2019-12-01", - "url": "https://source.android.com/security/bulletin/2019-12-01" - } - ] + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "In ReadMATImage of mat.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process when loading a MATLAB image file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140328986" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-15140. Reason: This candidate is a duplicate of CVE-2019-15140. Notes: All CVE users should reference CVE-2019-15140 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } From c635c14a862c7a4f27a8dbeca2c3826ea047e1dd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 05:01:09 +0000 Subject: [PATCH 075/387] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20330.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/20xxx/CVE-2019-20330.json b/2019/20xxx/CVE-2019-20330.json index 108b3767c97..c4935447fb7 100644 --- a/2019/20xxx/CVE-2019-20330.json +++ b/2019/20xxx/CVE-2019-20330.json @@ -61,6 +61,11 @@ "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2", "refsource": "MISC", "name": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200114 [GitHub] [druid] ccaominh opened a new pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1", + "url": "https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b@%3Ccommits.druid.apache.org%3E" } ] } From 8e7cbf078a539436d32a1eb3f7765573793be4cb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 06:01:06 +0000 Subject: [PATCH 076/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7058.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7058.json diff --git a/2020/7xxx/CVE-2020-7058.json b/2020/7xxx/CVE-2020-7058.json new file mode 100644 index 00000000000..7e47797b66e --- /dev/null +++ b/2020/7xxx/CVE-2020-7058.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7058", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 6e77e49f83cd5bf5ffed54ed601d8e0b1c83dd26 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 07:01:16 +0000 Subject: [PATCH 077/387] "-Synchronized-Data." --- 2019/16xxx/CVE-2019-16775.json | 5 +++ 2019/16xxx/CVE-2019-16776.json | 5 +++ 2019/16xxx/CVE-2019-16777.json | 5 +++ 2019/18xxx/CVE-2019-18388.json | 5 +++ 2019/18xxx/CVE-2019-18389.json | 5 +++ 2019/18xxx/CVE-2019-18390.json | 5 +++ 2019/18xxx/CVE-2019-18391.json | 5 +++ 2019/20xxx/CVE-2019-20330.json | 10 ++++++ 2020/7xxx/CVE-2020-7058.json | 56 ++++++++++++++++++++++++++++++---- 9 files changed, 95 insertions(+), 6 deletions(-) diff --git a/2019/16xxx/CVE-2019-16775.json b/2019/16xxx/CVE-2019-16775.json index 9c6cbe414b6..7be6ea0f859 100644 --- a/2019/16xxx/CVE-2019-16775.json +++ b/2019/16xxx/CVE-2019-16775.json @@ -80,6 +80,11 @@ "name": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", "refsource": "MISC", "url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0059", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" } ] }, diff --git a/2019/16xxx/CVE-2019-16776.json b/2019/16xxx/CVE-2019-16776.json index 7ed553dca88..6a76e8aea24 100644 --- a/2019/16xxx/CVE-2019-16776.json +++ b/2019/16xxx/CVE-2019-16776.json @@ -80,6 +80,11 @@ "name": "https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46", "refsource": "CONFIRM", "url": "https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0059", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" } ] }, diff --git a/2019/16xxx/CVE-2019-16777.json b/2019/16xxx/CVE-2019-16777.json index 22c6e705297..ef131daecfc 100644 --- a/2019/16xxx/CVE-2019-16777.json +++ b/2019/16xxx/CVE-2019-16777.json @@ -80,6 +80,11 @@ "name": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr", "refsource": "CONFIRM", "url": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0059", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" } ] }, diff --git a/2019/18xxx/CVE-2019-18388.json b/2019/18xxx/CVE-2019-18388.json index 81fffab49c1..341fe6c0e64 100644 --- a/2019/18xxx/CVE-2019-18388.json +++ b/2019/18xxx/CVE-2019-18388.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1765578", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765578" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0058", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html" } ] } diff --git a/2019/18xxx/CVE-2019-18389.json b/2019/18xxx/CVE-2019-18389.json index abbeb037faf..50284dbc167 100644 --- a/2019/18xxx/CVE-2019-18389.json +++ b/2019/18xxx/CVE-2019-18389.json @@ -71,6 +71,11 @@ "refsource": "REDHAT", "name": "Red Hat", "url": "https://access.redhat.com/security/cve/cve-2019-18389" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0058", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html" } ] } diff --git a/2019/18xxx/CVE-2019-18390.json b/2019/18xxx/CVE-2019-18390.json index 971ff6cc29d..99ce0e188f9 100644 --- a/2019/18xxx/CVE-2019-18390.json +++ b/2019/18xxx/CVE-2019-18390.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1765584", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765584" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0058", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html" } ] } diff --git a/2019/18xxx/CVE-2019-18391.json b/2019/18xxx/CVE-2019-18391.json index 47d56e25864..b45bc581846 100644 --- a/2019/18xxx/CVE-2019-18391.json +++ b/2019/18xxx/CVE-2019-18391.json @@ -71,6 +71,11 @@ "refsource": "REDHAT", "name": "Red Hat", "url": "https://access.redhat.com/security/cve/cve-2019-18391" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0058", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html" } ] } diff --git a/2019/20xxx/CVE-2019-20330.json b/2019/20xxx/CVE-2019-20330.json index c4935447fb7..fa7647c0dc7 100644 --- a/2019/20xxx/CVE-2019-20330.json +++ b/2019/20xxx/CVE-2019-20330.json @@ -66,6 +66,16 @@ "refsource": "MLIST", "name": "[druid-commits] 20200114 [GitHub] [druid] ccaominh opened a new pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1", "url": "https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200115 [GitHub] [druid] clintropolis merged pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1", + "url": "https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200115 [GitHub] [druid] ccaominh opened a new pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)", + "url": "https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3@%3Ccommits.druid.apache.org%3E" } ] } diff --git a/2020/7xxx/CVE-2020-7058.json b/2020/7xxx/CVE-2020-7058.json index 7e47797b66e..febc642ac5a 100644 --- a/2020/7xxx/CVE-2020-7058.json +++ b/2020/7xxx/CVE-2020-7058.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7058", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7058", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated \"This is a false alarm.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Cacti/cacti/issues/3186", + "refsource": "MISC", + "name": "https://github.com/Cacti/cacti/issues/3186" } ] } From 14caa1490e6087bf0501c607ddbb0441abba5daa Mon Sep 17 00:00:00 2001 From: Omar Gani Date: Wed, 15 Jan 2020 09:31:53 +0100 Subject: [PATCH 078/387] Juniper 2020-01-08 CVE publication, For more information see https://advisory.juniper.net --- 2020/1xxx/CVE-2020-1600.json | 2 +- 2020/1xxx/CVE-2020-1601.json | 2 +- 2020/1xxx/CVE-2020-1602.json | 2 +- 2020/1xxx/CVE-2020-1603.json | 2 +- 2020/1xxx/CVE-2020-1604.json | 2 +- 2020/1xxx/CVE-2020-1605.json | 2 +- 2020/1xxx/CVE-2020-1606.json | 2 +- 2020/1xxx/CVE-2020-1607.json | 2 +- 2020/1xxx/CVE-2020-1608.json | 2 +- 2020/1xxx/CVE-2020-1609.json | 2 +- 2020/1xxx/CVE-2020-1611.json | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/2020/1xxx/CVE-2020-1600.json b/2020/1xxx/CVE-2020-1600.json index 019c1294b7d..88dd78e5cea 100644 --- a/2020/1xxx/CVE-2020-1600.json +++ b/2020/1xxx/CVE-2020-1600.json @@ -3,7 +3,7 @@ "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", "ID": "CVE-2020-1600", - "STATE": "READY", + "STATE": "PUBLIC", "TITLE": "Junos OS: A specific SNMP command can trigger a high CPU usage Denial of Service in the RPD daemon." }, "affects": { diff --git a/2020/1xxx/CVE-2020-1601.json b/2020/1xxx/CVE-2020-1601.json index 01e663a1da5..36f0b48d48e 100644 --- a/2020/1xxx/CVE-2020-1601.json +++ b/2020/1xxx/CVE-2020-1601.json @@ -3,7 +3,7 @@ "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", "ID": "CVE-2020-1601", - "STATE": "READY", + "STATE": "PUBLIC", "TITLE": "Junos OS: Upon receipt of certain types of malformed PCEP packets the pccd process may crash." }, "affects": { diff --git a/2020/1xxx/CVE-2020-1602.json b/2020/1xxx/CVE-2020-1602.json index c0c36db0d7c..104e790454d 100644 --- a/2020/1xxx/CVE-2020-1602.json +++ b/2020/1xxx/CVE-2020-1602.json @@ -3,7 +3,7 @@ "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", "ID": "CVE-2020-1602", - "STATE": "READY", + "STATE": "PUBLIC", "TITLE": "Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets may take over the code execution of the JDHCPD process." }, "affects": { diff --git a/2020/1xxx/CVE-2020-1603.json b/2020/1xxx/CVE-2020-1603.json index daff4a35159..5fe9feb1b12 100644 --- a/2020/1xxx/CVE-2020-1603.json +++ b/2020/1xxx/CVE-2020-1603.json @@ -3,7 +3,7 @@ "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", "ID": "CVE-2020-1603", - "STATE": "READY", + "STATE": "PUBLIC", "TITLE": "Junos OS: Improper handling of specific IPv6 packets sent by clients eventually kernel crash (vmcore) the device." }, "affects": { diff --git a/2020/1xxx/CVE-2020-1604.json b/2020/1xxx/CVE-2020-1604.json index 63e7a85eb7e..d7b5b7cf3d6 100644 --- a/2020/1xxx/CVE-2020-1604.json +++ b/2020/1xxx/CVE-2020-1604.json @@ -3,7 +3,7 @@ "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", "ID": "CVE-2020-1604", - "STATE": "READY", + "STATE": "PUBLIC", "TITLE": "Junos OS: EX4300/EX4600/QFX3500/QFX5100 Series: Stateless IP firewall filter may fail to evaluate certain packets" }, "affects": { diff --git a/2020/1xxx/CVE-2020-1605.json b/2020/1xxx/CVE-2020-1605.json index ac3f0d67431..03c52c093f4 100644 --- a/2020/1xxx/CVE-2020-1605.json +++ b/2020/1xxx/CVE-2020-1605.json @@ -3,7 +3,7 @@ "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", "ID": "CVE-2020-1605", - "STATE": "READY", + "STATE": "PUBLIC", "TITLE": "Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets and arbitrarily execute commands on the target device." }, "affects": { diff --git a/2020/1xxx/CVE-2020-1606.json b/2020/1xxx/CVE-2020-1606.json index 3d98da22a27..966451e75b1 100644 --- a/2020/1xxx/CVE-2020-1606.json +++ b/2020/1xxx/CVE-2020-1606.json @@ -3,7 +3,7 @@ "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", "ID": "CVE-2020-1606", - "STATE": "READY", + "STATE": "PUBLIC", "TITLE": "Junos OS: Path traversal vulnerability in J-Web" }, "affects": { diff --git a/2020/1xxx/CVE-2020-1607.json b/2020/1xxx/CVE-2020-1607.json index e53e7d7e842..c72bc491062 100644 --- a/2020/1xxx/CVE-2020-1607.json +++ b/2020/1xxx/CVE-2020-1607.json @@ -3,7 +3,7 @@ "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", "ID": "CVE-2020-1607", - "STATE": "READY", + "STATE": "PUBLIC", "TITLE": "Junos OS: Cross-Site Scripting (XSS) in J-Web" }, "affects": { diff --git a/2020/1xxx/CVE-2020-1608.json b/2020/1xxx/CVE-2020-1608.json index 01276107a2e..6233162bc0c 100644 --- a/2020/1xxx/CVE-2020-1608.json +++ b/2020/1xxx/CVE-2020-1608.json @@ -3,7 +3,7 @@ "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", "ID": "CVE-2020-1608", - "STATE": "READY", + "STATE": "PUBLIC", "TITLE": "Junos OS: MX Series: In BBE configurations, receipt of a specific MPLS or IPv6 packet causes a Denial of Service" }, "affects": { diff --git a/2020/1xxx/CVE-2020-1609.json b/2020/1xxx/CVE-2020-1609.json index f5541906000..566259a2dd5 100644 --- a/2020/1xxx/CVE-2020-1609.json +++ b/2020/1xxx/CVE-2020-1609.json @@ -3,7 +3,7 @@ "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", "ID": "CVE-2020-1609", - "STATE": "READY", + "STATE": "PUBLIC", "TITLE": "Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv6 packets and arbitrarily execute commands on the target device." }, "affects": { diff --git a/2020/1xxx/CVE-2020-1611.json b/2020/1xxx/CVE-2020-1611.json index 771db91e487..e850044347f 100644 --- a/2020/1xxx/CVE-2020-1611.json +++ b/2020/1xxx/CVE-2020-1611.json @@ -3,7 +3,7 @@ "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", "ID": "CVE-2020-1611", - "STATE": "READY", + "STATE": "PUBLIC", "TITLE": "Junos Space: Malicious HTTP packets sent to Junos Space allow an attacker to view all files on the device." }, "affects": { From 8a71b1a0fd8ad658ff2133881e866f03b43b878f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 09:01:17 +0000 Subject: [PATCH 079/387] "-Synchronized-Data." --- 2020/1xxx/CVE-2020-1600.json | 2 +- 2020/1xxx/CVE-2020-1601.json | 2 +- 2020/1xxx/CVE-2020-1602.json | 2 +- 2020/1xxx/CVE-2020-1603.json | 2 +- 2020/1xxx/CVE-2020-1604.json | 2 +- 2020/1xxx/CVE-2020-1605.json | 2 +- 2020/1xxx/CVE-2020-1606.json | 2 +- 2020/1xxx/CVE-2020-1607.json | 2 +- 2020/1xxx/CVE-2020-1608.json | 2 +- 2020/1xxx/CVE-2020-1609.json | 2 +- 2020/1xxx/CVE-2020-1611.json | 10 ++++++---- 11 files changed, 16 insertions(+), 14 deletions(-) diff --git a/2020/1xxx/CVE-2020-1600.json b/2020/1xxx/CVE-2020-1600.json index 88dd78e5cea..7ad65982bd9 100644 --- a/2020/1xxx/CVE-2020-1600.json +++ b/2020/1xxx/CVE-2020-1600.json @@ -124,7 +124,7 @@ "description_data": [ { "lang": "eng", - "value": "In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition.\n\nThis issue affects both SNMP over IPv4 and IPv6. \n\nThis issue affects:\nJuniper Networks Junos OS:\n12.3X48 versions prior to 12.3X48-D90;\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D238, 15.1X53-D592; \n16.1 versions prior to 16.1R7-S5;\n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R3-S1;\n17.2 versions prior to 17.2R3-S2;\n17.3 versions prior to 17.3R3-S7;\n17.4 versions prior to 17.4R2-S4, 17.4R3;\n18.1 versions prior to 18.1R3-S5;\n18.2 versions prior to 18.2R3;\n18.2X75 versions prior to 18.2X75-D50;\n18.3 versions prior to 18.3R2;\n18.4 versions prior to 18.4R2;\n19.1 versions prior to 19.1R2.\n" + "value": "In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition. This issue affects both SNMP over IPv4 and IPv6. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D90; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D238, 15.1X53-D592; 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R3-S2; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2." } ] }, diff --git a/2020/1xxx/CVE-2020-1601.json b/2020/1xxx/CVE-2020-1601.json index 36f0b48d48e..f89962b6557 100644 --- a/2020/1xxx/CVE-2020-1601.json +++ b/2020/1xxx/CVE-2020-1601.json @@ -115,7 +115,7 @@ "description_data": [ { "lang": "eng", - "value": "Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS).\n\nContinued receipt of this family of malformed PCEP packets will cause an extended Denial of Service (DoS) condition.\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1F6-S13, 15.1R7-S4;\n15.1X49 versions prior to 15.1X49-D180 on SRX Series;\n15.1X53 versions prior to 15.1X53-D238, 15.1X53-D496, 15.1X53-D592; \n16.1 versions prior to 16.1R7-S4;\n16.2 versions prior to 16.2R2-S9;\n17.1 versions prior to 17.1R2-S11, 17.1R3;\n17.2 versions prior to 17.2R1-S9;\n17.2 version 17.2R2 and later prior to 17.2R3-S2;\n17.3 versions prior to 17.3R3-S3;\n17.4 versions prior to 17.4R2-S2, 17.4R3;\n18.1 versions prior to 18.1R3-S2;\n18.2 versions prior to 18.2R2-S6, 18.2R3;\n18.2X75 versions prior to 18.2X75-D40;\n18.3 versions prior to 18.3R2;\n18.4 versions prior to 18.4R1-S2, 18.4R2.\n\nThis issue does not affect releases of Junos OS prior to 15.1R1. \n" + "value": "Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS). Continued receipt of this family of malformed PCEP packets will cause an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S13, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238, 15.1X53-D496, 15.1X53-D592; 16.1 versions prior to 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R2-S11, 17.1R3; 17.2 versions prior to 17.2R1-S9; 17.2 version 17.2R2 and later prior to 17.2R3-S2; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R3-S2; 18.2 versions prior to 18.2R2-S6, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. This issue does not affect releases of Junos OS prior to 15.1R1." } ] }, diff --git a/2020/1xxx/CVE-2020-1602.json b/2020/1xxx/CVE-2020-1602.json index 104e790454d..fa48e4bd4c7 100644 --- a/2020/1xxx/CVE-2020-1602.json +++ b/2020/1xxx/CVE-2020-1602.json @@ -142,7 +142,7 @@ "description_data": [ { "lang": "eng", - "value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. \n\nThis issue affect IPv4 JDHCPD services. \n\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D592;\n16.1 versions prior to 16.1R7-S6;\n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R2-S8, 17.2R3-S3;\n17.3 versions prior to 17.3R3-S6;\n17.4 versions prior to 17.4R2-S7, 17.4R3;\n18.1 versions prior to 18.1R3-S8;\n18.2 versions prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D60;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S3, 19.2R2*.\n \nand\n\nAll versions prior to 19.3R1 on Junos OS Evolved.\n\nThis issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.\n" + "value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. This issue affect IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode." } ] }, diff --git a/2020/1xxx/CVE-2020-1603.json b/2020/1xxx/CVE-2020-1603.json index 5fe9feb1b12..578bf614bff 100644 --- a/2020/1xxx/CVE-2020-1603.json +++ b/2020/1xxx/CVE-2020-1603.json @@ -109,7 +109,7 @@ "description_data": [ { "lang": "eng", - "value": "Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. These IPv6 packets are designed to be blocked by the RE from egressing the RE. Instead, the RE allows these specific IPv6 packets to egress the RE, at which point a mbuf memory leak occurs within the Juniper Networks Junos OS device. This memory leak eventually leads to a kernel crash (vmcore), or the device hanging and requiring a power cycle to restore service, creating a Denial of Service (DoS) condition. \n\nDuring the time where mbufs are rising, yet not fully filled, some traffic from client devices may begin to be black holed. To be black holed, this traffic must match the condition where this traffic must be processed by the RE. \nContinued receipt and attempted egress of these specific IPv6 packets from the Routing Engine (RE) will create an extended Denial of Service (DoS) condition. \n\nScenarios which have been observed are: \n1. In a single chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario the device needs to be power cycled.\n2. In a single chassis, dual RE scenario, the device master RE will fail over to the backup RE. In this scenario, the master and the backup REs need to be reset from time to time when they vmcore. There is no need to power cycle the device.\n3. In a dual chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario, the two chassis' design relies upon some type of network level redundancy - VRRP, GRES, NSR, etc. - \n3.a In a commanded switchover, where nonstop active routing (NSR) is enabled no session loss is observed.\n4. In a dual chassis, dual chassis scenario, rely upon the RE to RE failover as stated in the second scenario. In the unlikely event that the device does not switch RE to RE gracefully, then the fallback position is to the network level services scenario in the third scenario.\n\n \n \n\n\n\n\n\nThis issue affects:\nJuniper Networks Junos OS\n16.1 versions prior to 16.1R7-S6;\n16.1 version 16.1X70-D10 and later; \n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3;\n17.3 versions prior to 17.3R3-S6;\n17.4 versions prior to 17.4R2-S9, 17.4R3;\n18.1 versions prior to 18.1R3-S7;\n18.2 versions prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D50, 18.2X75-D410;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3;\n18.4 versions prior to 18.4R1-S6, 18.4R2-S2, 18.4R3;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S2, 19.2R2.\n\nThis issue does not affect releases prior to Junos OS 16.1R1.\n" + "value": "Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. These IPv6 packets are designed to be blocked by the RE from egressing the RE. Instead, the RE allows these specific IPv6 packets to egress the RE, at which point a mbuf memory leak occurs within the Juniper Networks Junos OS device. This memory leak eventually leads to a kernel crash (vmcore), or the device hanging and requiring a power cycle to restore service, creating a Denial of Service (DoS) condition. During the time where mbufs are rising, yet not fully filled, some traffic from client devices may begin to be black holed. To be black holed, this traffic must match the condition where this traffic must be processed by the RE. Continued receipt and attempted egress of these specific IPv6 packets from the Routing Engine (RE) will create an extended Denial of Service (DoS) condition. Scenarios which have been observed are: 1. In a single chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario the device needs to be power cycled. 2. In a single chassis, dual RE scenario, the device master RE will fail over to the backup RE. In this scenario, the master and the backup REs need to be reset from time to time when they vmcore. There is no need to power cycle the device. 3. In a dual chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario, the two chassis' design relies upon some type of network level redundancy - VRRP, GRES, NSR, etc. - 3.a In a commanded switchover, where nonstop active routing (NSR) is enabled no session loss is observed. 4. In a dual chassis, dual chassis scenario, rely upon the RE to RE failover as stated in the second scenario. In the unlikely event that the device does not switch RE to RE gracefully, then the fallback position is to the network level services scenario in the third scenario. This issue affects: Juniper Networks Junos OS 16.1 versions prior to 16.1R7-S6; 16.1 version 16.1X70-D10 and later; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D50, 18.2X75-D410; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S6, 18.4R2-S2, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2. This issue does not affect releases prior to Junos OS 16.1R1." } ] }, diff --git a/2020/1xxx/CVE-2020-1604.json b/2020/1xxx/CVE-2020-1604.json index d7b5b7cf3d6..2e8a7e4bb09 100644 --- a/2020/1xxx/CVE-2020-1604.json +++ b/2020/1xxx/CVE-2020-1604.json @@ -105,7 +105,7 @@ "description_data": [ { "lang": "eng", - "value": "On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail.\n\nThis issue only affects firewall filter evaluation of certain packets destined to the device Routing Engine (RE).\nThis issue does not affect the Layer 2 firewall filter evaluation nor does it affect the Layer 3 firewall filter evaluation destined to connected hosts.\n\nThis issue may occur when evaluating both IPv4 or IPv6 packets.\nThis issue affects Juniper Networks Junos OS:\n14.1X53 versions prior to 14.1X53-D12 on QFX5100 Series and EX4600 Series;\n14.1X53 versions prior to 14.1X53-D52 on QFX3500 Series;\n14.1X53 versions prior to 14.1X53-D48 on EX4300 Series;\n15.1 versions prior to 15.1R7-S3 on EX4300 Series;\n16.1 versions prior to 16.1R7 on EX4300 Series;\n17.1 versions prior to 17.1R3 on EX4300 Series;\n17.2 versions prior to 17.2R3 on EX4300 Series;\n17.3 versions prior to 17.3R2-S5, 17.3R3 on EX4300 Series;\n17.4 versions prior to 17.4R2 on EX4300 Series;\n18.1 versions prior to 18.1R3 on EX4300 Series;\n18.2 versions prior to 18.2R2 on EX4300 Series." + "value": "On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail. This issue only affects firewall filter evaluation of certain packets destined to the device Routing Engine (RE). This issue does not affect the Layer 2 firewall filter evaluation nor does it affect the Layer 3 firewall filter evaluation destined to connected hosts. This issue may occur when evaluating both IPv4 or IPv6 packets. This issue affects Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D12 on QFX5100 Series and EX4600 Series; 14.1X53 versions prior to 14.1X53-D52 on QFX3500 Series; 14.1X53 versions prior to 14.1X53-D48 on EX4300 Series; 15.1 versions prior to 15.1R7-S3 on EX4300 Series; 16.1 versions prior to 16.1R7 on EX4300 Series; 17.1 versions prior to 17.1R3 on EX4300 Series; 17.2 versions prior to 17.2R3 on EX4300 Series; 17.3 versions prior to 17.3R2-S5, 17.3R3 on EX4300 Series; 17.4 versions prior to 17.4R2 on EX4300 Series; 18.1 versions prior to 18.1R3 on EX4300 Series; 18.2 versions prior to 18.2R2 on EX4300 Series." } ] }, diff --git a/2020/1xxx/CVE-2020-1605.json b/2020/1xxx/CVE-2020-1605.json index 03c52c093f4..0d1187137d9 100644 --- a/2020/1xxx/CVE-2020-1605.json +++ b/2020/1xxx/CVE-2020-1605.json @@ -142,7 +142,7 @@ "description_data": [ { "lang": "eng", - "value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device.\n\nThis issue affects IPv4 JDHCPD services. \n\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D592;\n16.1 versions prior to 16.1R7-S6;\n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R2-S8, 17.2R3-S3;\n17.3 versions prior to 17.3R3-S6;\n17.4 versions prior to 17.4R2-S7, 17.4R3;\n18.1 versions prior to 18.1R3-S8;\n18.2 versions prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D60;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S3, 19.2R2*.\n \nand\n\nAll versions prior to 19.3R1 on Junos OS Evolved.\n\nThis issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.\n" + "value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device. This issue affects IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode." } ] }, diff --git a/2020/1xxx/CVE-2020-1606.json b/2020/1xxx/CVE-2020-1606.json index 966451e75b1..dc11cf9b162 100644 --- a/2020/1xxx/CVE-2020-1606.json +++ b/2020/1xxx/CVE-2020-1606.json @@ -144,7 +144,7 @@ "description_data": [ { "lang": "eng", - "value": "A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission.\nThis issue does not affect system files that can be accessed only by root user.\n\nThis issue affects Juniper Networks Junos OS:\n12.3 versions prior to 12.3R12-S13;\n12.3X48 versions prior to 12.3X48-D85 on SRX Series;\n14.1X53 versions prior to 14.1X53-D51;\n15.1F6 versions prior to 15.1F6-S13;\n15.1 versions prior to 15.1R7-S5;\n15.1X49 versions prior to 15.1X49-D180 on SRX Series;\n15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series;\n16.1 versions prior to 16.1R4-S13, 16.1R7-S5;\n16.2 versions prior to 16.2R2-S10;\n17.1 versions prior to 17.1R3-S1;\n17.2 versions prior to 17.2R1-S9, 17.2R3-S2;\n17.3 versions prior to 17.3R2-S5, 17.3R3-S5;\n17.4 versions prior to 17.4R2-S9, 17.4R3;\n18.1 versions prior to 18.1R3-S8;\n18.2 versions prior to 18.2R3;\n18.3 versions prior to 18.3R2-S3, 18.3R3;\n18.4 versions prior to 18.4R2;\n19.1 versions prior to 19.1R1-S4, 19.1R2." + "value": "A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. This issue does not affect system files that can be accessed only by root user. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1F6 versions prior to 15.1F6-S13; 15.1 versions prior to 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S2; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2." } ] }, diff --git a/2020/1xxx/CVE-2020-1607.json b/2020/1xxx/CVE-2020-1607.json index c72bc491062..3a216eba21d 100644 --- a/2020/1xxx/CVE-2020-1607.json +++ b/2020/1xxx/CVE-2020-1607.json @@ -150,7 +150,7 @@ "description_data": [ { "lang": "eng", - "value": "Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. \n\n\nThis issue affects Juniper Networks Junos OS\n12.3 versions prior to 12.3R12-S15;\n12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90 on SRX Series;\n14.1X53 versions prior to 14.1X53-D51 on EX and QFX Series;\n15.1F6 versions prior to 15.1F6-S13;\n15.1 versions prior to 15.1R7-S5;\n15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 on SRX Series;\n15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series;\n15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400 Series;\n16.1 versions prior to 16.1R4-S13, 16.1R7-S5;\n16.2 versions prior to 16.2R2-S10;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R1-S9, 17.2R3-S2;\n17.3 versions prior to 17.3R2-S5, 17.3R3-S5;\n17.4 versions prior to 17.4R2-S6, 17.4R3;\n18.1 versions prior to 18.1R3-S7;\n18.2 versions prior to 18.2R2-S5, 18.2R3;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S1, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R2;\n19.1 versions prior to 19.1R1-S2, 19.1R2." + "value": "Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90 on SRX Series; 14.1X53 versions prior to 14.1X53-D51 on EX and QFX Series; 15.1F6 versions prior to 15.1F6-S13; 15.1 versions prior to 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400 Series; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S2; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S5, 18.2R3; 18.3 versions prior to 18.3R1-S6, 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2; 19.1 versions prior to 19.1R1-S2, 19.1R2." } ] }, diff --git a/2020/1xxx/CVE-2020-1608.json b/2020/1xxx/CVE-2020-1608.json index 6233162bc0c..750dfff45a2 100644 --- a/2020/1xxx/CVE-2020-1608.json +++ b/2020/1xxx/CVE-2020-1608.json @@ -128,7 +128,7 @@ "description_data": [ { "lang": "eng", - "value": "Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot.\n\nThe issue is specific to the processing of packets destined to BBE clients connected to MX Series subscriber management platforms.\n\n\nThis issue affects MX Series running Juniper Networks Junos OS:\n17.2 versions starting from17.2R2-S6, 17.2R3 and later releases, prior to 17.2R3-S3;\n17.3 versions starting from 17.3R2-S4, 17.3R3-S2 and later releases, prior to 17.3R2-S5, 17.3R3-S5;\n17.4 versions starting from 17.4R2 and later releases, prior to 17.4R2-S7,17.4R3;\n18.1 versions starting from 18.1R2-S3, 18.1R3 and later releases, prior to 18.1R3-S6;\n18.2 versions starting from18.2R1-S1, 18.2R2 and later releases, prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D51, 18.2X75-D60;\n18.3 versions prior to 18.3R3;\n18.4 versions prior to 18.4R2;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S2, 19.2R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 17.2R2-S6." + "value": "Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot. The issue is specific to the processing of packets destined to BBE clients connected to MX Series subscriber management platforms. This issue affects MX Series running Juniper Networks Junos OS: 17.2 versions starting from17.2R2-S6, 17.2R3 and later releases, prior to 17.2R3-S3; 17.3 versions starting from 17.3R2-S4, 17.3R3-S2 and later releases, prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions starting from 17.4R2 and later releases, prior to 17.4R2-S7,17.4R3; 18.1 versions starting from 18.1R2-S3, 18.1R3 and later releases, prior to 18.1R3-S6; 18.2 versions starting from18.2R1-S1, 18.2R2 and later releases, prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D51, 18.2X75-D60; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R2-S6." } ] }, diff --git a/2020/1xxx/CVE-2020-1609.json b/2020/1xxx/CVE-2020-1609.json index 566259a2dd5..be313e95e1b 100644 --- a/2020/1xxx/CVE-2020-1609.json +++ b/2020/1xxx/CVE-2020-1609.json @@ -142,7 +142,7 @@ "description_data": [ { "lang": "eng", - "value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device.\n\nThis issue affects IPv6 JDHCPD services. \n\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D592;\n16.1 versions prior to 16.1R7-S6;\n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R2-S8, 17.2R3-S3;\n17.3 versions prior to 17.3R3-S6;\n17.4 versions prior to 17.4R2-S7, 17.4R3;\n18.1 versions prior to 18.1R3-S8;\n18.2 versions prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D60;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S3, 19.2R2*.\n \nand\n\nAll versions prior to 19.3R1 on Junos OS Evolved.\n\nThis issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.\n" + "value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device. This issue affects IPv6 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode." } ] }, diff --git a/2020/1xxx/CVE-2020-1611.json b/2020/1xxx/CVE-2020-1611.json index e850044347f..63da0a3a0be 100644 --- a/2020/1xxx/CVE-2020-1611.json +++ b/2020/1xxx/CVE-2020-1611.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets.\nThis issue affects:\nJuniper Networks Junos Space\nversions prior to 19.4R1." + "value": "A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1." } ] }, @@ -75,12 +75,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://kb.juniper.net/JSA10993" + "refsource": "MISC", + "url": "https://kb.juniper.net/JSA10993", + "name": "https://kb.juniper.net/JSA10993" }, { "refsource": "MISC", - "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449224" + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449224", + "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449224" } ] }, From 2bef0e149f58142a9fb74f38e93d97b4fd92bdd9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 11:01:07 +0000 Subject: [PATCH 080/387] "-Synchronized-Data." --- 2017/5xxx/CVE-2017-5030.json | 5 +++++ 2019/0xxx/CVE-2019-0639.json | 5 +++++ 2019/16xxx/CVE-2019-16943.json | 5 +++++ 2019/17xxx/CVE-2019-17267.json | 5 +++++ 2019/17xxx/CVE-2019-17531.json | 5 +++++ 2019/20xxx/CVE-2019-20330.json | 10 ++++++++++ 2020/0xxx/CVE-2020-0615.json | 5 +++++ 2020/0xxx/CVE-2020-0616.json | 5 +++++ 2020/0xxx/CVE-2020-0634.json | 5 +++++ 2020/0xxx/CVE-2020-0652.json | 5 +++++ 10 files changed, 55 insertions(+) diff --git a/2017/5xxx/CVE-2017-5030.json b/2017/5xxx/CVE-2017-5030.json index 4e09c423448..9a628cbbc4a 100644 --- a/2017/5xxx/CVE-2017-5030.json +++ b/2017/5xxx/CVE-2017-5030.json @@ -81,6 +81,11 @@ "name": "RHSA-2017:0499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-126/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-126/" } ] } diff --git a/2019/0xxx/CVE-2019-0639.json b/2019/0xxx/CVE-2019-0639.json index 1d10c57ac8e..a346b6cca8c 100644 --- a/2019/0xxx/CVE-2019-0639.json +++ b/2019/0xxx/CVE-2019-0639.json @@ -84,6 +84,11 @@ "refsource": "CONFIRM", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0639", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0639" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-122/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-122/" } ] } diff --git a/2019/16xxx/CVE-2019-16943.json b/2019/16xxx/CVE-2019-16943.json index 19e5773e680..e2ac8d98588 100644 --- a/2019/16xxx/CVE-2019-16943.json +++ b/2019/16xxx/CVE-2019-16943.json @@ -116,6 +116,11 @@ "refsource": "MLIST", "name": "[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)", "url": "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", + "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" } ] } diff --git a/2019/17xxx/CVE-2019-17267.json b/2019/17xxx/CVE-2019-17267.json index 3193bde5b3f..9b2bb8dd81c 100644 --- a/2019/17xxx/CVE-2019-17267.json +++ b/2019/17xxx/CVE-2019-17267.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", + "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" } ] } diff --git a/2019/17xxx/CVE-2019-17531.json b/2019/17xxx/CVE-2019-17531.json index 53774035636..bcb2431f683 100644 --- a/2019/17xxx/CVE-2019-17531.json +++ b/2019/17xxx/CVE-2019-17531.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", + "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" } ] } diff --git a/2019/20xxx/CVE-2019-20330.json b/2019/20xxx/CVE-2019-20330.json index fa7647c0dc7..b58459f1bb6 100644 --- a/2019/20xxx/CVE-2019-20330.json +++ b/2019/20xxx/CVE-2019-20330.json @@ -76,6 +76,16 @@ "refsource": "MLIST", "name": "[druid-commits] 20200115 [GitHub] [druid] ccaominh opened a new pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)", "url": "https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200115 [GitHub] [druid] clintropolis merged pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)", + "url": "https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", + "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" } ] } diff --git a/2020/0xxx/CVE-2020-0615.json b/2020/0xxx/CVE-2020-0615.json index 06d1de329e5..a29994a6666 100644 --- a/2020/0xxx/CVE-2020-0615.json +++ b/2020/0xxx/CVE-2020-0615.json @@ -245,6 +245,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0615", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0615" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-123/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-123/" } ] } diff --git a/2020/0xxx/CVE-2020-0616.json b/2020/0xxx/CVE-2020-0616.json index 37ea46281d9..0f2ae9d89a7 100644 --- a/2020/0xxx/CVE-2020-0616.json +++ b/2020/0xxx/CVE-2020-0616.json @@ -155,6 +155,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0616", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0616" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-124/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-124/" } ] } diff --git a/2020/0xxx/CVE-2020-0634.json b/2020/0xxx/CVE-2020-0634.json index eaf774c60b9..69c06a1d5f4 100644 --- a/2020/0xxx/CVE-2020-0634.json +++ b/2020/0xxx/CVE-2020-0634.json @@ -245,6 +245,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0634", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0634" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-125/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-125/" } ] } diff --git a/2020/0xxx/CVE-2020-0652.json b/2020/0xxx/CVE-2020-0652.json index e1bf5e2f457..3a3e350f9e4 100644 --- a/2020/0xxx/CVE-2020-0652.json +++ b/2020/0xxx/CVE-2020-0652.json @@ -93,6 +93,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0652", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0652" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-127/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-127/" } ] } From 73f92aa2cdc357495f278501587859d69e87cccd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 13:01:19 +0000 Subject: [PATCH 081/387] "-Synchronized-Data." --- 2012/0xxx/CVE-2012-0334.json | 55 +++++++++++++++++++++++++-- 2012/0xxx/CVE-2012-0945.json | 50 ++++++++++++++++++++++-- 2012/1xxx/CVE-2012-1562.json | 64 +++++++++++++++++++++++++++++-- 2012/1xxx/CVE-2012-1563.json | 69 ++++++++++++++++++++++++++++++++-- 2018/11xxx/CVE-2018-11805.json | 5 +++ 2018/5xxx/CVE-2018-5391.json | 5 +++ 2019/12xxx/CVE-2019-12420.json | 5 +++ 2019/14xxx/CVE-2019-14835.json | 5 +++ 2019/5xxx/CVE-2019-5489.json | 5 +++ 9 files changed, 251 insertions(+), 12 deletions(-) diff --git a/2012/0xxx/CVE-2012-0334.json b/2012/0xxx/CVE-2012-0334.json index caa8c86e85e..98b51630872 100644 --- a/2012/0xxx/CVE-2012-0334.json +++ b/2012/0xxx/CVE-2012-0334.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2012-0334", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "IronPort Web Security Appliance AsyncOS", + "version": { + "version_data": [ + { + "version_value": "prior to 7.5" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/52981", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/52981" + }, + { + "refsource": "CONFIRM", + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-0334", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-0334" } ] } diff --git a/2012/0xxx/CVE-2012-0945.json b/2012/0xxx/CVE-2012-0945.json index a63387efb18..b422b1e8f81 100644 --- a/2012/0xxx/CVE-2012-0945.json +++ b/2012/0xxx/CVE-2012-0945.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@ubuntu.com", "ID": "CVE-2012-0945", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "whoopsie-daisy", + "product": { + "product_data": [ + { + "product_name": "whoopsie-daisy", + "version": { + "version_data": [ + { + "version_value": "< 0.1.26" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "whoopsie-daisy before 0.1.26: Root user can remove arbitrary files" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "incorrect access control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.launchpad.net/ubuntu/+source/whoopsie-daisy/+bug/973687", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/ubuntu/+source/whoopsie-daisy/+bug/973687" } ] } diff --git a/2012/1xxx/CVE-2012-1562.json b/2012/1xxx/CVE-2012-1562.json index e98d62bc081..ac7ad9803db 100644 --- a/2012/1xxx/CVE-2012-1562.json +++ b/2012/1xxx/CVE-2012-1562.json @@ -1,8 +1,40 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1562", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla!", + "product": { + "product_data": [ + { + "product_name": "Joomla! core", + "version": { + "version_data": [ + { + "version_value": "2.5.2" + }, + { + "version_value": "2.5.1" + }, + { + "version_value": "2.5.0" + }, + { + "version_value": "and all 1.7.x and 1.6.x versions" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +43,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Joomla! core before 2.5.3 allows unauthorized password change." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/03/19/11", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/03/19/11" + }, + { + "refsource": "MISC", + "name": "https://developer.joomla.org/security/news/394-20120304-core-password-change.html", + "url": "https://developer.joomla.org/security/news/394-20120304-core-password-change.html" } ] } diff --git a/2012/1xxx/CVE-2012-1563.json b/2012/1xxx/CVE-2012-1563.json index 978993543d9..1830cbd2e74 100644 --- a/2012/1xxx/CVE-2012-1563.json +++ b/2012/1xxx/CVE-2012-1563.json @@ -1,8 +1,40 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1563", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla!", + "product": { + "product_data": [ + { + "product_name": "Joomla!", + "version": { + "version_data": [ + { + "version_value": "2.5.2" + }, + { + "version_value": "2.5.1" + }, + { + "version_value": "2.5.0" + }, + { + "version_value": "and all 1.7.x and 1.6.x releases" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +43,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Joomla! before 2.5.3 allows Admin Account Creation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Admin Account Creation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/03/19/11", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/03/19/11" + }, + { + "url": "https://www.exploit-db.com/exploits/41156/", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/41156/" + }, + { + "refsource": "MISC", + "name": "https://developer.joomla.org/security/news/395-20120303-core-privilege-escalation.html", + "url": "https://developer.joomla.org/security/news/395-20120303-core-privilege-escalation.html" } ] } diff --git a/2018/11xxx/CVE-2018-11805.json b/2018/11xxx/CVE-2018-11805.json index 52f981827d7..dbb02a75ee2 100644 --- a/2018/11xxx/CVE-2018-11805.json +++ b/2018/11xxx/CVE-2018-11805.json @@ -118,6 +118,11 @@ "refsource": "UBUNTU", "name": "USN-4237-1", "url": "https://usn.ubuntu.com/4237-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4237-2", + "url": "https://usn.ubuntu.com/4237-2/" } ] }, diff --git a/2018/5xxx/CVE-2018-5391.json b/2018/5xxx/CVE-2018-5391.json index 012c524e5cc..694fc020dcd 100644 --- a/2018/5xxx/CVE-2018-5391.json +++ b/2018/5xxx/CVE-2018-5391.json @@ -225,6 +225,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K74374841?utm_source=f5support&utm_medium=RSS", "url": "https://support.f5.com/csp/article/K74374841?utm_source=f5support&utm_medium=RSS" + }, + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en" } ] }, diff --git a/2019/12xxx/CVE-2019-12420.json b/2019/12xxx/CVE-2019-12420.json index ae1b9794fdd..c6ec24141ac 100644 --- a/2019/12xxx/CVE-2019-12420.json +++ b/2019/12xxx/CVE-2019-12420.json @@ -98,6 +98,11 @@ "refsource": "UBUNTU", "name": "USN-4237-1", "url": "https://usn.ubuntu.com/4237-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4237-2", + "url": "https://usn.ubuntu.com/4237-2/" } ] }, diff --git a/2019/14xxx/CVE-2019-14835.json b/2019/14xxx/CVE-2019-14835.json index 2529a04bbed..c0471de6e3c 100644 --- a/2019/14xxx/CVE-2019-14835.json +++ b/2019/14xxx/CVE-2019-14835.json @@ -238,6 +238,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en" } ] }, diff --git a/2019/5xxx/CVE-2019-5489.json b/2019/5xxx/CVE-2019-5489.json index 6f9f6768002..8ba04731c6e 100644 --- a/2019/5xxx/CVE-2019-5489.json +++ b/2019/5xxx/CVE-2019-5489.json @@ -196,6 +196,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4255", "url": "https://access.redhat.com/errata/RHSA-2019:4255" + }, + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en" } ] } From 57fb1e2bb052b781db7b147e0251511b81b46d71 Mon Sep 17 00:00:00 2001 From: Daniel Beck Date: Wed, 15 Jan 2020 12:22:19 +0100 Subject: [PATCH 082/387] Add Jenkins 2020-01-15 CVEs --- 2020/2xxx/CVE-2020-2090.json | 64 ++++++++++++++++++++++++++++++++---- 2020/2xxx/CVE-2020-2091.json | 64 ++++++++++++++++++++++++++++++++---- 2020/2xxx/CVE-2020-2092.json | 56 +++++++++++++++++++++++++++---- 2020/2xxx/CVE-2020-2093.json | 56 +++++++++++++++++++++++++++---- 2020/2xxx/CVE-2020-2094.json | 56 +++++++++++++++++++++++++++---- 2020/2xxx/CVE-2020-2095.json | 56 +++++++++++++++++++++++++++---- 2020/2xxx/CVE-2020-2096.json | 60 +++++++++++++++++++++++++++++---- 2020/2xxx/CVE-2020-2097.json | 60 +++++++++++++++++++++++++++++---- 2020/2xxx/CVE-2020-2098.json | 60 +++++++++++++++++++++++++++++---- 9 files changed, 478 insertions(+), 54 deletions(-) diff --git a/2020/2xxx/CVE-2020-2090.json b/2020/2xxx/CVE-2020-2090.json index 1a7a63e5eef..b46a20e7ca7 100644 --- a/2020/2xxx/CVE-2020-2090.json +++ b/2020/2xxx/CVE-2020-2090.json @@ -1,17 +1,69 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2090", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Amazon EC2 Plugin", + "version": { + "version_data": [ + { + "version_value": "1.47", + "version_affected": "<=" + }, + { + "version_value": "1.46.2", + "version_affected": "!>=" + }, + { + "version_value": "1.42.2", + "version_affected": "!>=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1004", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1004", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2091.json b/2020/2xxx/CVE-2020-2091.json index 7a6cecb4f94..c3a69fa9eab 100644 --- a/2020/2xxx/CVE-2020-2091.json +++ b/2020/2xxx/CVE-2020-2091.json @@ -1,17 +1,69 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2091", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Amazon EC2 Plugin", + "version": { + "version_data": [ + { + "version_value": "1.47", + "version_affected": "<=" + }, + { + "version_value": "1.46.2", + "version_affected": "!>=" + }, + { + "version_value": "1.42.2", + "version_affected": "!>=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1004", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1004", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2092.json b/2020/2xxx/CVE-2020-2092.json index dc31aedad18..1436ea9e6a9 100644 --- a/2020/2xxx/CVE-2020-2092.json +++ b/2020/2xxx/CVE-2020-2092.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2092", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Robot Framework Plugin", + "version": { + "version_data": [ + { + "version_value": "2.0.0", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611: Improper Restriction of XML External Entity Reference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1698", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1698", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2093.json b/2020/2xxx/CVE-2020-2093.json index 908bf591fa0..32539b16c52 100644 --- a/2020/2xxx/CVE-2020-2093.json +++ b/2020/2xxx/CVE-2020-2093.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2093", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Health Advisor by CloudBees Plugin", + "version": { + "version_data": [ + { + "version_value": "3.0", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2094.json b/2020/2xxx/CVE-2020-2094.json index 847889b070b..5d5d1844469 100644 --- a/2020/2xxx/CVE-2020-2094.json +++ b/2020/2xxx/CVE-2020-2094.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2094", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Health Advisor by CloudBees Plugin", + "version": { + "version_data": [ + { + "version_value": "3.0", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2095.json b/2020/2xxx/CVE-2020-2095.json index 251591afcf5..f6483c38edc 100644 --- a/2020/2xxx/CVE-2020-2095.json +++ b/2020/2xxx/CVE-2020-2095.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2095", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Redgate SQL Change Automation Plugin", + "version": { + "version_data": [ + { + "version_value": "2.0.4", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1696", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1696", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2096.json b/2020/2xxx/CVE-2020-2096.json index e5549d9802d..c54ba253746 100644 --- a/2020/2xxx/CVE-2020-2096.json +++ b/2020/2xxx/CVE-2020-2096.json @@ -1,17 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2096", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Gitlab Hook Plugin", + "version": { + "version_data": [ + { + "version_value": "1.4.2", + "version_affected": "<=" + }, + { + "version_value": "1.4.2", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2097.json b/2020/2xxx/CVE-2020-2097.json index b9318a6946b..bc2458f3fa5 100644 --- a/2020/2xxx/CVE-2020-2097.json +++ b/2020/2xxx/CVE-2020-2097.json @@ -1,17 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2097", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Sounds Plugin", + "version": { + "version_data": [ + { + "version_value": "0.5", + "version_affected": "<=" + }, + { + "version_value": "0.5", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2098.json b/2020/2xxx/CVE-2020-2098.json index e5aef641c51..080ff86be33 100644 --- a/2020/2xxx/CVE-2020-2098.json +++ b/2020/2xxx/CVE-2020-2098.json @@ -1,17 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2098", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Sounds Plugin", + "version": { + "version_data": [ + { + "version_value": "0.5", + "version_affected": "<=" + }, + { + "version_value": "0.5", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0.5 and earlier allows attacker to execute arbitrary OS commands as the OS user account running Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", + "refsource": "CONFIRM" } ] } From fb9e7191e3a87688b25d459a1ef6c04b86969f2d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 14:01:09 +0000 Subject: [PATCH 083/387] "-Synchronized-Data." --- 2011/4xxx/CVE-2011-4336.json | 55 ++++++++++++++++++++++++++++++++-- 2011/4xxx/CVE-2011-4907.json | 55 ++++++++++++++++++++++++++++++++-- 2012/0xxx/CVE-2012-0070.json | 55 ++++++++++++++++++++++++++++++++-- 2012/1xxx/CVE-2012-1316.json | 55 ++++++++++++++++++++++++++++++++-- 2012/1xxx/CVE-2012-1326.json | 55 ++++++++++++++++++++++++++++++++-- 2019/18xxx/CVE-2019-18466.json | 5 ++++ 6 files changed, 265 insertions(+), 15 deletions(-) diff --git a/2011/4xxx/CVE-2011-4336.json b/2011/4xxx/CVE-2011-4336.json index abd13941973..6312992aa42 100644 --- a/2011/4xxx/CVE-2011-4336.json +++ b/2011/4xxx/CVE-2011-4336.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4336", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tiki", + "product": { + "product_data": [ + { + "product_name": "Wiki CMS Groupware", + "version": { + "version_data": [ + { + "version_value": "7.0" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tiki Wiki CMS Groupware 7.0 has XSS via the GET \"ajax\" parameter to snarf_ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://seclists.org/bugtraq/2011/Nov/140", + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2011/Nov/140" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/48806/info", + "url": "https://www.securityfocus.com/bid/48806/info" } ] } diff --git a/2011/4xxx/CVE-2011-4907.json b/2011/4xxx/CVE-2011-4907.json index cd2de561355..73eb47dce58 100644 --- a/2011/4xxx/CVE-2011-4907.json +++ b/2011/4xxx/CVE-2011-4907.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4907", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla!", + "product": { + "product_data": [ + { + "product_name": "Joomla!", + "version": { + "version_data": [ + { + "version_value": "1.5x through 1.5.12" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Joomla! 1.5x through 1.5.12: Missing JEXEC Check" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/12/25/7", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/12/25/7" + }, + { + "refsource": "MISC", + "name": "https://developer.joomla.org/security/news/301-20090722-core-file-upload.html", + "url": "https://developer.joomla.org/security/news/301-20090722-core-file-upload.html" } ] } diff --git a/2012/0xxx/CVE-2012-0070.json b/2012/0xxx/CVE-2012-0070.json index efbf3cf83c2..f78d746639b 100644 --- a/2012/0xxx/CVE-2012-0070.json +++ b/2012/0xxx/CVE-2012-0070.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-0070", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "spamdyke", + "product": { + "product_data": [ + { + "product_name": "spamdyke", + "version": { + "version_data": [ + { + "version_value": "prior to 4.2.1" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "spamdyke prior to 4.2.1: STARTTLS reveals plaintext" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/01/20/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/01/20/7" + }, + { + "refsource": "MISC", + "name": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0070", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0070" } ] } diff --git a/2012/1xxx/CVE-2012-1316.json b/2012/1xxx/CVE-2012-1316.json index 89dc7803b73..6aba384b68a 100644 --- a/2012/1xxx/CVE-2012-1316.json +++ b/2012/1xxx/CVE-2012-1316.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2012-1316", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "IronPort Web Security Appliance", + "version": { + "version_data": [ + { + "version_value": "through at least 2012-04-11" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/52981", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/52981" + }, + { + "refsource": "MISC", + "name": "https://www.secureworks.com/research/transitive-trust", + "url": "https://www.secureworks.com/research/transitive-trust" } ] } diff --git a/2012/1xxx/CVE-2012-1326.json b/2012/1xxx/CVE-2012-1326.json index 1ab53c52dc9..3bf83ea2cbe 100644 --- a/2012/1xxx/CVE-2012-1326.json +++ b/2012/1xxx/CVE-2012-1326.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2012-1326", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "IronPort Web Security Appliance", + "version": { + "version_data": [ + { + "version_value": "<= 7.5" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/52981", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/52981" + }, + { + "refsource": "CONFIRM", + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-1326", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-1326" } ] } diff --git a/2019/18xxx/CVE-2019-18466.json b/2019/18xxx/CVE-2019-18466.json index ae8c034adb6..a85dfda775a 100644 --- a/2019/18xxx/CVE-2019-18466.json +++ b/2019/18xxx/CVE-2019-18466.json @@ -71,6 +71,11 @@ "url": "https://github.com/containers/libpod/compare/v1.5.1...v1.6.0", "refsource": "MISC", "name": "https://github.com/containers/libpod/compare/v1.5.1...v1.6.0" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:4269", + "url": "https://access.redhat.com/errata/RHSA-2019:4269" } ] } From 0971b2b58cc3da920f555e60a9bd81e3ce8280b3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 15:01:05 +0000 Subject: [PATCH 084/387] "-Synchronized-Data." --- 2015/1xxx/CVE-2015-1850.json | 14 ++++---- 2015/7xxx/CVE-2015-7556.json | 55 +++++++++++++++++++++++++++-- 2015/8xxx/CVE-2015-8549.json | 63 ++++++++++++++++++++++++++++++++-- 2019/11xxx/CVE-2019-11281.json | 5 +++ 2020/7xxx/CVE-2020-7053.json | 5 +++ 2020/7xxx/CVE-2020-7059.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7060.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7061.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7062.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7063.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7064.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7065.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7066.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7067.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7068.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7069.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7070.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7071.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7072.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7073.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7074.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7075.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7076.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7077.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7078.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7079.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7080.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7081.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7082.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7083.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7084.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7085.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7086.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7087.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7088.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7089.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7090.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7091.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7092.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7093.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7094.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7095.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7096.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7097.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7098.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7099.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7100.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7101.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7102.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7103.json | 18 ++++++++++ 50 files changed, 940 insertions(+), 12 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7059.json create mode 100644 2020/7xxx/CVE-2020-7060.json create mode 100644 2020/7xxx/CVE-2020-7061.json create mode 100644 2020/7xxx/CVE-2020-7062.json create mode 100644 2020/7xxx/CVE-2020-7063.json create mode 100644 2020/7xxx/CVE-2020-7064.json create mode 100644 2020/7xxx/CVE-2020-7065.json create mode 100644 2020/7xxx/CVE-2020-7066.json create mode 100644 2020/7xxx/CVE-2020-7067.json create mode 100644 2020/7xxx/CVE-2020-7068.json create mode 100644 2020/7xxx/CVE-2020-7069.json create mode 100644 2020/7xxx/CVE-2020-7070.json create mode 100644 2020/7xxx/CVE-2020-7071.json create mode 100644 2020/7xxx/CVE-2020-7072.json create mode 100644 2020/7xxx/CVE-2020-7073.json create mode 100644 2020/7xxx/CVE-2020-7074.json create mode 100644 2020/7xxx/CVE-2020-7075.json create mode 100644 2020/7xxx/CVE-2020-7076.json create mode 100644 2020/7xxx/CVE-2020-7077.json create mode 100644 2020/7xxx/CVE-2020-7078.json create mode 100644 2020/7xxx/CVE-2020-7079.json create mode 100644 2020/7xxx/CVE-2020-7080.json create mode 100644 2020/7xxx/CVE-2020-7081.json create mode 100644 2020/7xxx/CVE-2020-7082.json create mode 100644 2020/7xxx/CVE-2020-7083.json create mode 100644 2020/7xxx/CVE-2020-7084.json create mode 100644 2020/7xxx/CVE-2020-7085.json create mode 100644 2020/7xxx/CVE-2020-7086.json create mode 100644 2020/7xxx/CVE-2020-7087.json create mode 100644 2020/7xxx/CVE-2020-7088.json create mode 100644 2020/7xxx/CVE-2020-7089.json create mode 100644 2020/7xxx/CVE-2020-7090.json create mode 100644 2020/7xxx/CVE-2020-7091.json create mode 100644 2020/7xxx/CVE-2020-7092.json create mode 100644 2020/7xxx/CVE-2020-7093.json create mode 100644 2020/7xxx/CVE-2020-7094.json create mode 100644 2020/7xxx/CVE-2020-7095.json create mode 100644 2020/7xxx/CVE-2020-7096.json create mode 100644 2020/7xxx/CVE-2020-7097.json create mode 100644 2020/7xxx/CVE-2020-7098.json create mode 100644 2020/7xxx/CVE-2020-7099.json create mode 100644 2020/7xxx/CVE-2020-7100.json create mode 100644 2020/7xxx/CVE-2020-7101.json create mode 100644 2020/7xxx/CVE-2020-7102.json create mode 100644 2020/7xxx/CVE-2020-7103.json diff --git a/2015/1xxx/CVE-2015-1850.json b/2015/1xxx/CVE-2015-1850.json index a4fca09dbd0..66130bcde9b 100644 --- a/2015/1xxx/CVE-2015-1850.json +++ b/2015/1xxx/CVE-2015-1850.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-1850", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-1850", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not an exploitable issue. Notes: none." } ] } diff --git a/2015/7xxx/CVE-2015-7556.json b/2015/7xxx/CVE-2015-7556.json index 05738853ce1..98b9483c265 100644 --- a/2015/7xxx/CVE-2015-7556.json +++ b/2015/7xxx/CVE-2015-7556.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-7556", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "National Institute of Advanced Industrial Science and Technology", + "product": { + "product_data": [ + { + "product_name": "DeleGate", + "version": { + "version_data": [ + { + "version_value": "9.9.13" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.vapidlabs.com/advisory.php?v=159", + "url": "http://www.vapidlabs.com/advisory.php?v=159" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Dec/123", + "url": "http://seclists.org/fulldisclosure/2015/Dec/123" } ] } diff --git a/2015/8xxx/CVE-2015-8549.json b/2015/8xxx/CVE-2015-8549.json index 039102b93d2..073728b91c5 100644 --- a/2015/8xxx/CVE-2015-8549.json +++ b/2015/8xxx/CVE-2015-8549.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8549", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.ocert.org/advisories/ocert-2015-011.html", + "url": "http://www.ocert.org/advisories/ocert-2015-011.html" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/537151/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/537151/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "https://github.com/hydralabs/pyamf/pull/58", + "url": "https://github.com/hydralabs/pyamf/pull/58" + }, + { + "refsource": "MISC", + "name": "https://github.com/hydralabs/pyamf/releases/tag/v0.8.0", + "url": "https://github.com/hydralabs/pyamf/releases/tag/v0.8.0" } ] } diff --git a/2019/11xxx/CVE-2019-11281.json b/2019/11xxx/CVE-2019-11281.json index 9a4c5b92be4..ce2a77276b9 100644 --- a/2019/11xxx/CVE-2019-11281.json +++ b/2019/11xxx/CVE-2019-11281.json @@ -87,6 +87,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-74d2feb5be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0078", + "url": "https://access.redhat.com/errata/RHSA-2020:0078" } ] }, diff --git a/2020/7xxx/CVE-2020-7053.json b/2020/7xxx/CVE-2020-7053.json index 46080b0c092..7803e706c67 100644 --- a/2020/7xxx/CVE-2020-7053.json +++ b/2020/7xxx/CVE-2020-7053.json @@ -66,6 +66,11 @@ "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7dc40713618c884bf07c030d1ab1f47a9dc1f310", "refsource": "MISC", "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7dc40713618c884bf07c030d1ab1f47a9dc1f310" + }, + { + "refsource": "CONFIRM", + "name": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1859522", + "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1859522" } ] } diff --git a/2020/7xxx/CVE-2020-7059.json b/2020/7xxx/CVE-2020-7059.json new file mode 100644 index 00000000000..d69faee854d --- /dev/null +++ b/2020/7xxx/CVE-2020-7059.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7059", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7060.json b/2020/7xxx/CVE-2020-7060.json new file mode 100644 index 00000000000..d4a162e2587 --- /dev/null +++ b/2020/7xxx/CVE-2020-7060.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7060", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7061.json b/2020/7xxx/CVE-2020-7061.json new file mode 100644 index 00000000000..defe4b05d58 --- /dev/null +++ b/2020/7xxx/CVE-2020-7061.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7061", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7062.json b/2020/7xxx/CVE-2020-7062.json new file mode 100644 index 00000000000..0b2c29e0e4d --- /dev/null +++ b/2020/7xxx/CVE-2020-7062.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7062", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7063.json b/2020/7xxx/CVE-2020-7063.json new file mode 100644 index 00000000000..1ffaa480240 --- /dev/null +++ b/2020/7xxx/CVE-2020-7063.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7063", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7064.json b/2020/7xxx/CVE-2020-7064.json new file mode 100644 index 00000000000..5c3d8c3e0b5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7064.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7064", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7065.json b/2020/7xxx/CVE-2020-7065.json new file mode 100644 index 00000000000..10c88d8a84c --- /dev/null +++ b/2020/7xxx/CVE-2020-7065.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7065", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7066.json b/2020/7xxx/CVE-2020-7066.json new file mode 100644 index 00000000000..6a5b31dda5a --- /dev/null +++ b/2020/7xxx/CVE-2020-7066.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7066", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7067.json b/2020/7xxx/CVE-2020-7067.json new file mode 100644 index 00000000000..c4884bbc437 --- /dev/null +++ b/2020/7xxx/CVE-2020-7067.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7067", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7068.json b/2020/7xxx/CVE-2020-7068.json new file mode 100644 index 00000000000..4ea09887121 --- /dev/null +++ b/2020/7xxx/CVE-2020-7068.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7068", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7069.json b/2020/7xxx/CVE-2020-7069.json new file mode 100644 index 00000000000..fc60e4259b3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7069.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7069", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7070.json b/2020/7xxx/CVE-2020-7070.json new file mode 100644 index 00000000000..c1f97d11d8b --- /dev/null +++ b/2020/7xxx/CVE-2020-7070.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7070", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7071.json b/2020/7xxx/CVE-2020-7071.json new file mode 100644 index 00000000000..e584ee1bd52 --- /dev/null +++ b/2020/7xxx/CVE-2020-7071.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7071", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7072.json b/2020/7xxx/CVE-2020-7072.json new file mode 100644 index 00000000000..99f989602e1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7072.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7072", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7073.json b/2020/7xxx/CVE-2020-7073.json new file mode 100644 index 00000000000..d1dc5d96bd4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7073.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7073", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7074.json b/2020/7xxx/CVE-2020-7074.json new file mode 100644 index 00000000000..e4b29e9d4fe --- /dev/null +++ b/2020/7xxx/CVE-2020-7074.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7074", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7075.json b/2020/7xxx/CVE-2020-7075.json new file mode 100644 index 00000000000..9ecb576e0e9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7075.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7075", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7076.json b/2020/7xxx/CVE-2020-7076.json new file mode 100644 index 00000000000..cf446bde3a5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7076.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7076", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7077.json b/2020/7xxx/CVE-2020-7077.json new file mode 100644 index 00000000000..bc538ee73d6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7077.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7077", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7078.json b/2020/7xxx/CVE-2020-7078.json new file mode 100644 index 00000000000..6abf2387022 --- /dev/null +++ b/2020/7xxx/CVE-2020-7078.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7078", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7079.json b/2020/7xxx/CVE-2020-7079.json new file mode 100644 index 00000000000..dcbea65f30b --- /dev/null +++ b/2020/7xxx/CVE-2020-7079.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7079", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7080.json b/2020/7xxx/CVE-2020-7080.json new file mode 100644 index 00000000000..4bbc9323729 --- /dev/null +++ b/2020/7xxx/CVE-2020-7080.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7080", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7081.json b/2020/7xxx/CVE-2020-7081.json new file mode 100644 index 00000000000..af7a871c596 --- /dev/null +++ b/2020/7xxx/CVE-2020-7081.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7081", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7082.json b/2020/7xxx/CVE-2020-7082.json new file mode 100644 index 00000000000..d7260b69fb5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7082.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7082", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7083.json b/2020/7xxx/CVE-2020-7083.json new file mode 100644 index 00000000000..32686fe247a --- /dev/null +++ b/2020/7xxx/CVE-2020-7083.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7083", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7084.json b/2020/7xxx/CVE-2020-7084.json new file mode 100644 index 00000000000..bccf9a467c2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7084.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7084", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7085.json b/2020/7xxx/CVE-2020-7085.json new file mode 100644 index 00000000000..0fff041adc4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7085.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7085", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7086.json b/2020/7xxx/CVE-2020-7086.json new file mode 100644 index 00000000000..174ba247c24 --- /dev/null +++ b/2020/7xxx/CVE-2020-7086.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7086", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7087.json b/2020/7xxx/CVE-2020-7087.json new file mode 100644 index 00000000000..53db4474591 --- /dev/null +++ b/2020/7xxx/CVE-2020-7087.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7087", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7088.json b/2020/7xxx/CVE-2020-7088.json new file mode 100644 index 00000000000..5401ad850b9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7088.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7088", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7089.json b/2020/7xxx/CVE-2020-7089.json new file mode 100644 index 00000000000..80231727dd3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7089.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7089", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7090.json b/2020/7xxx/CVE-2020-7090.json new file mode 100644 index 00000000000..07ace67932f --- /dev/null +++ b/2020/7xxx/CVE-2020-7090.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7090", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7091.json b/2020/7xxx/CVE-2020-7091.json new file mode 100644 index 00000000000..5ab21a6b222 --- /dev/null +++ b/2020/7xxx/CVE-2020-7091.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7091", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7092.json b/2020/7xxx/CVE-2020-7092.json new file mode 100644 index 00000000000..034c95deee5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7092.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7092", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7093.json b/2020/7xxx/CVE-2020-7093.json new file mode 100644 index 00000000000..fafb979aaa4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7093.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7093", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7094.json b/2020/7xxx/CVE-2020-7094.json new file mode 100644 index 00000000000..6e5314b7e91 --- /dev/null +++ b/2020/7xxx/CVE-2020-7094.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7094", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7095.json b/2020/7xxx/CVE-2020-7095.json new file mode 100644 index 00000000000..eb87a89aa8c --- /dev/null +++ b/2020/7xxx/CVE-2020-7095.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7095", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7096.json b/2020/7xxx/CVE-2020-7096.json new file mode 100644 index 00000000000..b02c1ed5a42 --- /dev/null +++ b/2020/7xxx/CVE-2020-7096.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7096", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7097.json b/2020/7xxx/CVE-2020-7097.json new file mode 100644 index 00000000000..ca75d0af2e1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7097.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7097", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7098.json b/2020/7xxx/CVE-2020-7098.json new file mode 100644 index 00000000000..e93580d2a04 --- /dev/null +++ b/2020/7xxx/CVE-2020-7098.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7098", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7099.json b/2020/7xxx/CVE-2020-7099.json new file mode 100644 index 00000000000..027956f04a7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7099.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7099", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7100.json b/2020/7xxx/CVE-2020-7100.json new file mode 100644 index 00000000000..5fc13a1ea27 --- /dev/null +++ b/2020/7xxx/CVE-2020-7100.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7100", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7101.json b/2020/7xxx/CVE-2020-7101.json new file mode 100644 index 00000000000..b50d723b7f7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7101.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7101", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7102.json b/2020/7xxx/CVE-2020-7102.json new file mode 100644 index 00000000000..c1ad57a2bbc --- /dev/null +++ b/2020/7xxx/CVE-2020-7102.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7102", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7103.json b/2020/7xxx/CVE-2020-7103.json new file mode 100644 index 00000000000..806d0eb455e --- /dev/null +++ b/2020/7xxx/CVE-2020-7103.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7103", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From a07f19d30275d5c7e35aca029b4fd7da8037c082 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 16:01:15 +0000 Subject: [PATCH 085/387] "-Synchronized-Data." --- 2015/5xxx/CVE-2015-5466.json | 63 ++++++++++++++++++++++++++++++++-- 2015/5xxx/CVE-2015-5484.json | 58 +++++++++++++++++++++++++++++-- 2015/7xxx/CVE-2015-7874.json | 48 ++++++++++++++++++++++++-- 2018/12xxx/CVE-2018-12417.json | 14 ++++---- 2019/11xxx/CVE-2019-11045.json | 5 +++ 2019/11xxx/CVE-2019-11046.json | 5 +++ 2019/11xxx/CVE-2019-11047.json | 5 +++ 2019/11xxx/CVE-2019-11050.json | 5 +++ 2019/17xxx/CVE-2019-17015.json | 5 +++ 2019/17xxx/CVE-2019-17016.json | 5 +++ 2019/17xxx/CVE-2019-17017.json | 5 +++ 2019/17xxx/CVE-2019-17021.json | 5 +++ 2019/17xxx/CVE-2019-17022.json | 5 +++ 2019/17xxx/CVE-2019-17024.json | 5 +++ 2019/18xxx/CVE-2019-18412.json | 18 ++++++++++ 2019/5xxx/CVE-2019-5108.json | 5 +++ 2020/2xxx/CVE-2020-2090.json | 3 +- 2020/2xxx/CVE-2020-2091.json | 3 +- 2020/2xxx/CVE-2020-2092.json | 3 +- 2020/2xxx/CVE-2020-2093.json | 3 +- 2020/2xxx/CVE-2020-2094.json | 3 +- 2020/2xxx/CVE-2020-2095.json | 3 +- 2020/2xxx/CVE-2020-2096.json | 3 +- 2020/2xxx/CVE-2020-2097.json | 3 +- 2020/2xxx/CVE-2020-2098.json | 3 +- 2020/5xxx/CVE-2020-5180.json | 4 +-- 26 files changed, 263 insertions(+), 24 deletions(-) create mode 100644 2019/18xxx/CVE-2019-18412.json diff --git a/2015/5xxx/CVE-2015-5466.json b/2015/5xxx/CVE-2015-5466.json index 0687f07a3fa..19b4e3c618f 100644 --- a/2015/5xxx/CVE-2015-5466.json +++ b/2015/5xxx/CVE-2015-5466.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5466", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA Driver Manager and VGA Display Manager) 6.14.10.1090 allows local users to gain privileges via a crafted 0x96002404 IOCTL call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/133400/XGI-Windows-VGA-Display-Manager-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/133400/XGI-Windows-VGA-Display-Manager-Privilege-Escalation.html" + }, + { + "refsource": "MISC", + "name": "https://www.korelogic.com/Resources/Advisories/KL-001-2015-004.txt", + "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2015-004.txt" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/536373/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/536373/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Sep/2", + "url": "http://seclists.org/fulldisclosure/2015/Sep/2" } ] } diff --git a/2015/5xxx/CVE-2015-5484.json b/2015/5xxx/CVE-2015-5484.json index 663fc708db3..a4e0c3af8d4 100644 --- a/2015/5xxx/CVE-2015-5484.json +++ b/2015/5xxx/CVE-2015-5484.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5484", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in the Plotly plugin before 1.0.3 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via a post." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.dxw.com/advisories/stored-xss-in-plotly-allows-less-privileged-users-to-insert-arbitrary-javascript-into-posts/", + "url": "https://security.dxw.com/advisories/stored-xss-in-plotly-allows-less-privileged-users-to-insert-arbitrary-javascript-into-posts/" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Jul/68", + "url": "http://seclists.org/fulldisclosure/2015/Jul/68" + }, + { + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-plotly/changelog/", + "url": "https://wordpress.org/plugins/wp-plotly/changelog/" } ] } diff --git a/2015/7xxx/CVE-2015-7874.json b/2015/7xxx/CVE-2015-7874.json index 8fbe98e5f62..1ea5aa70879 100644 --- a/2015/7xxx/CVE-2015-7874.json +++ b/2015/7xxx/CVE-2015-7874.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7874", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow in the chat server in KiTTY Portable 0.65.0.2p and earlier allows remote attackers to execute arbitrary code via a long nickname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/39119/", + "url": "https://www.exploit-db.com/exploits/39119/" } ] } diff --git a/2018/12xxx/CVE-2018-12417.json b/2018/12xxx/CVE-2018-12417.json index ee19b6031c4..5d6dda4566b 100644 --- a/2018/12xxx/CVE-2018-12417.json +++ b/2018/12xxx/CVE-2018-12417.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-12417", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-12417", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2019/11xxx/CVE-2019-11045.json b/2019/11xxx/CVE-2019-11045.json index 1a7183b3848..5e429eade35 100644 --- a/2019/11xxx/CVE-2019-11045.json +++ b/2019/11xxx/CVE-2019-11045.json @@ -115,6 +115,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a54a622670", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4239-1", + "url": "https://usn.ubuntu.com/4239-1/" } ] }, diff --git a/2019/11xxx/CVE-2019-11046.json b/2019/11xxx/CVE-2019-11046.json index bdd8c4d717e..bffdb4abf80 100644 --- a/2019/11xxx/CVE-2019-11046.json +++ b/2019/11xxx/CVE-2019-11046.json @@ -120,6 +120,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K48866433?utm_source=f5support&utm_medium=RSS", "url": "https://support.f5.com/csp/article/K48866433?utm_source=f5support&utm_medium=RSS" + }, + { + "refsource": "UBUNTU", + "name": "USN-4239-1", + "url": "https://usn.ubuntu.com/4239-1/" } ] }, diff --git a/2019/11xxx/CVE-2019-11047.json b/2019/11xxx/CVE-2019-11047.json index 8a5184db238..173f2fa95a6 100644 --- a/2019/11xxx/CVE-2019-11047.json +++ b/2019/11xxx/CVE-2019-11047.json @@ -115,6 +115,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a54a622670", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4239-1", + "url": "https://usn.ubuntu.com/4239-1/" } ] }, diff --git a/2019/11xxx/CVE-2019-11050.json b/2019/11xxx/CVE-2019-11050.json index f3c77212ca5..4909f97cd34 100644 --- a/2019/11xxx/CVE-2019-11050.json +++ b/2019/11xxx/CVE-2019-11050.json @@ -115,6 +115,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a54a622670", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4239-1", + "url": "https://usn.ubuntu.com/4239-1/" } ] }, diff --git a/2019/17xxx/CVE-2019-17015.json b/2019/17xxx/CVE-2019-17015.json index 469393d5dba..aa4c0fca029 100644 --- a/2019/17xxx/CVE-2019-17015.json +++ b/2019/17xxx/CVE-2019-17015.json @@ -78,6 +78,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0060", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17016.json b/2019/17xxx/CVE-2019-17016.json index c5aaa1b80fe..18ed8a1582a 100644 --- a/2019/17xxx/CVE-2019-17016.json +++ b/2019/17xxx/CVE-2019-17016.json @@ -113,6 +113,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0111", "url": "https://access.redhat.com/errata/RHSA-2020:0111" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0060", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17017.json b/2019/17xxx/CVE-2019-17017.json index 7a4a1fce863..953a5049a52 100644 --- a/2019/17xxx/CVE-2019-17017.json +++ b/2019/17xxx/CVE-2019-17017.json @@ -113,6 +113,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0111", "url": "https://access.redhat.com/errata/RHSA-2020:0111" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0060", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17021.json b/2019/17xxx/CVE-2019-17021.json index 6a55758b2cb..2d8c5c24c83 100644 --- a/2019/17xxx/CVE-2019-17021.json +++ b/2019/17xxx/CVE-2019-17021.json @@ -78,6 +78,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0060", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17022.json b/2019/17xxx/CVE-2019-17022.json index 6152132b3fd..cb93d3b8641 100644 --- a/2019/17xxx/CVE-2019-17022.json +++ b/2019/17xxx/CVE-2019-17022.json @@ -113,6 +113,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0111", "url": "https://access.redhat.com/errata/RHSA-2020:0111" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0060", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17024.json b/2019/17xxx/CVE-2019-17024.json index 3a723d9004f..3c9f5fd9750 100644 --- a/2019/17xxx/CVE-2019-17024.json +++ b/2019/17xxx/CVE-2019-17024.json @@ -113,6 +113,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0111", "url": "https://access.redhat.com/errata/RHSA-2020:0111" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0060", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" } ] }, diff --git a/2019/18xxx/CVE-2019-18412.json b/2019/18xxx/CVE-2019-18412.json new file mode 100644 index 00000000000..b618d216c0e --- /dev/null +++ b/2019/18xxx/CVE-2019-18412.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18412", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5108.json b/2019/5xxx/CVE-2019-5108.json index a8e07979a16..7428a8744c9 100644 --- a/2019/5xxx/CVE-2019-5108.json +++ b/2019/5xxx/CVE-2019-5108.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e", + "url": "https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e" } ] }, diff --git a/2020/2xxx/CVE-2020-2090.json b/2020/2xxx/CVE-2020-2090.json index b46a20e7ca7..f69591213ff 100644 --- a/2020/2xxx/CVE-2020-2090.json +++ b/2020/2xxx/CVE-2020-2090.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2090", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2091.json b/2020/2xxx/CVE-2020-2091.json index c3a69fa9eab..52588d565e3 100644 --- a/2020/2xxx/CVE-2020-2091.json +++ b/2020/2xxx/CVE-2020-2091.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2091", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2092.json b/2020/2xxx/CVE-2020-2092.json index 1436ea9e6a9..51d1ad2dd03 100644 --- a/2020/2xxx/CVE-2020-2092.json +++ b/2020/2xxx/CVE-2020-2092.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2092", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2093.json b/2020/2xxx/CVE-2020-2093.json index 32539b16c52..efc53a1dc65 100644 --- a/2020/2xxx/CVE-2020-2093.json +++ b/2020/2xxx/CVE-2020-2093.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2093", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2094.json b/2020/2xxx/CVE-2020-2094.json index 5d5d1844469..0ca318a6c37 100644 --- a/2020/2xxx/CVE-2020-2094.json +++ b/2020/2xxx/CVE-2020-2094.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2094", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2095.json b/2020/2xxx/CVE-2020-2095.json index f6483c38edc..81e975b2593 100644 --- a/2020/2xxx/CVE-2020-2095.json +++ b/2020/2xxx/CVE-2020-2095.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2095", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2096.json b/2020/2xxx/CVE-2020-2096.json index c54ba253746..6da437e8dba 100644 --- a/2020/2xxx/CVE-2020-2096.json +++ b/2020/2xxx/CVE-2020-2096.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2096", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2097.json b/2020/2xxx/CVE-2020-2097.json index bc2458f3fa5..ee1922071a6 100644 --- a/2020/2xxx/CVE-2020-2097.json +++ b/2020/2xxx/CVE-2020-2097.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2097", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2098.json b/2020/2xxx/CVE-2020-2098.json index 080ff86be33..9c66003c84d 100644 --- a/2020/2xxx/CVE-2020-2098.json +++ b/2020/2xxx/CVE-2020-2098.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2098", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/5xxx/CVE-2020-5180.json b/2020/5xxx/CVE-2020-5180.json index 13ed3490fa6..f0d17dbbdd4 100644 --- a/2020/5xxx/CVE-2020-5180.json +++ b/2020/5xxx/CVE-2020-5180.json @@ -54,8 +54,8 @@ "reference_data": [ { "refsource": "CONFIRM", - "name": "https://www.sparklabs.com/blog/", - "url": "https://www.sparklabs.com/blog/" + "name": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-8-4/", + "url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-8-4/" } ] } From 234fbe29574e5fff788fb1e5cec1dafab28b96ea Mon Sep 17 00:00:00 2001 From: Madison Oliver Date: Wed, 15 Jan 2020 11:58:13 -0500 Subject: [PATCH 086/387] completing RBP CVEs --- 2017/3xxx/CVE-2017-3211.json | 91 ++++++++++++++++++++++++++- 2019/9xxx/CVE-2019-9493.json | 102 +++++++++++++++++++++++++++++- 2019/9xxx/CVE-2019-9510.json | 118 +++++++++++++++++++++++++++++++++-- 3 files changed, 301 insertions(+), 10 deletions(-) mode change 100644 => 100755 2017/3xxx/CVE-2017-3211.json mode change 100644 => 100755 2019/9xxx/CVE-2019-9510.json diff --git a/2017/3xxx/CVE-2017-3211.json b/2017/3xxx/CVE-2017-3211.json old mode 100644 new mode 100755 index fa396139464..bc9059fea21 --- a/2017/3xxx/CVE-2017-3211.json +++ b/2017/3xxx/CVE-2017-3211.json @@ -1,9 +1,42 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", + "DATE_PUBLIC": "2017-05-17T00:00:00.000Z", "ID": "CVE-2017-3211", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Centire Yopify leaks customer information" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Yopify", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2017-04-06", + "version_value": "2017-04-06" + } + ] + } + } + ] + }, + "vendor_name": "Centire" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability was discovered by Oliver Keyes, a Rapid7, Inc. senior data scientist." + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +44,60 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Yopify works by having the e-commerce site load a JavaScript widget from the Yopify servers, which contains both the code to generate the UI element and the data used to populate it, stored as JSON. This widget does not require any authorization beyond a site-specific API key, which is embedded in the e-commerce site's source code, and is easily extractable with a regular expression.\n\nThe result is that by scraping a customer site to grab the API key and then simply running something like:\ncurl 'https://yopify.com/api/yo/js/yo/3edb675e08e9c7fe22d243e44d184cdf/events.js?t=1490157080'\n\nwhere 3edb675e08e9c7fe22d243e44d184cdf is the site ID and t is a cache buster, someone can remotely grab the data pertaining to the last 50 customers. This is updated as purchases are made. Thus an attacker can poll every few hours for a few days/weeks/months and build up a database of an e-commerce site's customer set and associated purchasers.\n\nThe data exposed to this polling was, however, far more extensive than the data displayed. While the pop-up only provides first name and last initial, the JSON blob originally contained first and last names in their entirety, along with city-level geolocation. While the casual online customer wouldn't have seen that, a malicious technical user could have trivially gained enough information to potentially target specific users of specific niche e-commerce sites.\n\n\n\n\n\n \n" + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-213 Intentional Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.rapid7.com/2017/05/31/r7-2017-05-centire-yopify-information-disclosure-cve-2017-3211/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2017/05/31/r7-2017-05-centire-yopify-information-disclosure-cve-2017-3211/" + } + ] + }, + "source": { + "defect": [ + "R7-2017-05" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9493.json b/2019/9xxx/CVE-2019-9493.json index 85b1d645c1b..bc0a3e753fc 100644 --- a/2019/9xxx/CVE-2019-9493.json +++ b/2019/9xxx/CVE-2019-9493.json @@ -1,8 +1,40 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", + "DATE_PUBLIC": "2019-04-08T00:00:00.000Z", "ID": "CVE-2019-9493", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "MyCar Controls uses hard-coded credentials" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MyCar Controls", + "version": { + "version_data": [ + { + "platform": "iOS", + "version_affected": "<", + "version_value": "3.4.24" + }, + { + "platform": "Android", + "version_affected": "<", + "version_value": "4.1.2" + } + ] + } + } + ] + }, + "vendor_name": "AutoMobility Distribution Inc." + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +43,72 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle. This issue affects AutoMobility MyCar versions prior to 3.4.24 on iOS and versions prior to 4.1.2 on Android. This issue has additionally been fixed in Carlink, Link, Visions MyCar, and MyCar Kia." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798 Use of Hard-coded Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#174715", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/174715/" + }, + { + "name": "https://www.securityfocus.com/bid/107827", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/107827" + }, + { + "name": "https://play.google.com/store/apps/details?id=app.com.automobility.mycar.control", + "refsource": "MISC", + "url": "https://play.google.com/store/apps/details?id=app.com.automobility.mycar.control" + }, + { + "name": "https://mycarcontrols.com/", + "refsource": "MISC", + "url": "https://mycarcontrols.com/" + }, + { + "name": "https://itunes.apple.com/us/app/mycar-controls/id1126511815", + "refsource": "MISC", + "url": "https://itunes.apple.com/us/app/mycar-controls/id1126511815" + } + ] + }, + "source": { + "advisory": "VU#174715", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9510.json b/2019/9xxx/CVE-2019-9510.json old mode 100644 new mode 100755 index 56ee59a62d0..f47282eefe3 --- a/2019/9xxx/CVE-2019-9510.json +++ b/2019/9xxx/CVE-2019-9510.json @@ -1,9 +1,54 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", + "DATE_PUBLIC": "2019-06-04T00:00:00.000Z", "ID": "CVE-2019-9510", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Microsoft Windows RDP can bypass the Windows lock screen" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 or newer system using RDP", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_name": "10 ", + "version_value": "1803" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_name": "2019", + "version_value": "2019" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Joe Tammariello of the SEI for reporting this vulnerability." + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +56,73 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-288" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#576688", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/576688/" + }, + { + "name": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713(v=ws.11)", + "refsource": "MISC", + "url": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713(v=ws.11)" + }, + { + "name":"https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e729948a-3f4e-4568-9aef-d355e30b5389", + "refsource": "MISC", + "url": "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e729948a-3f4e-4568-9aef-d355e30b5389" + }, + { + "name": "https://social.technet.microsoft.com/Forums/windowsserver/en-US/1fd171de-a1b5-4721-86bf-082e4a375049/rds-2019-but-probably-other-versions-as-well-locked-rdp-session-logs-in-after-session-reconnect", + "refsource": "MISC", + "url": "https://social.technet.microsoft.com/Forums/windowsserver/en-US/1fd171de-a1b5-4721-86bf-082e4a375049/rds-2019-but-probably-other-versions-as-well-locked-rdp-session-logs-in-after-session-reconnect" + } + ] + }, + "source": { + "advisory": "VU#576688", + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Disable RDP automatic reconnection on RDP servers. Disconnect RDP sessions instead of locking them." + } + ] } \ No newline at end of file From 8a4d392672cd34e0e52e3bb4471fc47de7c6373d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 17:01:19 +0000 Subject: [PATCH 087/387] "-Synchronized-Data." --- 2007/4xxx/CVE-2007-4774.json | 53 +++++++++++- 2019/11xxx/CVE-2019-11287.json | 5 ++ 2019/1xxx/CVE-2019-1332.json | 5 ++ 2020/2xxx/CVE-2020-2637.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2638.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2639.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2640.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2641.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2642.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2643.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2644.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2645.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2646.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2647.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2648.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2649.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2650.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2651.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2652.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2653.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2654.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2655.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2656.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2657.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2658.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2659.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2660.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2661.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2662.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2663.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2664.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2665.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2666.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2667.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2668.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2669.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2670.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2671.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2672.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2673.json | 137 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2674.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2675.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2676.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2677.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2678.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2679.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2680.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2681.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2682.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2683.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2684.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2685.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2686.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2687.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2688.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2689.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2690.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2691.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2692.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2693.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2694.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2695.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2696.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2697.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2698.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2699.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2700.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2701.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2702.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2703.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2704.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2705.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2707.json | 145 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2709.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2710.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2711.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2712.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2713.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2714.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2715.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2716.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2717.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2718.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2719.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2720.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2721.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2722.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2723.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2724.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2725.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2726.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2727.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2728.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2729.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2730.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2731.json | 137 ++++++++++++++++--------------- 96 files changed, 5879 insertions(+), 5541 deletions(-) diff --git a/2007/4xxx/CVE-2007-4774.json b/2007/4xxx/CVE-2007-4774.json index fb6267d6fa0..92b4a46f28b 100644 --- a/2007/4xxx/CVE-2007-4774.json +++ b/2007/4xxx/CVE-2007-4774.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4774", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://taviso.decsystem.org/research.html", + "url": "http://taviso.decsystem.org/research.html" + }, + { + "url": "https://osdn.net/projects/linux-kernel-docs/scm/git/linux-2.4.36/listCommit?skip=60", + "refsource": "MISC", + "name": "https://osdn.net/projects/linux-kernel-docs/scm/git/linux-2.4.36/listCommit?skip=60" } ] } diff --git a/2019/11xxx/CVE-2019-11287.json b/2019/11xxx/CVE-2019-11287.json index a38496e4da6..a1f22f2c9da 100644 --- a/2019/11xxx/CVE-2019-11287.json +++ b/2019/11xxx/CVE-2019-11287.json @@ -100,6 +100,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0078", "url": "https://access.redhat.com/errata/RHSA-2020:0078" + }, + { + "refsource": "MISC", + "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-11287-DoS%20via%20Heap%20Overflow-RabbitMQ%20Web%20Management%20Plugin", + "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-11287-DoS%20via%20Heap%20Overflow-RabbitMQ%20Web%20Management%20Plugin" } ] }, diff --git a/2019/1xxx/CVE-2019-1332.json b/2019/1xxx/CVE-2019-1332.json index fd9ad707025..484a1101d83 100644 --- a/2019/1xxx/CVE-2019-1332.json +++ b/2019/1xxx/CVE-2019-1332.json @@ -76,6 +76,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1332", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1332" + }, + { + "refsource": "MISC", + "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-1332-Cross-Site%20Scripting-Microsoft%20SQL%20Server%20Reporting%20Services", + "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-1332-Cross-Site%20Scripting-Microsoft%20SQL%20Server%20Reporting%20Services" } ] } diff --git a/2020/2xxx/CVE-2020-2637.json b/2020/2xxx/CVE-2020-2637.json index c6c6a9d8580..a43f29ab6ff 100644 --- a/2020/2xxx/CVE-2020-2637.json +++ b/2020/2xxx/CVE-2020-2637.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2637" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager for Oracle Database", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager for Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Change Manager - web based). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Change Manager - web based). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2638.json b/2020/2xxx/CVE-2020-2638.json index 783b46a8b7b..bb1066a3ff1 100644 --- a/2020/2xxx/CVE-2020-2638.json +++ b/2020/2xxx/CVE-2020-2638.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2638" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2639.json b/2020/2xxx/CVE-2020-2639.json index 462c5f637c7..edc961eb49b 100644 --- a/2020/2xxx/CVE-2020-2639.json +++ b/2020/2xxx/CVE-2020-2639.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2639" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2640.json b/2020/2xxx/CVE-2020-2640.json index 6750656041e..d16a1f82b2c 100644 --- a/2020/2xxx/CVE-2020-2640.json +++ b/2020/2xxx/CVE-2020-2640.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2640" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Target Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Target Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2641.json b/2020/2xxx/CVE-2020-2641.json index c13b39d832d..b1db6e66ed5 100644 --- a/2020/2xxx/CVE-2020-2641.json +++ b/2020/2xxx/CVE-2020-2641.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2641" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2642.json b/2020/2xxx/CVE-2020-2642.json index 38a19a94b6f..d7f0da8fc6c 100644 --- a/2020/2xxx/CVE-2020-2642.json +++ b/2020/2xxx/CVE-2020-2642.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2642" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2643.json b/2020/2xxx/CVE-2020-2643.json index d85f02225e5..a322acc7e5c 100644 --- a/2020/2xxx/CVE-2020-2643.json +++ b/2020/2xxx/CVE-2020-2643.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2643" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2644.json b/2020/2xxx/CVE-2020-2644.json index c4af2a25e87..d6bf7614fb2 100644 --- a/2020/2xxx/CVE-2020-2644.json +++ b/2020/2xxx/CVE-2020-2644.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2644" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2645.json b/2020/2xxx/CVE-2020-2645.json index c6973ee97ca..d2c977336c0 100644 --- a/2020/2xxx/CVE-2020-2645.json +++ b/2020/2xxx/CVE-2020-2645.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2645" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2646.json b/2020/2xxx/CVE-2020-2646.json index 5e2f9a3fbec..c59636e8248 100644 --- a/2020/2xxx/CVE-2020-2646.json +++ b/2020/2xxx/CVE-2020-2646.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2646" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Command Line Interface). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Command Line Interface). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2647.json b/2020/2xxx/CVE-2020-2647.json index 18c7040f2b8..70ef9d01e74 100644 --- a/2020/2xxx/CVE-2020-2647.json +++ b/2020/2xxx/CVE-2020-2647.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2647" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Solaris Operating System", - "version":{ - "version_data":[ - { - "version_value":"10", - "version_affected":"=" - }, - { - "version_value":"11", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "10", + "version_affected": "=" + }, + { + "version_value": "11", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2648.json b/2020/2xxx/CVE-2020-2648.json index be8c9bfaab1..a086d88e1a7 100644 --- a/2020/2xxx/CVE-2020-2648.json +++ b/2020/2xxx/CVE-2020-2648.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2648" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Retail Customer Management and Segmentation Foundation", - "version":{ - "version_data":[ - { - "version_value":"16.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Customer Management and Segmentation Foundation", + "version": { + "version_data": [ + { + "version_value": "16.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 16.0. Easily exploitable vulnerability allows physical access to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.0 Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows physical access to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Management and Segmentation Foundation." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 16.0. Easily exploitable vulnerability allows physical access to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.0 Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows physical access to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Management and Segmentation Foundation." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2649.json b/2020/2xxx/CVE-2020-2649.json index 88f6a714106..4e747362b50 100644 --- a/2020/2xxx/CVE-2020-2649.json +++ b/2020/2xxx/CVE-2020-2649.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2649" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Retail Customer Management and Segmentation Foundation", - "version":{ - "version_data":[ - { - "version_value":"16.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Customer Management and Segmentation Foundation", + "version": { + "version_data": [ + { + "version_value": "16.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Customer Management and Segmentation Foundation executes to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Customer Management and Segmentation Foundation executes to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Customer Management and Segmentation Foundation executes to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Customer Management and Segmentation Foundation executes to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2650.json b/2020/2xxx/CVE-2020-2650.json index 24db2b6a16c..2f7f228e358 100644 --- a/2020/2xxx/CVE-2020-2650.json +++ b/2020/2xxx/CVE-2020-2650.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2650" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Retail Customer Management and Segmentation Foundation", - "version":{ - "version_data":[ - { - "version_value":"16.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Customer Management and Segmentation Foundation", + "version": { + "version_data": [ + { + "version_value": "16.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2651.json b/2020/2xxx/CVE-2020-2651.json index cf03c00ddf8..06c47116fe4 100644 --- a/2020/2xxx/CVE-2020-2651.json +++ b/2020/2xxx/CVE-2020-2651.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2651" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"CRM Technical Foundation", - "version":{ - "version_data":[ - { - "version_value":"12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2652.json b/2020/2xxx/CVE-2020-2652.json index 3835a372f12..731dc41982c 100644 --- a/2020/2xxx/CVE-2020-2652.json +++ b/2020/2xxx/CVE-2020-2652.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2652" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"CRM Technical Foundation", - "version":{ - "version_data":[ - { - "version_value":"12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2653.json b/2020/2xxx/CVE-2020-2653.json index 4c4cd24a23a..47df3b84d81 100644 --- a/2020/2xxx/CVE-2020-2653.json +++ b/2020/2xxx/CVE-2020-2653.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2653" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"CRM Technical Foundation", - "version":{ - "version_data":[ - { - "version_value":"12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2654.json b/2020/2xxx/CVE-2020-2654.json index b71e25f74aa..cd6b00d28fe 100644 --- a/2020/2xxx/CVE-2020-2654.json +++ b/2020/2xxx/CVE-2020-2654.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2654" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Java", - "version":{ - "version_data":[ - { - "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2655.json b/2020/2xxx/CVE-2020-2655.json index 3109c876686..495e0075814 100644 --- a/2020/2xxx/CVE-2020-2655.json +++ b/2020/2xxx/CVE-2020-2655.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2655" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Java", - "version":{ - "version_data":[ - { - "version_value":"Java SE: 11.0.5, 13.0.1", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 11.0.5, 13.0.1", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2656.json b/2020/2xxx/CVE-2020-2656.json index 312e3238bc0..ac00d42335e 100644 --- a/2020/2xxx/CVE-2020-2656.json +++ b/2020/2xxx/CVE-2020-2656.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2656" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Solaris Operating System", - "version":{ - "version_data":[ - { - "version_value":"10", - "version_affected":"=" - }, - { - "version_value":"11", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "10", + "version_affected": "=" + }, + { + "version_value": "11", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: X Window System). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: X Window System). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2657.json b/2020/2xxx/CVE-2020-2657.json index 48692a18b72..63bc5682d81 100644 --- a/2020/2xxx/CVE-2020-2657.json +++ b/2020/2xxx/CVE-2020-2657.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2657" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"CRM Technical Foundation", - "version":{ - "version_data":[ - { - "version_value":"12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2658.json b/2020/2xxx/CVE-2020-2658.json index c4d76b33d98..964a8c1a64e 100644 --- a/2020/2xxx/CVE-2020-2658.json +++ b/2020/2xxx/CVE-2020-2658.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2658" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"iSupport", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iSupport", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2659.json b/2020/2xxx/CVE-2020-2659.json index 9ae924c19f0..6c5b233aee5 100644 --- a/2020/2xxx/CVE-2020-2659.json +++ b/2020/2xxx/CVE-2020-2659.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2659" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Java", - "version":{ - "version_data":[ - { - "version_value":"Java SE: 7u241, 8u231", - "version_affected":"=" - }, - { - "version_value":"Java SE Embedded: 8u231", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u241, 8u231", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u231", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2660.json b/2020/2xxx/CVE-2020-2660.json index c4b7aa74bfb..5378660c003 100644 --- a/2020/2xxx/CVE-2020-2660.json +++ b/2020/2xxx/CVE-2020-2660.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2660" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"5.7.28 and prior", - "version_affected":"=" - }, - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2661.json b/2020/2xxx/CVE-2020-2661.json index ca36679f934..c32fab0afc1 100644 --- a/2020/2xxx/CVE-2020-2661.json +++ b/2020/2xxx/CVE-2020-2661.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2661" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"iSupport", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iSupport", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2662.json b/2020/2xxx/CVE-2020-2662.json index fb4d1aff558..993014b7443 100644 --- a/2020/2xxx/CVE-2020-2662.json +++ b/2020/2xxx/CVE-2020-2662.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2662" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"iSupport", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iSupport", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2663.json b/2020/2xxx/CVE-2020-2663.json index c307b9cef51..d8ea14da8dd 100644 --- a/2020/2xxx/CVE-2020-2663.json +++ b/2020/2xxx/CVE-2020-2663.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2663" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"PeopleSoft Enterprise PT PeopleTools", - "version":{ - "version_data":[ - { - "version_value":"8.56", - "version_affected":"=" - }, - { - "version_value":"8.57", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2664.json b/2020/2xxx/CVE-2020-2664.json index a191ec25d53..7507406c316 100644 --- a/2020/2xxx/CVE-2020-2664.json +++ b/2020/2xxx/CVE-2020-2664.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2664" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Solaris Operating System", - "version":{ - "version_data":[ - { - "version_value":"11", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2665.json b/2020/2xxx/CVE-2020-2665.json index fb1c491baf8..b9e4c5a7df4 100644 --- a/2020/2xxx/CVE-2020-2665.json +++ b/2020/2xxx/CVE-2020-2665.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2665" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"iSupport", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iSupport", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2666.json b/2020/2xxx/CVE-2020-2666.json index 10bc1649e53..84ae4e1a0c9 100644 --- a/2020/2xxx/CVE-2020-2666.json +++ b/2020/2xxx/CVE-2020-2666.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2666" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Applications Framework", - "version":{ - "version_data":[ - { - "version_value":"12.2.5-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Applications Framework", + "version": { + "version_data": [ + { + "version_value": "12.2.5-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2667.json b/2020/2xxx/CVE-2020-2667.json index fc3b2f086c8..5c603c96007 100644 --- a/2020/2xxx/CVE-2020-2667.json +++ b/2020/2xxx/CVE-2020-2667.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2667" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"iSupport", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iSupport", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2668.json b/2020/2xxx/CVE-2020-2668.json index be9752a7f54..04ff8fb8941 100644 --- a/2020/2xxx/CVE-2020-2668.json +++ b/2020/2xxx/CVE-2020-2668.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2668" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"iSupport", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iSupport", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2669.json b/2020/2xxx/CVE-2020-2669.json index 2e3c7ea7eb9..de9d5de3de7 100644 --- a/2020/2xxx/CVE-2020-2669.json +++ b/2020/2xxx/CVE-2020-2669.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2669" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Email Center", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Email Center", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2670.json b/2020/2xxx/CVE-2020-2670.json index 2ea33832137..52fa8fecafa 100644 --- a/2020/2xxx/CVE-2020-2670.json +++ b/2020/2xxx/CVE-2020-2670.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2670" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Email Center", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Email Center", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2671.json b/2020/2xxx/CVE-2020-2671.json index f13f4235099..e683a241369 100644 --- a/2020/2xxx/CVE-2020-2671.json +++ b/2020/2xxx/CVE-2020-2671.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2671" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Email Center", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Email Center", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2672.json b/2020/2xxx/CVE-2020-2672.json index ebc29adda1f..a209425dd0a 100644 --- a/2020/2xxx/CVE-2020-2672.json +++ b/2020/2xxx/CVE-2020-2672.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2672" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Email Center", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Email Center", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2673.json b/2020/2xxx/CVE-2020-2673.json index 96acee027d2..16d661ccb44 100644 --- a/2020/2xxx/CVE-2020-2673.json +++ b/2020/2xxx/CVE-2020-2673.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2673" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Application Testing Suite", - "version":{ - "version_data":[ - { - "version_value":"12.5.0.3", - "version_affected":"=" - }, - { - "version_value":"13.1.0.1", - "version_affected":"=" - }, - { - "version_value":"13.2.0.1", - "version_affected":"=" - }, - { - "version_value":"13.3.0.1", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Testing Suite", + "version": { + "version_data": [ + { + "version_value": "12.5.0.3", + "version_affected": "=" + }, + { + "version_value": "13.1.0.1", + "version_affected": "=" + }, + { + "version_value": "13.2.0.1", + "version_affected": "=" + }, + { + "version_value": "13.3.0.1", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Oracle Flow Builder). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Oracle Flow Builder). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2674.json b/2020/2xxx/CVE-2020-2674.json index 85d2d865a67..d57ee15a155 100644 --- a/2020/2xxx/CVE-2020-2674.json +++ b/2020/2xxx/CVE-2020-2674.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2674" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2675.json b/2020/2xxx/CVE-2020-2675.json index b3d86e0276c..300305e6fdb 100644 --- a/2020/2xxx/CVE-2020-2675.json +++ b/2020/2xxx/CVE-2020-2675.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2675" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Hospitality OPERA 5 Property Services", - "version":{ - "version_data":[ - { - "version_value":"5.5", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality OPERA 5 Property Services", + "version": { + "version_data": [ + { + "version_value": "5.5", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login). The supported version that is affected is 5.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login). The supported version that is affected is 5.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2676.json b/2020/2xxx/CVE-2020-2676.json index 7d87b340e7a..f3ed7e397ec 100644 --- a/2020/2xxx/CVE-2020-2676.json +++ b/2020/2xxx/CVE-2020-2676.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2676" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Hospitality OPERA 5 Property Services", - "version":{ - "version_data":[ - { - "version_value":"5.5", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality OPERA 5 Property Services", + "version": { + "version_data": [ + { + "version_value": "5.5", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Printing). The supported version that is affected is 5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data as well as unauthorized read access to a subset of Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data as well as unauthorized read access to a subset of Oracle Hospitality OPERA 5 accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Printing). The supported version that is affected is 5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data as well as unauthorized read access to a subset of Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data as well as unauthorized read access to a subset of Oracle Hospitality OPERA 5 accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2677.json b/2020/2xxx/CVE-2020-2677.json index 4f293dd4e60..f39121a9d00 100644 --- a/2020/2xxx/CVE-2020-2677.json +++ b/2020/2xxx/CVE-2020-2677.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2677" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Hospitality OPERA 5 Property Services", - "version":{ - "version_data":[ - { - "version_value":"5.5", - "version_affected":"=" - }, - { - "version_value":"5.6", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality OPERA 5 Property Services", + "version": { + "version_data": [ + { + "version_value": "5.5", + "version_affected": "=" + }, + { + "version_value": "5.6", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2678.json b/2020/2xxx/CVE-2020-2678.json index 4bcbb357308..d706d978fa8 100644 --- a/2020/2xxx/CVE-2020-2678.json +++ b/2020/2xxx/CVE-2020-2678.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2678" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2679.json b/2020/2xxx/CVE-2020-2679.json index 510c94b8403..d7e2b87fca8 100644 --- a/2020/2xxx/CVE-2020-2679.json +++ b/2020/2xxx/CVE-2020-2679.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2679" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2680.json b/2020/2xxx/CVE-2020-2680.json index 6b6e1a3bf38..169bcf01d18 100644 --- a/2020/2xxx/CVE-2020-2680.json +++ b/2020/2xxx/CVE-2020-2680.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2680" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Solaris Operating System", - "version":{ - "version_data":[ - { - "version_value":"11", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2681.json b/2020/2xxx/CVE-2020-2681.json index ab16d65d948..569c6a27866 100644 --- a/2020/2xxx/CVE-2020-2681.json +++ b/2020/2xxx/CVE-2020-2681.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2681" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2682.json b/2020/2xxx/CVE-2020-2682.json index 1cc7251998f..1e11e707841 100644 --- a/2020/2xxx/CVE-2020-2682.json +++ b/2020/2xxx/CVE-2020-2682.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2682" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2683.json b/2020/2xxx/CVE-2020-2683.json index 7194c48248d..105591ab7c9 100644 --- a/2020/2xxx/CVE-2020-2683.json +++ b/2020/2xxx/CVE-2020-2683.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2683" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"FLEXCUBE Universal Banking", - "version":{ - "version_data":[ - { - "version_value":"12.0.1-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_value": "12.0.1-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2684.json b/2020/2xxx/CVE-2020-2684.json index dbf527edcc8..a16d72ab10b 100644 --- a/2020/2xxx/CVE-2020-2684.json +++ b/2020/2xxx/CVE-2020-2684.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2684" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"FLEXCUBE Universal Banking", - "version":{ - "version_data":[ - { - "version_value":"12.0.1-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_value": "12.0.1-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2685.json b/2020/2xxx/CVE-2020-2685.json index 89b9a4b00bb..1d94b8e60df 100644 --- a/2020/2xxx/CVE-2020-2685.json +++ b/2020/2xxx/CVE-2020-2685.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2685" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"FLEXCUBE Universal Banking", - "version":{ - "version_data":[ - { - "version_value":"12.0.1-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_value": "12.0.1-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2686.json b/2020/2xxx/CVE-2020-2686.json index 1b1307a04ff..f92e644d171 100644 --- a/2020/2xxx/CVE-2020-2686.json +++ b/2020/2xxx/CVE-2020-2686.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2686" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2687.json b/2020/2xxx/CVE-2020-2687.json index 397b6038991..c7c47bbb24e 100644 --- a/2020/2xxx/CVE-2020-2687.json +++ b/2020/2xxx/CVE-2020-2687.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2687" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"PeopleSoft Enterprise PT PeopleTools", - "version":{ - "version_data":[ - { - "version_value":"8.56", - "version_affected":"=" - }, - { - "version_value":"8.57", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2688.json b/2020/2xxx/CVE-2020-2688.json index 8122c9744f4..13389f92c45 100644 --- a/2020/2xxx/CVE-2020-2688.json +++ b/2020/2xxx/CVE-2020-2688.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2688" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Financial Services Analytical Applications Infrastructure", - "version":{ - "version_data":[ - { - "version_value":"8.0.4-8.0.8", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Analytical Applications Infrastructure", + "version": { + "version_data": [ + { + "version_value": "8.0.4-8.0.8", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Object Migration). Supported versions that are affected are 8.0.4-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Object Migration). Supported versions that are affected are 8.0.4-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2689.json b/2020/2xxx/CVE-2020-2689.json index 6028067924e..db7abc2f7b5 100644 --- a/2020/2xxx/CVE-2020-2689.json +++ b/2020/2xxx/CVE-2020-2689.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2689" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2690.json b/2020/2xxx/CVE-2020-2690.json index 5f517d46d10..1a2932c0b16 100644 --- a/2020/2xxx/CVE-2020-2690.json +++ b/2020/2xxx/CVE-2020-2690.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2690" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2691.json b/2020/2xxx/CVE-2020-2691.json index 04af7c6f463..c7103bf3a3d 100644 --- a/2020/2xxx/CVE-2020-2691.json +++ b/2020/2xxx/CVE-2020-2691.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2691" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2692.json b/2020/2xxx/CVE-2020-2692.json index 2159da124f7..96cd86eb09c 100644 --- a/2020/2xxx/CVE-2020-2692.json +++ b/2020/2xxx/CVE-2020-2692.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2692" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2693.json b/2020/2xxx/CVE-2020-2693.json index e3e144d3cb3..66be4ff5850 100644 --- a/2020/2xxx/CVE-2020-2693.json +++ b/2020/2xxx/CVE-2020-2693.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2693" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2694.json b/2020/2xxx/CVE-2020-2694.json index da640a73de9..7b8ca756d8a 100644 --- a/2020/2xxx/CVE-2020-2694.json +++ b/2020/2xxx/CVE-2020-2694.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2694" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2695.json b/2020/2xxx/CVE-2020-2695.json index 0d4a3220546..77e37b2c676 100644 --- a/2020/2xxx/CVE-2020-2695.json +++ b/2020/2xxx/CVE-2020-2695.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2695" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"PeopleSoft Enterprise CC Common Application Objects", - "version":{ - "version_data":[ - { - "version_value":"9.1", - "version_affected":"=" - }, - { - "version_value":"9.2", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise CC Common Application Objects", + "version": { + "version_data": [ + { + "version_value": "9.1", + "version_affected": "=" + }, + { + "version_value": "9.2", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Approval Framework). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Approval Framework). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2696.json b/2020/2xxx/CVE-2020-2696.json index fb3ce2fd944..a6b2ecc20c2 100644 --- a/2020/2xxx/CVE-2020-2696.json +++ b/2020/2xxx/CVE-2020-2696.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2696" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Solaris Operating System", - "version":{ - "version_data":[ - { - "version_value":"10", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "10", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2697.json b/2020/2xxx/CVE-2020-2697.json index fb27c1e0181..3c060065a2e 100644 --- a/2020/2xxx/CVE-2020-2697.json +++ b/2020/2xxx/CVE-2020-2697.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2697" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Hospitality Suites Management", - "version":{ - "version_data":[ - { - "version_value":"3.7", - "version_affected":"=" - }, - { - "version_value":"3.8", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Suites Management", + "version": { + "version_data": [ + { + "version_value": "3.7", + "version_affected": "=" + }, + { + "version_value": "3.8", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Hospitality Suites Management component of Oracle Food and Beverage Applications. Supported versions that are affected are 3.7 and 3.8. Easily exploitable vulnerability allows physical access to compromise Oracle Hospitality Suites Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suites Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suites Management accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows physical access to compromise Oracle Hospitality Suites Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suites Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suites Management accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Suites Management component of Oracle Food and Beverage Applications. Supported versions that are affected are 3.7 and 3.8. Easily exploitable vulnerability allows physical access to compromise Oracle Hospitality Suites Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suites Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suites Management accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows physical access to compromise Oracle Hospitality Suites Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suites Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suites Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2698.json b/2020/2xxx/CVE-2020-2698.json index 59db7dd9512..f9f66698448 100644 --- a/2020/2xxx/CVE-2020-2698.json +++ b/2020/2xxx/CVE-2020-2698.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2698" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2699.json b/2020/2xxx/CVE-2020-2699.json index f2aceb74b8c..af5bf9a8761 100644 --- a/2020/2xxx/CVE-2020-2699.json +++ b/2020/2xxx/CVE-2020-2699.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2699" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"FLEXCUBE Universal Banking", - "version":{ - "version_data":[ - { - "version_value":"12.0.1-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_value": "12.0.1-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2700.json b/2020/2xxx/CVE-2020-2700.json index 7256a3e329f..b6e8a8b4660 100644 --- a/2020/2xxx/CVE-2020-2700.json +++ b/2020/2xxx/CVE-2020-2700.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2700" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"FLEXCUBE Universal Banking", - "version":{ - "version_data":[ - { - "version_value":"12.0.1-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_value": "12.0.1-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2701.json b/2020/2xxx/CVE-2020-2701.json index a247ee7ec6d..f9aab36e1d4 100644 --- a/2020/2xxx/CVE-2020-2701.json +++ b/2020/2xxx/CVE-2020-2701.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2701" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2702.json b/2020/2xxx/CVE-2020-2702.json index e61e95e06e8..1b3a025a098 100644 --- a/2020/2xxx/CVE-2020-2702.json +++ b/2020/2xxx/CVE-2020-2702.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2702" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2703.json b/2020/2xxx/CVE-2020-2703.json index adaf8bd7311..998ffad64b8 100644 --- a/2020/2xxx/CVE-2020-2703.json +++ b/2020/2xxx/CVE-2020-2703.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2703" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36 and prior to 6.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36 and prior to 6.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2704.json b/2020/2xxx/CVE-2020-2704.json index 49735f48a0b..29662163ced 100644 --- a/2020/2xxx/CVE-2020-2704.json +++ b/2020/2xxx/CVE-2020-2704.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2704" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2705.json b/2020/2xxx/CVE-2020-2705.json index 4caf43a0c27..79b27dc4e66 100644 --- a/2020/2xxx/CVE-2020-2705.json +++ b/2020/2xxx/CVE-2020-2705.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2705" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2707.json b/2020/2xxx/CVE-2020-2707.json index fdb357394aa..3fc8099060b 100644 --- a/2020/2xxx/CVE-2020-2707.json +++ b/2020/2xxx/CVE-2020-2707.json @@ -1,76 +1,79 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2707" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Primavera P6 Enterprise Project Portfolio Management", - "version":{ - "version_data":[ - { - "version_value":"15.1.0.0-15.2.18.7", - "version_affected":"=" - }, - { - "version_value":"16.1.0.0-16.2.19.0", - "version_affected":"=" - }, - { - "version_value":"17.1.0.0-17.12.16.0", - "version_affected":"=" - }, - { - "version_value":"18.1.0.0-18.8.16.0", - "version_affected":"=" - }, - { - "version_value":"19.12.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera P6 Enterprise Project Portfolio Management", + "version": { + "version_data": [ + { + "version_value": "15.1.0.0-15.2.18.7", + "version_affected": "=" + }, + { + "version_value": "16.1.0.0-16.2.19.0", + "version_affected": "=" + }, + { + "version_value": "17.1.0.0-17.12.16.0", + "version_affected": "=" + }, + { + "version_value": "18.1.0.0-18.8.16.0", + "version_affected": "=" + }, + { + "version_value": "19.12.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: WebAccess). Supported versions that are affected are 15.1.0.0-15.2.18.7, 16.1.0.0-16.2.19.0, 17.1.0.0-17.12.16.0, 18.1.0.0-18.8.16.0 and 19.12.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: WebAccess). Supported versions that are affected are 15.1.0.0-15.2.18.7, 16.1.0.0-16.2.19.0, 17.1.0.0-17.12.16.0, 18.1.0.0-18.8.16.0 and 19.12.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2709.json b/2020/2xxx/CVE-2020-2709.json index a310fc13d4d..5490967d372 100644 --- a/2020/2xxx/CVE-2020-2709.json +++ b/2020/2xxx/CVE-2020-2709.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2709" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"iLearning", - "version":{ - "version_data":[ - { - "version_value":"6.1", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iLearning", + "version": { + "version_data": [ + { + "version_value": "6.1", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle iLearning product of Oracle iLearning (component: Learner Pages). The supported version that is affected is 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iLearning accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iLearning accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iLearning product of Oracle iLearning (component: Learner Pages). The supported version that is affected is 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iLearning accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iLearning accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2710.json b/2020/2xxx/CVE-2020-2710.json index 59fb17a62ad..5a90ecbdf0f 100644 --- a/2020/2xxx/CVE-2020-2710.json +++ b/2020/2xxx/CVE-2020-2710.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2710" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Banking Payments", - "version":{ - "version_data":[ - { - "version_value":"14.1.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Payments", + "version": { + "version_data": [ + { + "version_value": "14.1.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2711.json b/2020/2xxx/CVE-2020-2711.json index 0a6b24f53bc..385eb2749d8 100644 --- a/2020/2xxx/CVE-2020-2711.json +++ b/2020/2xxx/CVE-2020-2711.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2711" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Banking Payments", - "version":{ - "version_data":[ - { - "version_value":"14.1.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Payments", + "version": { + "version_data": [ + { + "version_value": "14.1.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2712.json b/2020/2xxx/CVE-2020-2712.json index 9d4e37a02bc..119d492372e 100644 --- a/2020/2xxx/CVE-2020-2712.json +++ b/2020/2xxx/CVE-2020-2712.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2712" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Banking Payments", - "version":{ - "version_data":[ - { - "version_value":"14.1.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Payments", + "version": { + "version_data": [ + { + "version_value": "14.1.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2713.json b/2020/2xxx/CVE-2020-2713.json index f5127e4a841..c895332df34 100644 --- a/2020/2xxx/CVE-2020-2713.json +++ b/2020/2xxx/CVE-2020-2713.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2713" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Banking Payments", - "version":{ - "version_data":[ - { - "version_value":"14.1.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Payments", + "version": { + "version_data": [ + { + "version_value": "14.1.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2714.json b/2020/2xxx/CVE-2020-2714.json index 8ba0833a5e8..7d5f38d1482 100644 --- a/2020/2xxx/CVE-2020-2714.json +++ b/2020/2xxx/CVE-2020-2714.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2714" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Banking Payments", - "version":{ - "version_data":[ - { - "version_value":"14.1.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Payments", + "version": { + "version_data": [ + { + "version_value": "14.1.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Payments accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2715.json b/2020/2xxx/CVE-2020-2715.json index 33931639956..70eabb994df 100644 --- a/2020/2xxx/CVE-2020-2715.json +++ b/2020/2xxx/CVE-2020-2715.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2715" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Banking Corporate Lending", - "version":{ - "version_data":[ - { - "version_value":"12.3.0-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Corporate Lending", + "version": { + "version_data": [ + { + "version_value": "12.3.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2716.json b/2020/2xxx/CVE-2020-2716.json index cc6d97aa61f..5e7db22f8f2 100644 --- a/2020/2xxx/CVE-2020-2716.json +++ b/2020/2xxx/CVE-2020-2716.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2716" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Banking Corporate Lending", - "version":{ - "version_data":[ - { - "version_value":"12.3.0-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2716", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Corporate Lending", + "version": { + "version_data": [ + { + "version_value": "12.3.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2717.json b/2020/2xxx/CVE-2020-2717.json index fff252b6389..256bec0ba8b 100644 --- a/2020/2xxx/CVE-2020-2717.json +++ b/2020/2xxx/CVE-2020-2717.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2717" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Banking Corporate Lending", - "version":{ - "version_data":[ - { - "version_value":"12.3.0-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Corporate Lending", + "version": { + "version_data": [ + { + "version_value": "12.3.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2718.json b/2020/2xxx/CVE-2020-2718.json index 2eba684b1a6..53789a7a51f 100644 --- a/2020/2xxx/CVE-2020-2718.json +++ b/2020/2xxx/CVE-2020-2718.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2718" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Banking Corporate Lending", - "version":{ - "version_data":[ - { - "version_value":"12.3.0-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Corporate Lending", + "version": { + "version_data": [ + { + "version_value": "12.3.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2719.json b/2020/2xxx/CVE-2020-2719.json index b8c79b816a9..03d1c713658 100644 --- a/2020/2xxx/CVE-2020-2719.json +++ b/2020/2xxx/CVE-2020-2719.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2719" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Banking Corporate Lending", - "version":{ - "version_data":[ - { - "version_value":"12.3.0-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Corporate Lending", + "version": { + "version_data": [ + { + "version_value": "12.3.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2720.json b/2020/2xxx/CVE-2020-2720.json index 38fb0ee79ea..0408e56b61a 100644 --- a/2020/2xxx/CVE-2020-2720.json +++ b/2020/2xxx/CVE-2020-2720.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2720" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"FLEXCUBE Investor Servicing", - "version":{ - "version_data":[ - { - "version_value":"12.1.0-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.1.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Investor Servicing", + "version": { + "version_data": [ + { + "version_value": "12.1.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.1.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2721.json b/2020/2xxx/CVE-2020-2721.json index 009ac31f2db..3db59f88c77 100644 --- a/2020/2xxx/CVE-2020-2721.json +++ b/2020/2xxx/CVE-2020-2721.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2721" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"FLEXCUBE Investor Servicing", - "version":{ - "version_data":[ - { - "version_value":"12.1.0-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.1.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Investor Servicing", + "version": { + "version_data": [ + { + "version_value": "12.1.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.1.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2722.json b/2020/2xxx/CVE-2020-2722.json index 5a6b64efe13..f98ef5a1455 100644 --- a/2020/2xxx/CVE-2020-2722.json +++ b/2020/2xxx/CVE-2020-2722.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2722" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"FLEXCUBE Investor Servicing", - "version":{ - "version_data":[ - { - "version_value":"12.1.0-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.1.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Investor Servicing", + "version": { + "version_data": [ + { + "version_value": "12.1.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.1.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2723.json b/2020/2xxx/CVE-2020-2723.json index ab545b21a36..22ddb2d61d8 100644 --- a/2020/2xxx/CVE-2020-2723.json +++ b/2020/2xxx/CVE-2020-2723.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2723" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"FLEXCUBE Investor Servicing", - "version":{ - "version_data":[ - { - "version_value":"12.1.0-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.1.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Investor Servicing", + "version": { + "version_data": [ + { + "version_value": "12.1.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.1.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2724.json b/2020/2xxx/CVE-2020-2724.json index b7f2aa3a9bb..8d9e5f8e205 100644 --- a/2020/2xxx/CVE-2020-2724.json +++ b/2020/2xxx/CVE-2020-2724.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2724" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"FLEXCUBE Investor Servicing", - "version":{ - "version_data":[ - { - "version_value":"12.1.0-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.1.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Investor Servicing", + "version": { + "version_data": [ + { + "version_value": "12.1.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.1.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2725.json b/2020/2xxx/CVE-2020-2725.json index 55d01d74f2d..356c53b8be6 100644 --- a/2020/2xxx/CVE-2020-2725.json +++ b/2020/2xxx/CVE-2020-2725.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2725" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2726.json b/2020/2xxx/CVE-2020-2726.json index 70a2d6bcd32..f11853beb01 100644 --- a/2020/2xxx/CVE-2020-2726.json +++ b/2020/2xxx/CVE-2020-2726.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2726" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2727.json b/2020/2xxx/CVE-2020-2727.json index ad7720145b1..0cfb16ce0fa 100644 --- a/2020/2xxx/CVE-2020-2727.json +++ b/2020/2xxx/CVE-2020-2727.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2727" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2728.json b/2020/2xxx/CVE-2020-2728.json index 8e4c3549c43..fa9b8edf03a 100644 --- a/2020/2xxx/CVE-2020-2728.json +++ b/2020/2xxx/CVE-2020-2728.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2728" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Identity Manager", - "version":{ - "version_data":[ - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Identity Manager", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM - LDAP user and role Synch). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM - LDAP user and role Synch). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2729.json b/2020/2xxx/CVE-2020-2729.json index 419b6ab03a4..c78a4672824 100644 --- a/2020/2xxx/CVE-2020-2729.json +++ b/2020/2xxx/CVE-2020-2729.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2729" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Identity Manager", - "version":{ - "version_data":[ - { - "version_value":"11.1.2.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Identity Manager", + "version": { + "version_data": [ + { + "version_value": "11.1.2.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Advanced Console). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Identity Manager accessible data as well as unauthorized read access to a subset of Identity Manager accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Identity Manager accessible data as well as unauthorized read access to a subset of Identity Manager accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Advanced Console). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Identity Manager accessible data as well as unauthorized read access to a subset of Identity Manager accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Identity Manager accessible data as well as unauthorized read access to a subset of Identity Manager accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2730.json b/2020/2xxx/CVE-2020-2730.json index 2c6d0c491b9..33239f6f309 100644 --- a/2020/2xxx/CVE-2020-2730.json +++ b/2020/2xxx/CVE-2020-2730.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2730" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Financial Services Revenue Management and Billing", - "version":{ - "version_data":[ - { - "version_value":"2.7.0.0", - "version_affected":"=" - }, - { - "version_value":"2.7.0.1", - "version_affected":"=" - }, - { - "version_value":"2.8.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Revenue Management and Billing", + "version": { + "version_data": [ + { + "version_value": "2.7.0.0", + "version_affected": "=" + }, + { + "version_value": "2.7.0.1", + "version_affected": "=" + }, + { + "version_value": "2.8.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: File Upload). Supported versions that are affected are 2.7.0.0, 2.7.0.1 and 2.8.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: File Upload). Supported versions that are affected are 2.7.0.0, 2.7.0.1 and 2.8.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2731.json b/2020/2xxx/CVE-2020-2731.json index 0d5d96a3c44..b7d933f06c7 100644 --- a/2020/2xxx/CVE-2020-2731.json +++ b/2020/2xxx/CVE-2020-2731.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2731" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Database", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.2", - "version_affected":"=" - }, - { - "version_value":"12.2.0.1", - "version_affected":"=" - }, - { - "version_value":"18c", - "version_affected":"=" - }, - { - "version_value":"19c", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file From 39bb9d2157c87b0283d317013526006498403ed0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 17:01:42 +0000 Subject: [PATCH 088/387] "-Synchronized-Data." --- 2005/4xxx/CVE-2005-4891.json | 55 +++++++- 2007/4xxx/CVE-2007-4773.json | 63 ++++++++- 2012/1xxx/CVE-2012-1695.json | 85 ++++++------ 2015/5xxx/CVE-2015-5230.json | 60 ++++++++- 2015/5xxx/CVE-2015-5952.json | 48 ++++++- 2015/6xxx/CVE-2015-6497.json | 68 +++++++++- 2019/16xxx/CVE-2019-16466.json | 62 +++++++++ 2019/16xxx/CVE-2019-16467.json | 62 +++++++++ 2019/16xxx/CVE-2019-16468.json | 62 +++++++++ 2019/16xxx/CVE-2019-16469.json | 62 +++++++++ 2019/2xxx/CVE-2019-2725.json | 30 ++--- 2019/2xxx/CVE-2019-2729.json | 52 +------- 2019/2xxx/CVE-2019-2904.json | 231 ++++++--------------------------- 2020/2xxx/CVE-2020-2510.json | 145 +++++++++++---------- 2020/2xxx/CVE-2020-2511.json | 137 +++++++++---------- 2020/2xxx/CVE-2020-2512.json | 145 +++++++++++---------- 2020/2xxx/CVE-2020-2515.json | 145 +++++++++++---------- 2020/2xxx/CVE-2020-2516.json | 137 +++++++++---------- 2020/2xxx/CVE-2020-2517.json | 129 +++++++++--------- 2020/2xxx/CVE-2020-2518.json | 153 +++++++++++----------- 2020/2xxx/CVE-2020-2519.json | 137 +++++++++---------- 2020/2xxx/CVE-2020-2527.json | 137 +++++++++---------- 2020/2xxx/CVE-2020-2530.json | 129 +++++++++--------- 2020/2xxx/CVE-2020-2531.json | 121 ++++++++--------- 2020/2xxx/CVE-2020-2533.json | 121 ++++++++--------- 2020/2xxx/CVE-2020-2534.json | 121 ++++++++--------- 2020/2xxx/CVE-2020-2535.json | 121 ++++++++--------- 2020/2xxx/CVE-2020-2536.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2537.json | 121 ++++++++--------- 2020/2xxx/CVE-2020-2538.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2539.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2540.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2541.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2542.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2543.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2544.json | 137 +++++++++---------- 2020/2xxx/CVE-2020-2545.json | 153 ++++++++++------------ 2020/2xxx/CVE-2020-2546.json | 121 ++++++++--------- 2020/2xxx/CVE-2020-2547.json | 137 +++++++++---------- 2020/2xxx/CVE-2020-2548.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2549.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2550.json | 137 +++++++++---------- 2020/2xxx/CVE-2020-2551.json | 137 +++++++++---------- 2020/2xxx/CVE-2020-2552.json | 121 ++++++++--------- 2020/2xxx/CVE-2020-2555.json | 129 +++++++++--------- 2020/2xxx/CVE-2020-2556.json | 145 +++++++++++---------- 2020/2xxx/CVE-2020-2557.json | 137 +++++++++---------- 2020/2xxx/CVE-2020-2558.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2559.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2560.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2561.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2563.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2564.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2565.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2566.json | 121 ++++++++--------- 2020/2xxx/CVE-2020-2567.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2568.json | 137 +++++++++---------- 2020/2xxx/CVE-2020-2569.json | 129 +++++++++--------- 2020/2xxx/CVE-2020-2570.json | 121 ++++++++--------- 2020/2xxx/CVE-2020-2571.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2572.json | 121 ++++++++--------- 61 files changed, 3694 insertions(+), 3262 deletions(-) create mode 100644 2019/16xxx/CVE-2019-16466.json create mode 100644 2019/16xxx/CVE-2019-16467.json create mode 100644 2019/16xxx/CVE-2019-16468.json create mode 100644 2019/16xxx/CVE-2019-16469.json diff --git a/2005/4xxx/CVE-2005-4891.json b/2005/4xxx/CVE-2005-4891.json index be3d7f5b81d..c76d4136dc7 100644 --- a/2005/4xxx/CVE-2005-4891.json +++ b/2005/4xxx/CVE-2005-4891.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2005-4891", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Simple Machine Forum", + "product": { + "product_data": [ + { + "product_name": "Simple Machine Forum", + "version": { + "version_data": [ + { + "version_value": "1.0.4 and earlier" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/11/14/10", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/11/14/10" + }, + { + "refsource": "MISC", + "name": "https://securiteam.com/exploits/5HP0N0KG0O/", + "url": "https://securiteam.com/exploits/5HP0N0KG0O/" } ] } diff --git a/2007/4xxx/CVE-2007-4773.json b/2007/4xxx/CVE-2007-4773.json index e6ffbf54ee4..f8e1525805d 100644 --- a/2007/4xxx/CVE-2007-4773.json +++ b/2007/4xxx/CVE-2007-4773.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4773", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Systrace before 1.6.0 has insufficient escape policy enforcement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.citi.umich.edu/u/provos/systrace/", + "refsource": "MISC", + "name": "http://www.citi.umich.edu/u/provos/systrace/" + }, + { + "refsource": "MISC", + "name": "http://taviso.decsystem.org/research.html", + "url": "http://taviso.decsystem.org/research.html" + }, + { + "url": "http://taviso.decsystem.org/research.t2t", + "refsource": "MISC", + "name": "http://taviso.decsystem.org/research.t2t" + }, + { + "refsource": "MISC", + "name": "https://www.provos.org/index.php?/archives/2007/12/C2.html", + "url": "https://www.provos.org/index.php?/archives/2007/12/C2.html" } ] } diff --git a/2012/1xxx/CVE-2012-1695.json b/2012/1xxx/CVE-2012-1695.json index 9aee1e7171f..df6a09d5e3e 100644 --- a/2012/1xxx/CVE-2012-1695.json +++ b/2012/1xxx/CVE-2012-1695.json @@ -1,80 +1,81 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2012-1695", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1695", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.2 and earlier, and JDK/JRE 5 and 6 27.7.1 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.2 and earlier, and JDK/JRE 5 and 6 27.7.1 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"48864", - "refsource":"SECUNIA", - "url":"http://secunia.com/advisories/48864" + "name": "48864", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48864" }, { - "name":"http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" }, { - "name":"1026948", - "refsource":"SECTRACK", - "url":"http://www.securitytracker.com/id?1026948" + "name": "1026948", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026948" }, { - "name":"MDVSA-2013:150", - "refsource":"MANDRIVA", - "url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2015/5xxx/CVE-2015-5230.json b/2015/5xxx/CVE-2015-5230.json index 83930830e24..2ca53be1f10 100644 --- a/2015/5xxx/CVE-2015-5230.json +++ b/2015/5xxx/CVE-2015-5230.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5230", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PowerDNS", + "product": { + "product_data": [ + { + "product_name": "PowerDNS Authoritative Server", + "version": { + "version_data": [ + { + "version_value": "3.4.x before 3.4.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/", + "url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/" + }, + { + "refsource": "MISC", + "name": "http://www.debian.org/security/2015/dsa-3347", + "url": "http://www.debian.org/security/2015/dsa-3347" + }, + { + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1033475", + "url": "http://www.securitytracker.com/id/1033475" } ] } diff --git a/2015/5xxx/CVE-2015-5952.json b/2015/5xxx/CVE-2015-5952.json index 47efd950424..25959af950f 100644 --- a/2015/5xxx/CVE-2015-5952.json +++ b/2015/5xxx/CVE-2015-5952.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5952", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in Thomson Reuters for FATCA before 5.2 allows remote attackers to execute arbitrary files via the item parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Aug/24", + "url": "http://seclists.org/fulldisclosure/2015/Aug/24" } ] } diff --git a/2015/6xxx/CVE-2015-6497.json b/2015/6xxx/CVE-2015-6497.json index e08d30f08b4..d487c506ecd 100644 --- a/2015/6xxx/CVE-2015-6497.json +++ b/2015/6xxx/CVE-2015-6497.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-6497", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/133544/Magento-1.9.2-File-Inclusion.html", + "url": "http://packetstormsecurity.com/files/133544/Magento-1.9.2-File-Inclusion.html" + }, + { + "refsource": "MISC", + "name": "http://blog.mindedsecurity.com/2015/09/autoloaded-file-inclusion-in-magento.html", + "url": "http://blog.mindedsecurity.com/2015/09/autoloaded-file-inclusion-in-magento.html" + }, + { + "refsource": "MISC", + "name": "http://karmainsecurity.com/KIS-2015-04", + "url": "http://karmainsecurity.com/KIS-2015-04" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Sep/48", + "url": "http://seclists.org/fulldisclosure/2015/Sep/48" + }, + { + "refsource": "MISC", + "name": "http://magento.com/security/patches/supee-6482", + "url": "http://magento.com/security/patches/supee-6482" } ] } diff --git a/2019/16xxx/CVE-2019-16466.json b/2019/16xxx/CVE-2019-16466.json new file mode 100644 index 00000000000..341b9690dda --- /dev/null +++ b/2019/16xxx/CVE-2019-16466.json @@ -0,0 +1,62 @@ +{ + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 versions" + } + ] + }, + "product_name": "Adobe Experience Manager" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected Cross-Site Scripting" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-16466", + "ASSIGNER": "psirt@adobe.com" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16467.json b/2019/16xxx/CVE-2019-16467.json new file mode 100644 index 00000000000..ad54a086a63 --- /dev/null +++ b/2019/16xxx/CVE-2019-16467.json @@ -0,0 +1,62 @@ +{ + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 versions" + } + ] + }, + "product_name": "Adobe Experience Manager" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected Cross-Site Scripting" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-16467", + "ASSIGNER": "psirt@adobe.com" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16468.json b/2019/16xxx/CVE-2019-16468.json new file mode 100644 index 00000000000..a407584282d --- /dev/null +++ b/2019/16xxx/CVE-2019-16468.json @@ -0,0 +1,62 @@ +{ + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 versions" + } + ] + }, + "product_name": "Adobe Experience Manager" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "User Interface Injection" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-16468", + "ASSIGNER": "psirt@adobe.com" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16469.json b/2019/16xxx/CVE-2019-16469.json new file mode 100644 index 00000000000..774290ba20d --- /dev/null +++ b/2019/16xxx/CVE-2019-16469.json @@ -0,0 +1,62 @@ +{ + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 versions" + } + ] + }, + "product_name": "Adobe Experience Manager" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Expression Language injection" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-16469", + "ASSIGNER": "psirt@adobe.com" + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2725.json b/2019/2xxx/CVE-2019-2725.json index 6d30348f41e..6451c645ec4 100644 --- a/2019/2xxx/CVE-2019-2725.json +++ b/2019/2xxx/CVE-2019-2725.json @@ -11,11 +11,11 @@ "product": { "product_data": [ { - "product_name": "Tape Virtual VSM GUI - Virtual Storage Manager GUI", + "product_name": "Tape Library ACSLS", "version": { "version_data": [ { - "version_value": "6.2", + "version_value": "8.5", "version_affected": "=" } ] @@ -23,23 +23,7 @@ } ] }, - "vendor_name": "Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Tape Library ACSLS", - "version":{ - "version_data":[ - { - "version_value":"8.5", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation" + "vendor_name": "Oracle Corporation" } ] } @@ -100,8 +84,10 @@ "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" - } + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } ] } -} +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2729.json b/2019/2xxx/CVE-2019-2729.json index 58314736bc2..58f6071d9d6 100644 --- a/2019/2xxx/CVE-2019-2729.json +++ b/2019/2xxx/CVE-2019-2729.json @@ -11,11 +11,11 @@ "product": { "product_data": [ { - "product_name": "Tape General STA - StorageTek Tape Analytics SW Tool", + "product_name": "Tape Library ACSLS", "version": { "version_data": [ { - "version_value": "2.3.0", + "version_value": "8.5", "version_affected": "=" } ] @@ -23,47 +23,7 @@ } ] }, - "vendor_name": "Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"PeopleSoft Enterprise PT PeopleTools", - "version":{ - "version_data":[ - { - "version_value":"8.56", - "version_affected":"=" - }, - { - "version_value":"8.57", - "version_affected":"=" - }, - { - "version_value":"8.58", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Tape Library ACSLS", - "version":{ - "version_data":[ - { - "version_value":"8.5", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation" + "vendor_name": "Oracle Corporation" } ] } @@ -109,8 +69,10 @@ "url": "http://packetstormsecurity.com/files/155886/Oracle-Weblogic-10.3.6.0.0-Remote-Command-Execution.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" - } + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } ] } } \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2904.json b/2019/2xxx/CVE-2019-2904.json index cb2e9eff42b..87ee65538f3 100644 --- a/2019/2xxx/CVE-2019-2904.json +++ b/2019/2xxx/CVE-2019-2904.json @@ -1,227 +1,72 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2019-2904", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2904", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"JDeveloper", - "version":{ - "version_data":[ + "product_name": "Retail Sales Audit", + "version": { + "version_data": [ { - "version_value":"11.1.1.9.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" + "version_value": "15.0.3. 16.0.2", + "version_affected": "=" } ] } } ] }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Application Testing Suite", - "version":{ - "version_data":[ - { - "version_value":"12.5.0.3", - "version_affected":"=" - }, - { - "version_value":"13.1.0.1", - "version_affected":"=" - }, - { - "version_value":"13.2.0.1", - "version_affected":"=" - }, - { - "version_value":"13.3.0.1", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Clinical", - "version":{ - "version_data":[ - { - "version_value":"5.2", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Health Sciences Data Management Workbench", - "version":{ - "version_data":[ - { - "version_value":"2.4", - "version_affected":"=" - }, - { - "version_value":"2.5", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Hyperion Planning", - "version":{ - "version_data":[ - { - "version_value":"11.1.2.4", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Retail Assortment Planning", - "version":{ - "version_data":[ - { - "version_value":"15.0.3", - "version_affected":"=" - }, - { - "version_value":"16.0.3", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Retail Clearance Optimization Engine", - "version":{ - "version_data":[ - { - "version_value":"14.0.5", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Retail Markdown Optimization", - "version":{ - "version_data":[ - { - "version_value":"13.4", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Retail Sales Audit", - "version":{ - "version_data":[ - { - "version_value":"15.0.3. 16.0.2", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation" + "vendor_name": "Oracle Corporation" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + "lang": "eng", + "value": "Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF." + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF." } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"MISC", - "name":"https://www.zerodayinitiative.com/advisories/ZDI-19-1024/", - "url":"https://www.zerodayinitiative.com/advisories/ZDI-19-1024/" + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2510.json b/2020/2xxx/CVE-2020-2510.json index 4f7940c9efd..c65cedab6d8 100644 --- a/2020/2xxx/CVE-2020-2510.json +++ b/2020/2xxx/CVE-2020-2510.json @@ -1,76 +1,79 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2510" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Database", - "version":{ - "version_data":[ - { - "version_value":"11.2.0.4", - "version_affected":"=" - }, - { - "version_value":"12.1.0.2", - "version_affected":"=" - }, - { - "version_value":"12.2.0.1", - "version_affected":"=" - }, - { - "version_value":"18c", - "version_affected":"=" - }, - { - "version_value":"19c", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "11.2.0.4", + "version_affected": "=" + }, + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Core RDBMS." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Core RDBMS." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2511.json b/2020/2xxx/CVE-2020-2511.json index d389ba57613..20fdd61b9ad 100644 --- a/2020/2xxx/CVE-2020-2511.json +++ b/2020/2xxx/CVE-2020-2511.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2511" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Database", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.2", - "version_affected":"=" - }, - { - "version_value":"12.2.0.1", - "version_affected":"=" - }, - { - "version_value":"18c", - "version_affected":"=" - }, - { - "version_value":"19c", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2512.json b/2020/2xxx/CVE-2020-2512.json index 128e507e2be..7be45bd83de 100644 --- a/2020/2xxx/CVE-2020-2512.json +++ b/2020/2xxx/CVE-2020-2512.json @@ -1,76 +1,79 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2512" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Database", - "version":{ - "version_data":[ - { - "version_value":"11.2.0.4", - "version_affected":"=" - }, - { - "version_value":"12.1.0.2", - "version_affected":"=" - }, - { - "version_value":"12.2.0.1", - "version_affected":"=" - }, - { - "version_value":"18c", - "version_affected":"=" - }, - { - "version_value":"19c", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "11.2.0.4", + "version_affected": "=" + }, + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Gateway for ODBC." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Gateway for ODBC." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2515.json b/2020/2xxx/CVE-2020-2515.json index 2ca9db2118b..e42c374a299 100644 --- a/2020/2xxx/CVE-2020-2515.json +++ b/2020/2xxx/CVE-2020-2515.json @@ -1,76 +1,79 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2515" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Database", - "version":{ - "version_data":[ - { - "version_value":"11.2.0.4", - "version_affected":"=" - }, - { - "version_value":"12.1.0.2", - "version_affected":"=" - }, - { - "version_value":"12.2.0.1", - "version_affected":"=" - }, - { - "version_value":"18c", - "version_affected":"=" - }, - { - "version_value":"19c", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "11.2.0.4", + "version_affected": "=" + }, + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data as well as unauthorized read access to a subset of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data as well as unauthorized read access to a subset of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data as well as unauthorized read access to a subset of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data as well as unauthorized read access to a subset of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2516.json b/2020/2xxx/CVE-2020-2516.json index 70f403b6615..10022020d1b 100644 --- a/2020/2xxx/CVE-2020-2516.json +++ b/2020/2xxx/CVE-2020-2516.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2516" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Database", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.2", - "version_affected":"=" - }, - { - "version_value":"12.2.0.1", - "version_affected":"=" - }, - { - "version_value":"18c", - "version_affected":"=" - }, - { - "version_value":"19c", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data. CVSS 3.0 Base Score 2.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data. CVSS 3.0 Base Score 2.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2517.json b/2020/2xxx/CVE-2020-2517.json index e04cc44cda9..f121ba9b7b8 100644 --- a/2020/2xxx/CVE-2020-2517.json +++ b/2020/2xxx/CVE-2020-2517.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2517" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Database", - "version":{ - "version_data":[ - { - "version_value":"12.2.0.1", - "version_affected":"=" - }, - { - "version_value":"18c", - "version_affected":"=" - }, - { - "version_value":"19c", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 3.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 3.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2518.json b/2020/2xxx/CVE-2020-2518.json index 2c9d36d0b5c..f791dd414dd 100644 --- a/2020/2xxx/CVE-2020-2518.json +++ b/2020/2xxx/CVE-2020-2518.json @@ -1,80 +1,83 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2518" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Database", - "version":{ - "version_data":[ - { - "version_value":"11.2.0.4", - "version_affected":"=" - }, - { - "version_value":"12.1.0.11", - "version_affected":"=" - }, - { - "version_value":"29", - "version_affected":"=" - }, - { - "version_value":"212.2.0.1", - "version_affected":"=" - }, - { - "version_value":"18c", - "version_affected":"=" - }, - { - "version_value":"19c", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "11.2.0.4", + "version_affected": "=" + }, + { + "version_value": "12.1.0.11", + "version_affected": "=" + }, + { + "version_value": "29", + "version_affected": "=" + }, + { + "version_value": "212.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.11,29,212.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.11,29,212.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2519.json b/2020/2xxx/CVE-2020-2519.json index dce35bf55c4..cf5da15f819 100644 --- a/2020/2xxx/CVE-2020-2519.json +++ b/2020/2xxx/CVE-2020-2519.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2519" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"WebLogic Server", - "version":{ - "version_data":[ - { - "version_value":"10.3.6.0.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.4.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2527.json b/2020/2xxx/CVE-2020-2527.json index 4a6622dafe8..7ed4593aebc 100644 --- a/2020/2xxx/CVE-2020-2527.json +++ b/2020/2xxx/CVE-2020-2527.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2527" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Database", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.2", - "version_affected":"=" - }, - { - "version_value":"12.2.0.1", - "version_affected":"=" - }, - { - "version_value":"18c", - "version_affected":"=" - }, - { - "version_value":"19c", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2530.json b/2020/2xxx/CVE-2020-2530.json index 1c7ea6f81e8..b6d9bafb274 100644 --- a/2020/2xxx/CVE-2020-2530.json +++ b/2020/2xxx/CVE-2020-2530.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2530" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"HTTP Server", - "version":{ - "version_data":[ - { - "version_value":"11.1.1.9.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HTTP Server", + "version": { + "version_data": [ + { + "version_value": "11.1.1.9.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2531.json b/2020/2xxx/CVE-2020-2531.json index 660c440a28d..e1f155358d3 100644 --- a/2020/2xxx/CVE-2020-2531.json +++ b/2020/2xxx/CVE-2020-2531.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2531" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Business Intelligence Enterprise Edition", - "version":{ - "version_data":[ - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.4.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Business Intelligence Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2533.json b/2020/2xxx/CVE-2020-2533.json index 0a3dbd5f391..44b67b1568e 100644 --- a/2020/2xxx/CVE-2020-2533.json +++ b/2020/2xxx/CVE-2020-2533.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2533" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Reports Developer", - "version":{ - "version_data":[ - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.4.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reports Developer", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2534.json b/2020/2xxx/CVE-2020-2534.json index aac2bbb2c7e..07f26affdb6 100644 --- a/2020/2xxx/CVE-2020-2534.json +++ b/2020/2xxx/CVE-2020-2534.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2534" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Reports Developer", - "version":{ - "version_data":[ - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.4.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reports Developer", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2535.json b/2020/2xxx/CVE-2020-2535.json index 4d69a6f9ff7..7d4db92d9c4 100644 --- a/2020/2xxx/CVE-2020-2535.json +++ b/2020/2xxx/CVE-2020-2535.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2535" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Business Intelligence Enterprise Edition", - "version":{ - "version_data":[ - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.4.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Business Intelligence Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2536.json b/2020/2xxx/CVE-2020-2536.json index ff9f9ee8c54..9c225bdaf7c 100644 --- a/2020/2xxx/CVE-2020-2536.json +++ b/2020/2xxx/CVE-2020-2536.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2536" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Outside In Technology", - "version":{ - "version_data":[ - { - "version_value":"8.5.4", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.4", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2537.json b/2020/2xxx/CVE-2020-2537.json index 7a34d43613c..f5fc9a79b95 100644 --- a/2020/2xxx/CVE-2020-2537.json +++ b/2020/2xxx/CVE-2020-2537.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2537" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Business Intelligence Enterprise Edition", - "version":{ - "version_data":[ - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.4.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Business Intelligence Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2538.json b/2020/2xxx/CVE-2020-2538.json index 44cb9028372..a6e479844e1 100644 --- a/2020/2xxx/CVE-2020-2538.json +++ b/2020/2xxx/CVE-2020-2538.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2538" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"WebCenter Sites", - "version":{ - "version_data":[ - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebCenter Sites", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2539.json b/2020/2xxx/CVE-2020-2539.json index 06380809215..141b8e08d99 100644 --- a/2020/2xxx/CVE-2020-2539.json +++ b/2020/2xxx/CVE-2020-2539.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2539" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"WebCenter Sites", - "version":{ - "version_data":[ - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebCenter Sites", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2540.json b/2020/2xxx/CVE-2020-2540.json index dde087cbc9d..a52fb25e9a0 100644 --- a/2020/2xxx/CVE-2020-2540.json +++ b/2020/2xxx/CVE-2020-2540.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2540" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Outside In Technology", - "version":{ - "version_data":[ - { - "version_value":"8.5.4", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.4", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2541.json b/2020/2xxx/CVE-2020-2541.json index 7512c2b923d..c9a11a52f9f 100644 --- a/2020/2xxx/CVE-2020-2541.json +++ b/2020/2xxx/CVE-2020-2541.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2541" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Outside In Technology", - "version":{ - "version_data":[ - { - "version_value":"8.5.4", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.4", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2542.json b/2020/2xxx/CVE-2020-2542.json index ced9eb0df63..1333b80dabd 100644 --- a/2020/2xxx/CVE-2020-2542.json +++ b/2020/2xxx/CVE-2020-2542.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2542" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Outside In Technology", - "version":{ - "version_data":[ - { - "version_value":"8.5.4", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.4", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2543.json b/2020/2xxx/CVE-2020-2543.json index 9ed1ed461c8..3369fa398bd 100644 --- a/2020/2xxx/CVE-2020-2543.json +++ b/2020/2xxx/CVE-2020-2543.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2543" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Outside In Technology", - "version":{ - "version_data":[ - { - "version_value":"8.5.4", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.4", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2544.json b/2020/2xxx/CVE-2020-2544.json index b89392ca235..9373b3a55a0 100644 --- a/2020/2xxx/CVE-2020-2544.json +++ b/2020/2xxx/CVE-2020-2544.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2544" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"WebLogic Server", - "version":{ - "version_data":[ - { - "version_value":"10.3.6.0.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.4.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2545.json b/2020/2xxx/CVE-2020-2545.json index 6f44f187216..2d07ac52464 100644 --- a/2020/2xxx/CVE-2020-2545.json +++ b/2020/2xxx/CVE-2020-2545.json @@ -1,92 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2545" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"HTTP Server", - "version":{ - "version_data":[ - { - "version_value":"11.1.1.9.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Service", + "version": { + "version_data": [ + { + "version_value": "11.1.1.9.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Security Service", - "version":{ - "version_data":[ - { - "version_value":"11.1.1.9.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2546.json b/2020/2xxx/CVE-2020-2546.json index 7e0f2522340..454a3166038 100644 --- a/2020/2xxx/CVE-2020-2546.json +++ b/2020/2xxx/CVE-2020-2546.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2546" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"WebLogic Server", - "version":{ - "version_data":[ - { - "version_value":"10.3.6.0.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2547.json b/2020/2xxx/CVE-2020-2547.json index f641efafc40..f7fd2cc1350 100644 --- a/2020/2xxx/CVE-2020-2547.json +++ b/2020/2xxx/CVE-2020-2547.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2547" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"WebLogic Server", - "version":{ - "version_data":[ - { - "version_value":"10.3.6.0.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.4.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2548.json b/2020/2xxx/CVE-2020-2548.json index fa71f2ca11b..2852deaccc1 100644 --- a/2020/2xxx/CVE-2020-2548.json +++ b/2020/2xxx/CVE-2020-2548.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2548" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"WebLogic Server", - "version":{ - "version_data":[ - { - "version_value":"10.3.6.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2549.json b/2020/2xxx/CVE-2020-2549.json index 25edd4e3039..209dfd4be6f 100644 --- a/2020/2xxx/CVE-2020-2549.json +++ b/2020/2xxx/CVE-2020-2549.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2549" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"WebLogic Server", - "version":{ - "version_data":[ - { - "version_value":"10.3.6.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2550.json b/2020/2xxx/CVE-2020-2550.json index 8fca117ba6d..5c85aa271d5 100644 --- a/2020/2xxx/CVE-2020-2550.json +++ b/2020/2xxx/CVE-2020-2550.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2550" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"WebLogic Server", - "version":{ - "version_data":[ - { - "version_value":"10.3.6.0.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.4.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2551.json b/2020/2xxx/CVE-2020-2551.json index 2812a8caedf..ac232d129f9 100644 --- a/2020/2xxx/CVE-2020-2551.json +++ b/2020/2xxx/CVE-2020-2551.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2551" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"WebLogic Server", - "version":{ - "version_data":[ - { - "version_value":"10.3.6.0.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.4.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2552.json b/2020/2xxx/CVE-2020-2552.json index e720f81749d..86a80e386dc 100644 --- a/2020/2xxx/CVE-2020-2552.json +++ b/2020/2xxx/CVE-2020-2552.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2552" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"WebLogic Server", - "version":{ - "version_data":[ - { - "version_value":"10.3.6.0.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2555.json b/2020/2xxx/CVE-2020-2555.json index 1984ec04181..ea801cab19a 100644 --- a/2020/2xxx/CVE-2020-2555.json +++ b/2020/2xxx/CVE-2020-2555.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2555" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Coherence", - "version":{ - "version_data":[ - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.4.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Coherence", + "version": { + "version_data": [ + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2556.json b/2020/2xxx/CVE-2020-2556.json index 53e8bf47084..ea8d6a3d9ee 100644 --- a/2020/2xxx/CVE-2020-2556.json +++ b/2020/2xxx/CVE-2020-2556.json @@ -1,76 +1,79 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2556" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Primavera P6 Professional Project Management", - "version":{ - "version_data":[ - { - "version_value":"16.2.0.0-16.2.19.0", - "version_affected":"=" - }, - { - "version_value":"17.12.0.0-17.12.16.0", - "version_affected":"=" - }, - { - "version_value":"18.8.0.0-18.8.16.0", - "version_affected":"=" - }, - { - "version_value":"19.12.0.0", - "version_affected":"=" - }, - { - "version_value":"20.1.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera P6 Professional Project Management", + "version": { + "version_data": [ + { + "version_value": "16.2.0.0-16.2.19.0", + "version_affected": "=" + }, + { + "version_value": "17.12.0.0-17.12.16.0", + "version_affected": "=" + }, + { + "version_value": "18.8.0.0-18.8.16.0", + "version_affected": "=" + }, + { + "version_value": "19.12.0.0", + "version_affected": "=" + }, + { + "version_value": "20.1.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Core). Supported versions that are affected are 16.2.0.0-16.2.19.0, 17.12.0.0-17.12.16.0, 18.8.0.0-18.8.16.0, 19.12.0.0 and 20.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera P6 Enterprise Project Portfolio Management executes to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera P6 Enterprise Project Portfolio Management executes to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Core). Supported versions that are affected are 16.2.0.0-16.2.19.0, 17.12.0.0-17.12.16.0, 18.8.0.0-18.8.16.0, 19.12.0.0 and 20.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera P6 Enterprise Project Portfolio Management executes to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera P6 Enterprise Project Portfolio Management executes to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2557.json b/2020/2xxx/CVE-2020-2557.json index 5329af079d2..86e11cd98e4 100644 --- a/2020/2xxx/CVE-2020-2557.json +++ b/2020/2xxx/CVE-2020-2557.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2557" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Demantra Demand Management", - "version":{ - "version_data":[ - { - "version_value":"12.2.4", - "version_affected":"=" - }, - { - "version_value":"12.2.4.1", - "version_affected":"=" - }, - { - "version_value":"12.2.5", - "version_affected":"=" - }, - { - "version_value":"12.2.5.1", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Demantra Demand Management", + "version": { + "version_data": [ + { + "version_value": "12.2.4", + "version_affected": "=" + }, + { + "version_value": "12.2.4.1", + "version_affected": "=" + }, + { + "version_value": "12.2.5", + "version_affected": "=" + }, + { + "version_value": "12.2.5.1", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: Security). Supported versions that are affected are 12.2.4, 12.2.4.1, 12.2.5 and 12.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Demantra Demand Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Demantra Demand Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: Security). Supported versions that are affected are 12.2.4, 12.2.4.1, 12.2.5 and 12.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Demantra Demand Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Demantra Demand Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2558.json b/2020/2xxx/CVE-2020-2558.json index e2a28de3e8d..e85b5506a60 100644 --- a/2020/2xxx/CVE-2020-2558.json +++ b/2020/2xxx/CVE-2020-2558.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2558" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Solaris Operating System", - "version":{ - "version_data":[ - { - "version_value":"11", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2559.json b/2020/2xxx/CVE-2020-2559.json index 06d4b86f18a..02ab583e402 100644 --- a/2020/2xxx/CVE-2020-2559.json +++ b/2020/2xxx/CVE-2020-2559.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2559" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Siebel UI Framework", - "version":{ - "version_data":[ - { - "version_value":"19.7 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Siebel UI Framework", + "version": { + "version_data": [ + { + "version_value": "19.7 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: UIF Open UI). Supported versions that are affected are 19.7 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: UIF Open UI). Supported versions that are affected are 19.7 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2560.json b/2020/2xxx/CVE-2020-2560.json index 32592a22921..9c0020f540c 100644 --- a/2020/2xxx/CVE-2020-2560.json +++ b/2020/2xxx/CVE-2020-2560.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2560" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Siebel UI Framework", - "version":{ - "version_data":[ - { - "version_value":"19.10 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Siebel UI Framework", + "version": { + "version_data": [ + { + "version_value": "19.10 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2561.json b/2020/2xxx/CVE-2020-2561.json index 9b38cdd80cd..c6ef94f8e77 100644 --- a/2020/2xxx/CVE-2020-2561.json +++ b/2020/2xxx/CVE-2020-2561.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2561" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"PeopleSoft Enterprise HCM Human Resources", - "version":{ - "version_data":[ - { - "version_value":"9.2", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise HCM Human Resources", + "version": { + "version_data": [ + { + "version_value": "9.2", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Company Dir / Org Chart Viewer). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Company Dir / Org Chart Viewer). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2563.json b/2020/2xxx/CVE-2020-2563.json index 0667f01c153..5d80b8718ff 100644 --- a/2020/2xxx/CVE-2020-2563.json +++ b/2020/2xxx/CVE-2020-2563.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2563" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Hyperion Financial Close Management", - "version":{ - "version_data":[ - { - "version_value":"11.1.2.4", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hyperion Financial Close Management", + "version": { + "version_data": [ + { + "version_value": "11.1.2.4", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Close Management accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Close Management accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Close Management accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Close Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2564.json b/2020/2xxx/CVE-2020-2564.json index 335ac7222bf..fc298075549 100644 --- a/2020/2xxx/CVE-2020-2564.json +++ b/2020/2xxx/CVE-2020-2564.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2564" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Siebel UI Framework", - "version":{ - "version_data":[ - { - "version_value":"19.10 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Siebel UI Framework", + "version": { + "version_data": [ + { + "version_value": "19.10 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2565.json b/2020/2xxx/CVE-2020-2565.json index a55610abb65..ff3b123ee45 100644 --- a/2020/2xxx/CVE-2020-2565.json +++ b/2020/2xxx/CVE-2020-2565.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2565" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Solaris Operating System", - "version":{ - "version_data":[ - { - "version_value":"11", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Consolidation Infrastructure). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Consolidation Infrastructure). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2566.json b/2020/2xxx/CVE-2020-2566.json index 504b9621b85..2218a192d99 100644 --- a/2020/2xxx/CVE-2020-2566.json +++ b/2020/2xxx/CVE-2020-2566.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2566" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Applications Framework", - "version":{ - "version_data":[ - { - "version_value":"12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Applications Framework", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2567.json b/2020/2xxx/CVE-2020-2567.json index a47b46691a0..9075e6ae114 100644 --- a/2020/2xxx/CVE-2020-2567.json +++ b/2020/2xxx/CVE-2020-2567.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2567" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Retail Customer Management and Segmentation Foundation", - "version":{ - "version_data":[ - { - "version_value":"18.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Customer Management and Segmentation Foundation", + "version": { + "version_data": [ + { + "version_value": "18.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security). The supported version that is affected is 18.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security). The supported version that is affected is 18.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2568.json b/2020/2xxx/CVE-2020-2568.json index d7eea740f00..91d45be5a79 100644 --- a/2020/2xxx/CVE-2020-2568.json +++ b/2020/2xxx/CVE-2020-2568.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2568" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Database", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.2", - "version_affected":"=" - }, - { - "version_value":"12.2.0.1", - "version_affected":"=" - }, - { - "version_value":"18c", - "version_affected":"=" - }, - { - "version_value":"19c", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2569.json b/2020/2xxx/CVE-2020-2569.json index 16ee81fb72d..0a9b76526f5 100644 --- a/2020/2xxx/CVE-2020-2569.json +++ b/2020/2xxx/CVE-2020-2569.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2569" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"PL/SQL", - "version":{ - "version_data":[ - { - "version_value":"12.2.0.1", - "version_affected":"=" - }, - { - "version_value":"18c", - "version_affected":"=" - }, - { - "version_value":"19c", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PL/SQL", + "version": { + "version_data": [ + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2570.json b/2020/2xxx/CVE-2020-2570.json index 6386293dce6..020ac4070aa 100644 --- a/2020/2xxx/CVE-2020-2570.json +++ b/2020/2xxx/CVE-2020-2570.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2570" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"5.7.28 and prior", - "version_affected":"=" - }, - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2571.json b/2020/2xxx/CVE-2020-2571.json index f3c37180341..c2df03f6452 100644 --- a/2020/2xxx/CVE-2020-2571.json +++ b/2020/2xxx/CVE-2020-2571.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2571" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"LDOMS", - "version":{ - "version_data":[ - { - "version_value":"3.6", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LDOMS", + "version": { + "version_data": [ + { + "version_value": "3.6", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM Server for SPARC product of Oracle Systems (component: Templates). The supported version that is affected is 3.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM Server for SPARC executes to compromise Oracle VM Server for SPARC. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM Server for SPARC accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM Server for SPARC executes to compromise Oracle VM Server for SPARC. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM Server for SPARC accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM Server for SPARC product of Oracle Systems (component: Templates). The supported version that is affected is 3.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM Server for SPARC executes to compromise Oracle VM Server for SPARC. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM Server for SPARC accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM Server for SPARC executes to compromise Oracle VM Server for SPARC. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM Server for SPARC accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2572.json b/2020/2xxx/CVE-2020-2572.json index 3110b7c09de..d4ee5749ddf 100644 --- a/2020/2xxx/CVE-2020-2572.json +++ b/2020/2xxx/CVE-2020-2572.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2572" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"5.7.28 and prior", - "version_affected":"=" - }, - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file From 5b155b0e52499d993e85e5683442dc8b6c96e33f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 17:02:03 +0000 Subject: [PATCH 089/387] "-Synchronized-Data." --- 2020/2xxx/CVE-2020-2573.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2574.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2576.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2577.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2578.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2579.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2580.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2581.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2582.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2583.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2584.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2585.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2586.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2587.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2588.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2589.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2590.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2591.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2592.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2593.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2595.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2596.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2597.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2598.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2599.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2600.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2601.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2602.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2603.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2604.json | 137 ++++++++++++++++------------------- 2020/2xxx/CVE-2020-2605.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2606.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2607.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2608.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2609.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2610.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2611.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2612.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2613.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2614.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2615.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2616.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2617.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2618.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2619.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2620.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2621.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2622.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2623.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2624.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2625.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2626.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2627.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2628.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2629.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2630.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2631.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2632.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2633.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2634.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2635.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2636.json | 129 +++++++++++++++++---------------- 62 files changed, 3908 insertions(+), 3738 deletions(-) diff --git a/2020/2xxx/CVE-2020-2573.json b/2020/2xxx/CVE-2020-2573.json index 46b05f87ec9..772e62cb391 100644 --- a/2020/2xxx/CVE-2020-2573.json +++ b/2020/2xxx/CVE-2020-2573.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2573" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"5.7.28 and prior", - "version_affected":"=" - }, - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2574.json b/2020/2xxx/CVE-2020-2574.json index 4d89b02fe57..1ffef79e5a9 100644 --- a/2020/2xxx/CVE-2020-2574.json +++ b/2020/2xxx/CVE-2020-2574.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2574" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"5.6.46 and prior", - "version_affected":"=" - }, - { - "version_value":"5.7.28 and prior", - "version_affected":"=" - }, - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.6.46 and prior", + "version_affected": "=" + }, + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2576.json b/2020/2xxx/CVE-2020-2576.json index ff735a6ab39..c517b987a1e 100644 --- a/2020/2xxx/CVE-2020-2576.json +++ b/2020/2xxx/CVE-2020-2576.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2576" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Outside In Technology", - "version":{ - "version_data":[ - { - "version_value":"8.5.4", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.4", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2577.json b/2020/2xxx/CVE-2020-2577.json index f1569a4407a..e590d4f7a8d 100644 --- a/2020/2xxx/CVE-2020-2577.json +++ b/2020/2xxx/CVE-2020-2577.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2577" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"5.7.28 and prior", - "version_affected":"=" - }, - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2578.json b/2020/2xxx/CVE-2020-2578.json index ed4dfc4867f..e44c71a6b09 100644 --- a/2020/2xxx/CVE-2020-2578.json +++ b/2020/2xxx/CVE-2020-2578.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2578" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Solaris Operating System", - "version":{ - "version_data":[ - { - "version_value":"11", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2579.json b/2020/2xxx/CVE-2020-2579.json index 002cc16bd57..f2f4d4cc260 100644 --- a/2020/2xxx/CVE-2020-2579.json +++ b/2020/2xxx/CVE-2020-2579.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2579" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"5.6.46 and prior", - "version_affected":"=" - }, - { - "version_value":"5.7.28 and prior", - "version_affected":"=" - }, - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.6.46 and prior", + "version_affected": "=" + }, + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2580.json b/2020/2xxx/CVE-2020-2580.json index 00f9ef49d1a..4e947188ab0 100644 --- a/2020/2xxx/CVE-2020-2580.json +++ b/2020/2xxx/CVE-2020-2580.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2580" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"8.0.17 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.17 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2581.json b/2020/2xxx/CVE-2020-2581.json index 6cc9f391435..1e6b1f4e667 100644 --- a/2020/2xxx/CVE-2020-2581.json +++ b/2020/2xxx/CVE-2020-2581.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2581" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"GraalVM Enterprise Edition", - "version":{ - "version_data":[ - { - "version_value":"19.3.0.2", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GraalVM Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "19.3.0.2", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.0 Base Score 4.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM Enterprise Edition." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.0 Base Score 4.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM Enterprise Edition." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2582.json b/2020/2xxx/CVE-2020-2582.json index 86d82bbfe8c..648375318bd 100644 --- a/2020/2xxx/CVE-2020-2582.json +++ b/2020/2xxx/CVE-2020-2582.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2582" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"iStore", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iStore", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2583.json b/2020/2xxx/CVE-2020-2583.json index 82e41035987..9a1970defc0 100644 --- a/2020/2xxx/CVE-2020-2583.json +++ b/2020/2xxx/CVE-2020-2583.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2583" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Java", - "version":{ - "version_data":[ - { - "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", - "version_affected":"=" - }, - { - "version_value":"Java SE Embedded: 8u231", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u231", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2584.json b/2020/2xxx/CVE-2020-2584.json index 5836fca7b7e..367967e871c 100644 --- a/2020/2xxx/CVE-2020-2584.json +++ b/2020/2xxx/CVE-2020-2584.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2584" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"5.7.28 and prior", - "version_affected":"=" - }, - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2585.json b/2020/2xxx/CVE-2020-2585.json index 07517dafb0a..94d462c498d 100644 --- a/2020/2xxx/CVE-2020-2585.json +++ b/2020/2xxx/CVE-2020-2585.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2585" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Java", - "version":{ - "version_data":[ - { - "version_value":"Java SE: 8u241", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 8u241", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2586.json b/2020/2xxx/CVE-2020-2586.json index 6a9c35f0bbd..75edf093dc4 100644 --- a/2020/2xxx/CVE-2020-2586.json +++ b/2020/2xxx/CVE-2020-2586.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2586" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Human Resources", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Human Resources", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2587.json b/2020/2xxx/CVE-2020-2587.json index 64d379b34c5..7e469a6e677 100644 --- a/2020/2xxx/CVE-2020-2587.json +++ b/2020/2xxx/CVE-2020-2587.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2587" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Human Resources", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Human Resources", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2588.json b/2020/2xxx/CVE-2020-2588.json index 902f3991c42..c658909b5b1 100644 --- a/2020/2xxx/CVE-2020-2588.json +++ b/2020/2xxx/CVE-2020-2588.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2588" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2589.json b/2020/2xxx/CVE-2020-2589.json index e6168b3be8c..c2f29e11104 100644 --- a/2020/2xxx/CVE-2020-2589.json +++ b/2020/2xxx/CVE-2020-2589.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2589" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"5.7.28 and prior", - "version_affected":"=" - }, - { - "version_value":"8.0.17 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.17 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2590.json b/2020/2xxx/CVE-2020-2590.json index 99050b1505d..04d01e266ce 100644 --- a/2020/2xxx/CVE-2020-2590.json +++ b/2020/2xxx/CVE-2020-2590.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2590" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Java", - "version":{ - "version_data":[ - { - "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", - "version_affected":"=" - }, - { - "version_value":"Java SE Embedded: 8u231", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u231", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2591.json b/2020/2xxx/CVE-2020-2591.json index ec9d279ca17..1d93745814f 100644 --- a/2020/2xxx/CVE-2020-2591.json +++ b/2020/2xxx/CVE-2020-2591.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2591" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Web Applications Desktop Integrator", - "version":{ - "version_data":[ - { - "version_value":"12.1.3", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Web Applications Desktop Integrator", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Web Applications Desktop Integrator accessible data as well as unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Web Applications Desktop Integrator accessible data as well as unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Web Applications Desktop Integrator accessible data as well as unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Web Applications Desktop Integrator accessible data as well as unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2592.json b/2020/2xxx/CVE-2020-2592.json index 74f63535e9e..745cf5a3944 100644 --- a/2020/2xxx/CVE-2020-2592.json +++ b/2020/2xxx/CVE-2020-2592.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2592" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"AutoVue 3D Professional Advanced", - "version":{ - "version_data":[ - { - "version_value":"12.0.2", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AutoVue 3D Professional Advanced", + "version": { + "version_data": [ + { + "version_value": "12.0.2", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security). The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security). The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2593.json b/2020/2xxx/CVE-2020-2593.json index fb78fbe6594..b36fda31709 100644 --- a/2020/2xxx/CVE-2020-2593.json +++ b/2020/2xxx/CVE-2020-2593.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2593" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Java", - "version":{ - "version_data":[ - { - "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", - "version_affected":"=" - }, - { - "version_value":"Java SE Embedded: 8u231", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u231", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2595.json b/2020/2xxx/CVE-2020-2595.json index 1ab2e30f05a..7668d5dc404 100644 --- a/2020/2xxx/CVE-2020-2595.json +++ b/2020/2xxx/CVE-2020-2595.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2595" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"GraalVM Enterprise Edition", - "version":{ - "version_data":[ - { - "version_value":"19.3.0.2", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GraalVM Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "19.3.0.2", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.0 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.0 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2596.json b/2020/2xxx/CVE-2020-2596.json index 453f0795c53..829383c59c4 100644 --- a/2020/2xxx/CVE-2020-2596.json +++ b/2020/2xxx/CVE-2020-2596.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2596" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"CRM Technical Foundation", - "version":{ - "version_data":[ - { - "version_value":"12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Message Hooks). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Message Hooks). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2597.json b/2020/2xxx/CVE-2020-2597.json index a84137f19cd..f4428e79072 100644 --- a/2020/2xxx/CVE-2020-2597.json +++ b/2020/2xxx/CVE-2020-2597.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2597" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"One-to-One Fulfillment", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "One-to-One Fulfillment", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Call Phone Number Page). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Call Phone Number Page). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2598.json b/2020/2xxx/CVE-2020-2598.json index 3533590ce2e..13eda422ce0 100644 --- a/2020/2xxx/CVE-2020-2598.json +++ b/2020/2xxx/CVE-2020-2598.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2598" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"PeopleSoft Enterprise PT PeopleTools", - "version":{ - "version_data":[ - { - "version_value":"8.56", - "version_affected":"=" - }, - { - "version_value":"8.57", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Activity Guide). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Activity Guide). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2599.json b/2020/2xxx/CVE-2020-2599.json index c75d399a110..164f7e68075 100644 --- a/2020/2xxx/CVE-2020-2599.json +++ b/2020/2xxx/CVE-2020-2599.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2599" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Hospitality Cruise Materials Management", - "version":{ - "version_data":[ - { - "version_value":"7.30.567", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Cruise Materials Management", + "version": { + "version_data": [ + { + "version_value": "7.30.567", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Hospitality Cruise Materials Management product of Oracle Hospitality Applications (component: MMS All). The supported version that is affected is 7.30.567. Difficult to exploit vulnerability allows physical access to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Materials Management accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows physical access to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Materials Management accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Cruise Materials Management product of Oracle Hospitality Applications (component: MMS All). The supported version that is affected is 7.30.567. Difficult to exploit vulnerability allows physical access to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Materials Management accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows physical access to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Materials Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2600.json b/2020/2xxx/CVE-2020-2600.json index f1b622745f4..a3e8de7839c 100644 --- a/2020/2xxx/CVE-2020-2600.json +++ b/2020/2xxx/CVE-2020-2600.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2600" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"PeopleSoft Enterprise PT PeopleTools", - "version":{ - "version_data":[ - { - "version_value":"8.56", - "version_affected":"=" - }, - { - "version_value":"8.57", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2601.json b/2020/2xxx/CVE-2020-2601.json index 7148255f004..be16fd71ca2 100644 --- a/2020/2xxx/CVE-2020-2601.json +++ b/2020/2xxx/CVE-2020-2601.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2601" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Java", - "version":{ - "version_data":[ - { - "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", - "version_affected":"=" - }, - { - "version_value":"Java SE Embedded: 8u231", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u231", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2602.json b/2020/2xxx/CVE-2020-2602.json index c60f27465a4..ea27825b733 100644 --- a/2020/2xxx/CVE-2020-2602.json +++ b/2020/2xxx/CVE-2020-2602.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2602" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"PeopleSoft Enterprise PT PeopleTools", - "version":{ - "version_data":[ - { - "version_value":"8.56", - "version_affected":"=" - }, - { - "version_value":"8.57", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Tree Manager). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Tree Manager). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2603.json b/2020/2xxx/CVE-2020-2603.json index c5d44a27599..3c86e390995 100644 --- a/2020/2xxx/CVE-2020-2603.json +++ b/2020/2xxx/CVE-2020-2603.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2603" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Field Service", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Field Service", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Wireless). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Field Service accessible data as well as unauthorized read access to a subset of Oracle Field Service accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Field Service accessible data as well as unauthorized read access to a subset of Oracle Field Service accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Wireless). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Field Service accessible data as well as unauthorized read access to a subset of Oracle Field Service accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Field Service accessible data as well as unauthorized read access to a subset of Oracle Field Service accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2604.json b/2020/2xxx/CVE-2020-2604.json index 3b0144c8640..f3eeeff161d 100644 --- a/2020/2xxx/CVE-2020-2604.json +++ b/2020/2xxx/CVE-2020-2604.json @@ -1,80 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2604" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"GraalVM Enterprise Edition", - "version":{ - "version_data":[ - { - "version_value":"19.3.0.2", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u231", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Java", - "version":{ - "version_data":[ - { - "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", - "version_affected":"=" - }, - { - "version_value":"Java SE Embedded: 8u231", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java). The supported version that is affected is 19.3.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition. Note: GraalVM Enterprise 19.3 and above includes both Java SE 8 and Java SE 11. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java). The supported version that is affected is 19.3.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition. Note: GraalVM Enterprise 19.3 and above includes both Java SE 8 and Java SE 11. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2605.json b/2020/2xxx/CVE-2020-2605.json index 2be9251b6e8..877bcc7bf76 100644 --- a/2020/2xxx/CVE-2020-2605.json +++ b/2020/2xxx/CVE-2020-2605.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2605" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Solaris Operating System", - "version":{ - "version_data":[ - { - "version_value":"11", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2606.json b/2020/2xxx/CVE-2020-2606.json index 679a6b3a503..bf9d5b40f17 100644 --- a/2020/2xxx/CVE-2020-2606.json +++ b/2020/2xxx/CVE-2020-2606.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2606" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"PeopleSoft Enterprise PT PeopleTools", - "version":{ - "version_data":[ - { - "version_value":"8.56", - "version_affected":"=" - }, - { - "version_value":"8.57", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2607.json b/2020/2xxx/CVE-2020-2607.json index 8537ed75fc9..c5dcadcf98d 100644 --- a/2020/2xxx/CVE-2020-2607.json +++ b/2020/2xxx/CVE-2020-2607.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2607" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"PeopleSoft Enterprise PT PeopleTools", - "version":{ - "version_data":[ - { - "version_value":"8.56", - "version_affected":"=" - }, - { - "version_value":"8.57", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2608.json b/2020/2xxx/CVE-2020-2608.json index ce6205caf23..87d7ecb8073 100644 --- a/2020/2xxx/CVE-2020-2608.json +++ b/2020/2xxx/CVE-2020-2608.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2608" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Repository). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Repository). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2609.json b/2020/2xxx/CVE-2020-2609.json index 0448dc98d18..2971e1fc080 100644 --- a/2020/2xxx/CVE-2020-2609.json +++ b/2020/2xxx/CVE-2020-2609.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2609" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2610.json b/2020/2xxx/CVE-2020-2610.json index 37ef3827c53..3248baa9bb9 100644 --- a/2020/2xxx/CVE-2020-2610.json +++ b/2020/2xxx/CVE-2020-2610.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2610" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2611.json b/2020/2xxx/CVE-2020-2611.json index 1ced91f842c..81ebe9f4940 100644 --- a/2020/2xxx/CVE-2020-2611.json +++ b/2020/2xxx/CVE-2020-2611.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2611" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2612.json b/2020/2xxx/CVE-2020-2612.json index 6b3cb3388f9..648f97a812d 100644 --- a/2020/2xxx/CVE-2020-2612.json +++ b/2020/2xxx/CVE-2020-2612.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2612" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2613.json b/2020/2xxx/CVE-2020-2613.json index 237e2d39930..a9c2a833f7f 100644 --- a/2020/2xxx/CVE-2020-2613.json +++ b/2020/2xxx/CVE-2020-2613.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2613" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Global EM Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Global EM Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2614.json b/2020/2xxx/CVE-2020-2614.json index 498663663e9..2f6a1f12a85 100644 --- a/2020/2xxx/CVE-2020-2614.json +++ b/2020/2xxx/CVE-2020-2614.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2614" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"APM - Application Performance Management", - "version":{ - "version_data":[ - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "APM - Application Performance Management", + "version": { + "version_data": [ + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: APM Mesh). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Fusion Middleware accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Fusion Middleware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Fusion Middleware. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Fusion Middleware accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Fusion Middleware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Fusion Middleware." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: APM Mesh). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Fusion Middleware accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Fusion Middleware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Fusion Middleware. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Fusion Middleware accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Fusion Middleware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Fusion Middleware." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2615.json b/2020/2xxx/CVE-2020-2615.json index 0fb73b17672..3e7205b1d89 100644 --- a/2020/2xxx/CVE-2020-2615.json +++ b/2020/2xxx/CVE-2020-2615.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2615" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2616.json b/2020/2xxx/CVE-2020-2616.json index f7cf0c27815..f30987f53b9 100644 --- a/2020/2xxx/CVE-2020-2616.json +++ b/2020/2xxx/CVE-2020-2616.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2616" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Repository). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Repository). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2617.json b/2020/2xxx/CVE-2020-2617.json index ded385130cb..8d6f3168f06 100644 --- a/2020/2xxx/CVE-2020-2617.json +++ b/2020/2xxx/CVE-2020-2617.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2617" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2618.json b/2020/2xxx/CVE-2020-2618.json index 6b77def742b..04f6fac44aa 100644 --- a/2020/2xxx/CVE-2020-2618.json +++ b/2020/2xxx/CVE-2020-2618.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2618" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2619.json b/2020/2xxx/CVE-2020-2619.json index bd55395b1f2..634103bd779 100644 --- a/2020/2xxx/CVE-2020-2619.json +++ b/2020/2xxx/CVE-2020-2619.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2619" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2620.json b/2020/2xxx/CVE-2020-2620.json index 7703a98bd95..9162c754ec8 100644 --- a/2020/2xxx/CVE-2020-2620.json +++ b/2020/2xxx/CVE-2020-2620.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2620" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2621.json b/2020/2xxx/CVE-2020-2621.json index 7f94581f2f9..9abdb5cc057 100644 --- a/2020/2xxx/CVE-2020-2621.json +++ b/2020/2xxx/CVE-2020-2621.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2621" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2622.json b/2020/2xxx/CVE-2020-2622.json index 9480ca56107..9df1cf01ebc 100644 --- a/2020/2xxx/CVE-2020-2622.json +++ b/2020/2xxx/CVE-2020-2622.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2622" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2623.json b/2020/2xxx/CVE-2020-2623.json index 6fac7e44f5d..88694f1eae6 100644 --- a/2020/2xxx/CVE-2020-2623.json +++ b/2020/2xxx/CVE-2020-2623.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2623" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metrics Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metrics Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2624.json b/2020/2xxx/CVE-2020-2624.json index 12fc43272eb..bb86411f2d9 100644 --- a/2020/2xxx/CVE-2020-2624.json +++ b/2020/2xxx/CVE-2020-2624.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2624" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2625.json b/2020/2xxx/CVE-2020-2625.json index cd9963f28c9..437799b0d97 100644 --- a/2020/2xxx/CVE-2020-2625.json +++ b/2020/2xxx/CVE-2020-2625.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2625" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2626.json b/2020/2xxx/CVE-2020-2626.json index a2466dc6bc5..99d09edaaaf 100644 --- a/2020/2xxx/CVE-2020-2626.json +++ b/2020/2xxx/CVE-2020-2626.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2626" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Cloud Control Manager - OMS). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Cloud Control Manager - OMS). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2627.json b/2020/2xxx/CVE-2020-2627.json index 7195091eb14..94a913e1492 100644 --- a/2020/2xxx/CVE-2020-2627.json +++ b/2020/2xxx/CVE-2020-2627.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2627" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2628.json b/2020/2xxx/CVE-2020-2628.json index 54dc05c231e..8484a6f3cc7 100644 --- a/2020/2xxx/CVE-2020-2628.json +++ b/2020/2xxx/CVE-2020-2628.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2628" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2629.json b/2020/2xxx/CVE-2020-2629.json index 419480d0dbd..b2eb3fc1615 100644 --- a/2020/2xxx/CVE-2020-2629.json +++ b/2020/2xxx/CVE-2020-2629.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2629" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2630.json b/2020/2xxx/CVE-2020-2630.json index 952d1a65680..f6a2e2c5bf3 100644 --- a/2020/2xxx/CVE-2020-2630.json +++ b/2020/2xxx/CVE-2020-2630.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2630" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2631.json b/2020/2xxx/CVE-2020-2631.json index dfa18a0fb15..dc0ef918189 100644 --- a/2020/2xxx/CVE-2020-2631.json +++ b/2020/2xxx/CVE-2020-2631.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2631" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2632.json b/2020/2xxx/CVE-2020-2632.json index abaee4343e8..38bb2b72f59 100644 --- a/2020/2xxx/CVE-2020-2632.json +++ b/2020/2xxx/CVE-2020-2632.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2632" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2633.json b/2020/2xxx/CVE-2020-2633.json index 474d7302204..18cde616211 100644 --- a/2020/2xxx/CVE-2020-2633.json +++ b/2020/2xxx/CVE-2020-2633.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2633" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2634.json b/2020/2xxx/CVE-2020-2634.json index f0c2677f558..fb3f7ab5568 100644 --- a/2020/2xxx/CVE-2020-2634.json +++ b/2020/2xxx/CVE-2020-2634.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2634" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Configuration Standard Framewk). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Configuration Standard Framewk). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2635.json b/2020/2xxx/CVE-2020-2635.json index 6607b002488..b78ed3db116 100644 --- a/2020/2xxx/CVE-2020-2635.json +++ b/2020/2xxx/CVE-2020-2635.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2635" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2636.json b/2020/2xxx/CVE-2020-2636.json index a2e7a58d8b3..b94f8784d92 100644 --- a/2020/2xxx/CVE-2020-2636.json +++ b/2020/2xxx/CVE-2020-2636.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2636" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file From df848aad32ee042f345da7d86683b53b00d9bd48 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 18:01:22 +0000 Subject: [PATCH 090/387] "-Synchronized-Data." --- 2014/6xxx/CVE-2014-6448.json | 48 ++++++++++++++++++++++++++++++++++-- 1 file changed, 46 insertions(+), 2 deletions(-) diff --git a/2014/6xxx/CVE-2014-6448.json b/2014/6xxx/CVE-2014-6448.json index 0c359776b26..344be14e110 100644 --- a/2014/6xxx/CVE-2014-6448.json +++ b/2014/6xxx/CVE-2014-6448.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-6448", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10695", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10695" } ] } From e7d9cca4978470e4c49fd95776f271c0550e12e9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 18:01:43 +0000 Subject: [PATCH 091/387] "-Synchronized-Data." --- 2009/1xxx/CVE-2009-1120.json | 55 ++++++++++++++++++++++++++++++++-- 2015/5xxx/CVE-2015-5071.json | 53 ++++++++++++++++++++++++++++++-- 2015/5xxx/CVE-2015-5072.json | 53 ++++++++++++++++++++++++++++++-- 2017/5xxx/CVE-2017-5645.json | 5 ++++ 2018/18xxx/CVE-2018-18811.json | 14 ++++----- 2019/17xxx/CVE-2019-17571.json | 5 ++++ 2019/18xxx/CVE-2019-18218.json | 5 ++++ 2019/18xxx/CVE-2019-18675.json | 5 ++++ 2019/5xxx/CVE-2019-5094.json | 5 ++++ 9 files changed, 186 insertions(+), 14 deletions(-) diff --git a/2009/1xxx/CVE-2009-1120.json b/2009/1xxx/CVE-2009-1120.json index 02f3382c1ac..a3143629541 100644 --- a/2009/1xxx/CVE-2009-1120.json +++ b/2009/1xxx/CVE-2009-1120.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secure@dell.com", "ID": "CVE-2009-1120", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RepliStor", + "version": { + "version_data": [ + { + "version_value": "before ESA-09-003" + } + ] + } + } + ] + }, + "vendor_name": "EMC" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -exposed via the rep_srv.exe process- where the vulnerability is caused by an error when the rep_srv.exe handles a specially crafted packet sent by an unauthenticated attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-068/", + "refsource": "MISC", + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-068/" + }, + { + "refsource": "MISC", + "name": "https://fortiguard.com/encyclopedia/ips/17967/emc-replistor-server-service-doasocommand-code-execution", + "url": "https://fortiguard.com/encyclopedia/ips/17967/emc-replistor-server-service-doasocommand-code-execution" } ] } diff --git a/2015/5xxx/CVE-2015-5071.json b/2015/5xxx/CVE-2015-5071.json index 5ed5f6b6ff5..cc886668b4a 100644 --- a/2015/5xxx/CVE-2015-5071.json +++ b/2015/5xxx/CVE-2015-5071.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5071", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to \"navigate\" to arbitrary files via the __report parameter of the BIRT viewer servlet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/133688/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html", + "url": "https://packetstormsecurity.com/files/133688/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html" + }, + { + "refsource": "CONFIRM", + "name": "https://communities.bmc.com/docs/DOC-77816", + "url": "https://communities.bmc.com/docs/DOC-77816" } ] } diff --git a/2015/5xxx/CVE-2015-5072.json b/2015/5xxx/CVE-2015-5072.json index c9c26c08657..8af3018723d 100644 --- a/2015/5xxx/CVE-2015-5072.json +++ b/2015/5xxx/CVE-2015-5072.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5072", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to \"navigate\" to arbitrary local files via the __imageid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://communities.bmc.com/docs/DOC-77816", + "url": "https://communities.bmc.com/docs/DOC-77816" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/133689/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html", + "url": "https://packetstormsecurity.com/files/133689/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html" } ] } diff --git a/2017/5xxx/CVE-2017-5645.json b/2017/5xxx/CVE-2017-5645.json index 0fa1fef0de6..40d0772d00c 100644 --- a/2017/5xxx/CVE-2017-5645.json +++ b/2017/5xxx/CVE-2017-5645.json @@ -311,6 +311,11 @@ "refsource": "MLIST", "name": "[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", "url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3Cdev.tika.apache.org%3E" } ] } diff --git a/2018/18xxx/CVE-2018-18811.json b/2018/18xxx/CVE-2018-18811.json index 1316485b592..70ea1360036 100644 --- a/2018/18xxx/CVE-2018-18811.json +++ b/2018/18xxx/CVE-2018-18811.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-18811", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-18811", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." } ] } diff --git a/2019/17xxx/CVE-2019-17571.json b/2019/17xxx/CVE-2019-17571.json index 8dbb2465404..0cc132fb3de 100644 --- a/2019/17xxx/CVE-2019-17571.json +++ b/2019/17xxx/CVE-2019-17571.json @@ -193,6 +193,11 @@ "refsource": "MLIST", "name": "[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", "url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3Cdev.tika.apache.org%3E" } ] }, diff --git a/2019/18xxx/CVE-2019-18218.json b/2019/18xxx/CVE-2019-18218.json index 7b6c8d6ca04..02d3c488d50 100644 --- a/2019/18xxx/CVE-2019-18218.json +++ b/2019/18xxx/CVE-2019-18218.json @@ -96,6 +96,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-18036b898e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6BJVGXSCC6NMIAWX36FPWHEIFON3OSE/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200115-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200115-0001/" } ] } diff --git a/2019/18xxx/CVE-2019-18675.json b/2019/18xxx/CVE-2019-18675.json index 97c3e74b214..ae5bfe42661 100644 --- a/2019/18xxx/CVE-2019-18675.json +++ b/2019/18xxx/CVE-2019-18675.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200103-0001/", "url": "https://security.netapp.com/advisory/ntap-20200103-0001/" + }, + { + "refsource": "CONFIRM", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=be83bbf806822b1b89e0a0f23cd87cddc409e429", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=be83bbf806822b1b89e0a0f23cd87cddc409e429" } ] } diff --git a/2019/5xxx/CVE-2019-5094.json b/2019/5xxx/CVE-2019-5094.json index 26704dec92f..e6abbd57a29 100644 --- a/2019/5xxx/CVE-2019-5094.json +++ b/2019/5xxx/CVE-2019-5094.json @@ -73,6 +73,11 @@ "refsource": "UBUNTU", "name": "USN-4142-1", "url": "https://usn.ubuntu.com/4142-1/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200115-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200115-0002/" } ] }, From 7b31b971d705661cfbad246b88173606a49cbd33 Mon Sep 17 00:00:00 2001 From: Nishchala Tangirala Date: Wed, 15 Jan 2020 10:31:54 -0800 Subject: [PATCH 092/387] CVEs for Bitbucket advisory --- 2019/15xxx/CVE-2019-15006.json | 220 +++++++++++++--------------- 2019/15xxx/CVE-2019-15011.json | 2 +- 2019/20xxx/CVE-2019-20097.json | 253 +++++++++++++++++++++++++++++++-- 3 files changed, 341 insertions(+), 134 deletions(-) diff --git a/2019/15xxx/CVE-2019-15006.json b/2019/15xxx/CVE-2019-15006.json index 381316e76e1..e4591a6b0c1 100644 --- a/2019/15xxx/CVE-2019-15006.json +++ b/2019/15xxx/CVE-2019-15006.json @@ -1,120 +1,104 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-12-19T00:00:00", - "ID": "CVE-2019-15006", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Confluence Server", - "version": { - "version_data": [ - { - "version_value": "6.11.0", - "version_affected": ">=" - }, - { - "version_value": "6.13.10", - "version_affected": "<" - }, - { - "version_value": "6.14.0", - "version_affected": ">=" - }, - { - "version_value": "6.15.10", - "version_affected": "<" - }, - { - "version_value": "7.0.1", - "version_affected": ">=" - }, - { - "version_value": "7.0.5", - "version_affected": "<" - }, - { - "version_value": "7.1.0", - "version_affected": ">=" - }, - { - "version_value": "7.1.2", - "version_affected": "<" - }, - { - "version_value": "7.2.0-beta1", - "version_affected": ">=" - }, - { - "version_value": "7.2.0", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-12-19T00:00:00", + "ID": "CVE-2019-15006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Confluence Server", + "version": { + "version_data": [ + { + "version_value": "6.11.0", + "version_affected": ">=" + }, + { + "version_value": "6.13.10", + "version_affected": "<" + }, + { + "version_value": "6.14.0", + "version_affected": ">=" + }, + { + "version_value": "6.15.10", + "version_affected": "<" + }, + { + "version_value": "7.0.1", + "version_affected": ">=" + }, + { + "version_value": "7.0.5", + "version_affected": "<" + }, + { + "version_value": "7.1.0", + "version_affected": ">=" + }, + { + "version_value": "7.1.2", + "version_affected": "<" + }, + { + "version_value": "7.2.0-beta1", + "version_affected": ">=" + }, + { + "version_value": "7.2.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence Data Center communicated with the Companion application via the atlassian-domain-for-localhost-connections-only.com domain name, the DNS A record of which points at 127.0.0.1. Additionally, a signed certificate for the domain was publicly distributed with the Companion application. An attacker in the position to control DNS resolution of their victim could carry out a man-in-the-middle (MITM) attack between Confluence Server (or Confluence Data Center) and the atlassian-domain-for-localhost-connections-only.com domain intended to be used with the Companion application. This certificate has been revoked, however, usage of the atlassian-domain-for-localhost-connections-only.com domain name was still present in Confluence Server and Confluence Data Center. An attacker could perform the described attack by denying their victim access to certificate revocation information, and carry out a man-in-the-middle (MITM) attack to observe files being edited using the Companion application and/or modify them, and access some limited user information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Man-in-the-Middle (MitM)" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence Data Center communicated with the Companion application via the atlassian-domain-for-localhost-connections-only.com domain name, the DNS A record of which points at 127.0.0.1. Additionally, a signed certificate for the domain was publicly distributed with the Companion application. An attacker in the position to control DNS resolution of their victim could carry out a man-in-the-middle (MITM) attack between Confluence Server (or Confluence Data Center) and the atlassian-domain-for-localhost-connections-only.com domain intended to be used with the Companion application. This certificate has been revoked, however, usage of the atlassian-domain-for-localhost-connections-only.com domain name was still present in Confluence Server and Confluence Data Center. An attacker could perform the described attack by denying their victim access to certificate revocation information, and carry out a man-in-the-middle (MITM) attack to observe files being edited using the Companion application and/or modify them, and access some limited user information." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Man-in-the-Middle (MitM)" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/CONFSERVER-59244", - "refsource": "MISC", - "name": "https://jira.atlassian.com/browse/CONFSERVER-59244" - }, - { - "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2019-12-18-982324349.html", - "refsource": "MISC", - "name": "https://confluence.atlassian.com/doc/confluence-security-advisory-2019-12-18-982324349.html" - }, - { - "url": "https://twitter.com/SwiftOnSecurity/status/1202034106495832067", - "refsource": "MISC", - "name": "https://twitter.com/SwiftOnSecurity/status/1202034106495832067" - }, - { - "refsource": "BUGTRAQ", - "name": "20191219 Confluence Server and Data Center Security Advisory - 2019-12-18 - CVE-2019-15006", - "url": "https://seclists.org/bugtraq/2019/Dec/36" - }, - { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/155742/Atlassian-Confluence-Man-In-The-Middle.html", - "url": "http://packetstormsecurity.com/files/155742/Atlassian-Confluence-Man-In-The-Middle.html" - } - ] - } -} \ No newline at end of file + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/CONFSERVER-59244" + }, + { + "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2019-12-18-982324349.html" + }, + { + "url": "https://twitter.com/SwiftOnSecurity/status/1202034106495832067" + } + ] + } +} diff --git a/2019/15xxx/CVE-2019-15011.json b/2019/15xxx/CVE-2019-15011.json index d84f9bc2355..8a71724ee3d 100644 --- a/2019/15xxx/CVE-2019-15011.json +++ b/2019/15xxx/CVE-2019-15011.json @@ -93,4 +93,4 @@ } ] } -} \ No newline at end of file +} diff --git a/2019/20xxx/CVE-2019-20097.json b/2019/20xxx/CVE-2019-20097.json index 27b2502d21c..460e5aec1ad 100644 --- a/2019/20xxx/CVE-2019-20097.json +++ b/2019/20xxx/CVE-2019-20097.json @@ -1,18 +1,241 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-20097", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-01-15T10:00:00", + "ID": "CVE-2019-20097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Bitbucket Server", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": ">=" + }, + { + "version_value": "5.16.11", + "version_affected": "<" + }, + { + "version_value": "6.0", + "version_affected": ">=" + }, + { + "version_value": "6.0.11", + "version_affected": "<" + }, + { + "version_value": "6.1.0", + "version_affected": ">=" + }, + { + "version_value": "6.1.9", + "version_affected": "<" + }, + { + "version_value": "6.2.0", + "version_affected": ">=" + }, + { + "version_value": "6.2.7", + "version_affected": "<" + }, + { + "version_value": "6.3.0", + "version_affected": ">=" + }, + { + "version_value": "6.3.6", + "version_affected": "<" + }, + { + "version_value": "6.4.0", + "version_affected": ">=" + }, + { + "version_value": "6.4.4", + "version_affected": "<" + }, + { + "version_value": "6.5.0", + "version_affected": ">=" + }, + { + "version_value": "6.5.3", + "version_affected": "<" + }, + { + "version_value": "6.6.0", + "version_affected": ">=" + }, + { + "version_value": "6.6.3", + "version_affected": "<" + }, + { + "version_value": "6.7.0", + "version_affected": ">=" + }, + { + "version_value": "6.7.3", + "version_affected": "<" + }, + { + "version_value": "6.8.0", + "version_affected": ">=" + }, + { + "version_value": "6.8.2", + "version_affected": "<" + }, + { + "version_value": "6.9.0", + "version_affected": ">=" + }, + { + "version_value": "6.9.1", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Bitbucket Data Center", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": ">=" + }, + { + "version_value": "5.16.11", + "version_affected": "<" + }, + { + "version_value": "6.0", + "version_affected": ">=" + }, + { + "version_value": "6.0.11", + "version_affected": "<" + }, + { + "version_value": "6.1.0", + "version_affected": ">=" + }, + { + "version_value": "6.1.9", + "version_affected": "<" + }, + { + "version_value": "6.2.0", + "version_affected": ">=" + }, + { + "version_value": "6.2.7", + "version_affected": "<" + }, + { + "version_value": "6.3.0", + "version_affected": ">=" + }, + { + "version_value": "6.3.6", + "version_affected": "<" + }, + { + "version_value": "6.4.0", + "version_affected": ">=" + }, + { + "version_value": "6.4.4", + "version_affected": "<" + }, + { + "version_value": "6.5.0", + "version_affected": ">=" + }, + { + "version_value": "6.5.3", + "version_affected": "<" + }, + { + "version_value": "6.6.0", + "version_affected": ">=" + }, + { + "version_value": "6.6.3", + "version_affected": "<" + }, + { + "version_value": "6.7.0", + "version_affected": ">=" + }, + { + "version_value": "6.7.3", + "version_affected": "<" + }, + { + "version_value": "6.8.0", + "version_affected": ">=" + }, + { + "version_value": "6.8.2", + "version_affected": "<" + }, + { + "version_value": "6.9.0", + "version_affected": ">=" + }, + { + "version_value": "6.9.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. A remote attacker with permission to clone and push files to a repository on the victim's Bitbucket Server or Bitbucket Data Center instance, can exploit this vulnerability to execute arbitrary commands on the Bitbucket Server or Bitbucket Data Center systems, using a file with specially crafted content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Argument Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/BSERV-12099" + } + ] + } +} From 810e4cbc922670f5f480decca5b6e8a855b4edbe Mon Sep 17 00:00:00 2001 From: Nishchala Tangirala Date: Wed, 15 Jan 2020 10:35:00 -0800 Subject: [PATCH 093/387] commiting all IDs --- 2019/15xxx/CVE-2019-15010.json | 241 +++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15012.json | 241 +++++++++++++++++++++++++++++++++ 2 files changed, 482 insertions(+) create mode 100644 2019/15xxx/CVE-2019-15010.json create mode 100644 2019/15xxx/CVE-2019-15012.json diff --git a/2019/15xxx/CVE-2019-15010.json b/2019/15xxx/CVE-2019-15010.json new file mode 100644 index 00000000000..a4e8af3b27c --- /dev/null +++ b/2019/15xxx/CVE-2019-15010.json @@ -0,0 +1,241 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-01-15T10:00:00", + "ID": "CVE-2019-15010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bitbucket Server", + "version": { + "version_data": [ + { + "version_value": "3.0", + "version_affected": ">=" + }, + { + "version_value": "5.16.11", + "version_affected": "<" + }, + { + "version_value": "6.0", + "version_affected": ">=" + }, + { + "version_value": "6.0.11", + "version_affected": "<" + }, + { + "version_value": "6.1.0", + "version_affected": ">=" + }, + { + "version_value": "6.1.9", + "version_affected": "<" + }, + { + "version_value": "6.2.0", + "version_affected": ">=" + }, + { + "version_value": "6.2.7", + "version_affected": "<" + }, + { + "version_value": "6.3.0", + "version_affected": ">=" + }, + { + "version_value": "6.3.6", + "version_affected": "<" + }, + { + "version_value": "6.4.0", + "version_affected": ">=" + }, + { + "version_value": "6.4.4", + "version_affected": "<" + }, + { + "version_value": "6.5.0", + "version_affected": ">=" + }, + { + "version_value": "6.5.3", + "version_affected": "<" + }, + { + "version_value": "6.6.0", + "version_affected": ">=" + }, + { + "version_value": "6.6.3", + "version_affected": "<" + }, + { + "version_value": "6.7.0", + "version_affected": ">=" + }, + { + "version_value": "6.7.3", + "version_affected": "<" + }, + { + "version_value": "6.8.0", + "version_affected": ">=" + }, + { + "version_value": "6.8.2", + "version_affected": "<" + }, + { + "version_value": "6.9.0", + "version_affected": ">=" + }, + { + "version_value": "6.9.1", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Bitbucket Data Center", + "version": { + "version_data": [ + { + "version_value": "3.0", + "version_affected": ">=" + }, + { + "version_value": "5.16.11", + "version_affected": "<" + }, + { + "version_value": "6.0", + "version_affected": ">=" + }, + { + "version_value": "6.0.11", + "version_affected": "<" + }, + { + "version_value": "6.1.0", + "version_affected": ">=" + }, + { + "version_value": "6.1.9", + "version_affected": "<" + }, + { + "version_value": "6.2.0", + "version_affected": ">=" + }, + { + "version_value": "6.2.7", + "version_affected": "<" + }, + { + "version_value": "6.3.0", + "version_affected": ">=" + }, + { + "version_value": "6.3.6", + "version_affected": "<" + }, + { + "version_value": "6.4.0", + "version_affected": ">=" + }, + { + "version_value": "6.4.4", + "version_affected": "<" + }, + { + "version_value": "6.5.0", + "version_affected": ">=" + }, + { + "version_value": "6.5.3", + "version_affected": "<" + }, + { + "version_value": "6.6.0", + "version_affected": ">=" + }, + { + "version_value": "6.6.3", + "version_affected": "<" + }, + { + "version_value": "6.7.0", + "version_affected": ">=" + }, + { + "version_value": "6.7.3", + "version_affected": "<" + }, + { + "version_value": "6.8.0", + "version_affected": ">=" + }, + { + "version_value": "6.8.2", + "version_affected": "<" + }, + { + "version_value": "6.9.0", + "version_affected": ">=" + }, + { + "version_value": "6.9.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim's systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim's Bitbucket Server or Bitbucket Data Center instance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Expression Language Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/BSERV-12098" + } + ] + } +} diff --git a/2019/15xxx/CVE-2019-15012.json b/2019/15xxx/CVE-2019-15012.json new file mode 100644 index 00000000000..d07e470c37a --- /dev/null +++ b/2019/15xxx/CVE-2019-15012.json @@ -0,0 +1,241 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-01-15T10:00:00", + "ID": "CVE-2019-15012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bitbucket Server", + "version": { + "version_data": [ + { + "version_value": "4.13", + "version_affected": ">=" + }, + { + "version_value": "5.16.11", + "version_affected": "<" + }, + { + "version_value": "6.0", + "version_affected": ">=" + }, + { + "version_value": "6.0.11", + "version_affected": "<" + }, + { + "version_value": "6.1.0", + "version_affected": ">=" + }, + { + "version_value": "6.1.9", + "version_affected": "<" + }, + { + "version_value": "6.2.0", + "version_affected": ">=" + }, + { + "version_value": "6.2.7", + "version_affected": "<" + }, + { + "version_value": "6.3.0", + "version_affected": ">=" + }, + { + "version_value": "6.3.6", + "version_affected": "<" + }, + { + "version_value": "6.4.0", + "version_affected": ">=" + }, + { + "version_value": "6.4.4", + "version_affected": "<" + }, + { + "version_value": "6.5.0", + "version_affected": ">=" + }, + { + "version_value": "6.5.3", + "version_affected": "<" + }, + { + "version_value": "6.6.0", + "version_affected": ">=" + }, + { + "version_value": "6.6.3", + "version_affected": "<" + }, + { + "version_value": "6.7.0", + "version_affected": ">=" + }, + { + "version_value": "6.7.3", + "version_affected": "<" + }, + { + "version_value": "6.8.0", + "version_affected": ">=" + }, + { + "version_value": "6.8.2", + "version_affected": "<" + }, + { + "version_value": "6.9.0", + "version_affected": ">=" + }, + { + "version_value": "6.9.1", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Bitbucket Data Center", + "version": { + "version_data": [ + { + "version_value": "4.13", + "version_affected": ">=" + }, + { + "version_value": "5.16.11", + "version_affected": "<" + }, + { + "version_value": "6.0", + "version_affected": ">=" + }, + { + "version_value": "6.0.11", + "version_affected": "<" + }, + { + "version_value": "6.1.0", + "version_affected": ">=" + }, + { + "version_value": "6.1.9", + "version_affected": "<" + }, + { + "version_value": "6.2.0", + "version_affected": ">=" + }, + { + "version_value": "6.2.7", + "version_affected": "<" + }, + { + "version_value": "6.3.0", + "version_affected": ">=" + }, + { + "version_value": "6.3.6", + "version_affected": "<" + }, + { + "version_value": "6.4.0", + "version_affected": ">=" + }, + { + "version_value": "6.4.4", + "version_affected": "<" + }, + { + "version_value": "6.5.0", + "version_affected": ">=" + }, + { + "version_value": "6.5.3", + "version_affected": "<" + }, + { + "version_value": "6.6.0", + "version_affected": ">=" + }, + { + "version_value": "6.6.3", + "version_affected": "<" + }, + { + "version_value": "6.7.0", + "version_affected": ">=" + }, + { + "version_value": "6.7.3", + "version_affected": "<" + }, + { + "version_value": "6.8.0", + "version_affected": ">=" + }, + { + "version_value": "6.8.2", + "version_affected": "<" + }, + { + "version_value": "6.9.0", + "version_affected": ">=" + }, + { + "version_value": "6.9.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permission on a repository can write to any arbitrary file to the victims Bitbucket Server or Bitbucket Data Center instance using the edit-file endpoint, if the user has Bitbucket Server or Bitbucket Data Center running, and has the permission to write the file at that destination. In some cases, this can result in execution of arbitrary code by the victims Bitbucket Server or Bitbucket Data Center instance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/BSERV-12100" + } + ] + } + } From df7874b6fa5c4d35befe9522a0fb780e97367a7f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 19:01:13 +0000 Subject: [PATCH 094/387] "-Synchronized-Data." --- 2015/1xxx/CVE-2015-1809.json | 65 ++++++++++++++++++++++++++++++++-- 2015/1xxx/CVE-2015-1811.json | 65 ++++++++++++++++++++++++++++++++-- 2015/6xxx/CVE-2015-6591.json | 48 +++++++++++++++++++++++-- 2017/17xxx/CVE-2017-17309.json | 5 +++ 2018/17xxx/CVE-2018-17196.json | 5 +++ 2019/12xxx/CVE-2019-12399.json | 5 +++ 2019/15xxx/CVE-2019-15165.json | 5 +++ 2019/1xxx/CVE-2019-1551.json | 5 +++ 2020/2xxx/CVE-2020-2092.json | 5 +++ 2020/2xxx/CVE-2020-2093.json | 5 +++ 2020/2xxx/CVE-2020-2094.json | 5 +++ 2020/2xxx/CVE-2020-2095.json | 5 +++ 2020/2xxx/CVE-2020-2096.json | 5 +++ 2020/2xxx/CVE-2020-2097.json | 5 +++ 2020/2xxx/CVE-2020-2098.json | 5 +++ 15 files changed, 230 insertions(+), 8 deletions(-) diff --git a/2015/1xxx/CVE-2015-1809.json b/2015/1xxx/CVE-2015-1809.json index f2366d0f6c5..910964f26f7 100644 --- a/2015/1xxx/CVE-2015-1809.json +++ b/2015/1xxx/CVE-2015-1809.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-1809", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CloudBees", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_value": "before 1.600" + } + ] + } + }, + { + "product_name": "Jenkins LTS", + "version": { + "version_data": [ + { + "version_value": "before 1.596.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205625", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205625" + }, + { + "refsource": "MISC", + "name": "https://jenkins.io/security/advisory/2015-02-27/", + "url": "https://jenkins.io/security/advisory/2015-02-27/" } ] } diff --git a/2015/1xxx/CVE-2015-1811.json b/2015/1xxx/CVE-2015-1811.json index f0ccf7aeb5d..ac385f6c21f 100644 --- a/2015/1xxx/CVE-2015-1811.json +++ b/2015/1xxx/CVE-2015-1811.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-1811", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CloudBees", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_value": "before 1.600" + } + ] + } + }, + { + "product_name": "Jenkins LTS", + "version": { + "version_data": [ + { + "version_value": "before 1.596.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632" + }, + { + "refsource": "CONFIRM", + "name": "https://jenkins.io/security/advisory/2015-02-27/", + "url": "https://jenkins.io/security/advisory/2015-02-27/" } ] } diff --git a/2015/6xxx/CVE-2015-6591.json b/2015/6xxx/CVE-2015-6591.json index 31486e4cc35..5e3636e6c3f 100644 --- a/2015/6xxx/CVE-2015-6591.json +++ b/2015/6xxx/CVE-2015-6591.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-6591", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and earlier allows local users to read arbitrary files via the s parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/134081/articleFR-3.0.7-Arbitrary-File-Read.html", + "url": "http://packetstormsecurity.com/files/134081/articleFR-3.0.7-Arbitrary-File-Read.html" } ] } diff --git a/2017/17xxx/CVE-2017-17309.json b/2017/17xxx/CVE-2017-17309.json index 4696dc4887c..41c1144e033 100644 --- a/2017/17xxx/CVE-2017-17309.json +++ b/2017/17xxx/CVE-2017-17309.json @@ -56,6 +56,11 @@ "name": "http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170911-01-hg255s-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170911-01-hg255s-en" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155954/Huawei-HG255-Directory-Traversal.html", + "url": "http://packetstormsecurity.com/files/155954/Huawei-HG255-Directory-Traversal.html" } ] } diff --git a/2018/17xxx/CVE-2018-17196.json b/2018/17xxx/CVE-2018-17196.json index fb7111e47b1..bce84bca733 100644 --- a/2018/17xxx/CVE-2018-17196.json +++ b/2018/17xxx/CVE-2018-17196.json @@ -73,6 +73,11 @@ "refsource": "MLIST", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[kafka-commits] 20200115 [kafka-site] branch asf-site updated: Add CVE-2019-12399 (#250)", + "url": "https://lists.apache.org/thread.html/rc27d424d0bdeaf31081c3e246db3c66e882243ae3f342dfa845e0261@%3Ccommits.kafka.apache.org%3E" } ] }, diff --git a/2019/12xxx/CVE-2019-12399.json b/2019/12xxx/CVE-2019-12399.json index c730e1f10ad..40417662e27 100644 --- a/2019/12xxx/CVE-2019-12399.json +++ b/2019/12xxx/CVE-2019-12399.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[kafka-dev] 20200113 CVE-2019-12399: Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint", "url": "https://lists.apache.org/thread.html/r6af5ed95726874e9add022955be83c192428c248d1c9a1914aff89d9%40%3Cdev.kafka.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[kafka-commits] 20200115 [kafka-site] branch asf-site updated: Add CVE-2019-12399 (#250)", + "url": "https://lists.apache.org/thread.html/rc27d424d0bdeaf31081c3e246db3c66e882243ae3f342dfa845e0261@%3Ccommits.kafka.apache.org%3E" } ] }, diff --git a/2019/15xxx/CVE-2019-15165.json b/2019/15xxx/CVE-2019-15165.json index 5430793117b..2779244bbbb 100644 --- a/2019/15xxx/CVE-2019-15165.json +++ b/2019/15xxx/CVE-2019-15165.json @@ -121,6 +121,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "UBUNTU", + "name": "USN-4221-2", + "url": "https://usn.ubuntu.com/4221-2/" } ] } diff --git a/2019/1xxx/CVE-2019-1551.json b/2019/1xxx/CVE-2019-1551.json index 80808a229bc..acb87074fcd 100644 --- a/2019/1xxx/CVE-2019-1551.json +++ b/2019/1xxx/CVE-2019-1551.json @@ -114,6 +114,11 @@ "refsource": "CONFIRM", "name": "https://www.tenable.com/security/tns-2019-09", "url": "https://www.tenable.com/security/tns-2019-09" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0062", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html" } ] } diff --git a/2020/2xxx/CVE-2020-2092.json b/2020/2xxx/CVE-2020-2092.json index 51d1ad2dd03..291c4a53ed3 100644 --- a/2020/2xxx/CVE-2020-2092.json +++ b/2020/2xxx/CVE-2020-2092.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1698", "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1698", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" } ] } diff --git a/2020/2xxx/CVE-2020-2093.json b/2020/2xxx/CVE-2020-2093.json index efc53a1dc65..622355569c6 100644 --- a/2020/2xxx/CVE-2020-2093.json +++ b/2020/2xxx/CVE-2020-2093.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" } ] } diff --git a/2020/2xxx/CVE-2020-2094.json b/2020/2xxx/CVE-2020-2094.json index 0ca318a6c37..428df80ad9c 100644 --- a/2020/2xxx/CVE-2020-2094.json +++ b/2020/2xxx/CVE-2020-2094.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" } ] } diff --git a/2020/2xxx/CVE-2020-2095.json b/2020/2xxx/CVE-2020-2095.json index 81e975b2593..cba2f3817bf 100644 --- a/2020/2xxx/CVE-2020-2095.json +++ b/2020/2xxx/CVE-2020-2095.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1696", "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1696", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" } ] } diff --git a/2020/2xxx/CVE-2020-2096.json b/2020/2xxx/CVE-2020-2096.json index 6da437e8dba..2246e5fcab4 100644 --- a/2020/2xxx/CVE-2020-2096.json +++ b/2020/2xxx/CVE-2020-2096.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683", "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" } ] } diff --git a/2020/2xxx/CVE-2020-2097.json b/2020/2xxx/CVE-2020-2097.json index ee1922071a6..2aa1301be16 100644 --- a/2020/2xxx/CVE-2020-2097.json +++ b/2020/2xxx/CVE-2020-2097.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" } ] } diff --git a/2020/2xxx/CVE-2020-2098.json b/2020/2xxx/CVE-2020-2098.json index 9c66003c84d..bf9d32f294e 100644 --- a/2020/2xxx/CVE-2020-2098.json +++ b/2020/2xxx/CVE-2020-2098.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" } ] } From ab25f08058211ff404502d8f6072150750db6657 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 19:01:34 +0000 Subject: [PATCH 095/387] "-Synchronized-Data." --- 2019/18xxx/CVE-2019-18244.json | 62 ++++++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18271.json | 62 ++++++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18273.json | 62 ++++++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18275.json | 62 ++++++++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1929.json | 50 +++++++++++++++++++++++++-- 2020/2xxx/CVE-2020-2092.json | 5 --- 2020/2xxx/CVE-2020-2093.json | 5 --- 2020/2xxx/CVE-2020-2094.json | 5 --- 2020/2xxx/CVE-2020-2095.json | 5 --- 2020/2xxx/CVE-2020-2096.json | 5 --- 2020/2xxx/CVE-2020-2097.json | 5 --- 2020/2xxx/CVE-2020-2098.json | 5 --- 12 files changed, 295 insertions(+), 38 deletions(-) create mode 100644 2019/18xxx/CVE-2019-18244.json create mode 100644 2019/18xxx/CVE-2019-18271.json create mode 100644 2019/18xxx/CVE-2019-18273.json create mode 100644 2019/18xxx/CVE-2019-18275.json diff --git a/2019/18xxx/CVE-2019-18244.json b/2019/18xxx/CVE-2019-18244.json new file mode 100644 index 00000000000..3041464c42f --- /dev/null +++ b/2019/18xxx/CVE-2019-18244.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18244", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OSIsoft PI Vision", + "version": { + "version_data": [ + { + "version_value": "PI Vision 2017 R2, PI Vision 2017 R2 SP1, PI Vision 2019" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INCLUSION OF SENSITIVE INFORMATION IN LOG FILES CWE-532" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OSIsoft PI Vision, PI Vision 2017 R2, PI Vision 2017 R2 SP1, PI Vision 2019. The affected product records the service account password in the installation log files when a non-default service account and password are specified during installation or upgrade." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18271.json b/2019/18xxx/CVE-2019-18271.json new file mode 100644 index 00000000000..051e2f5b62f --- /dev/null +++ b/2019/18xxx/CVE-2019-18271.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18271", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OSIsoft PI Vision", + "version": { + "version_data": [ + { + "version_value": "All versions of PI Vision prior to 2019" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CROSS-SITE REQUEST FORGERY (CSRF) CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to a cross-site request forgery that may be introduced on the PI Vision administration site." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18273.json b/2019/18xxx/CVE-2019-18273.json new file mode 100644 index 00000000000..dc82e5545c4 --- /dev/null +++ b/2019/18xxx/CVE-2019-18273.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18273", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OSIsoft PI Vision", + "version": { + "version_data": [ + { + "version_value": "PI Vision 2017 R2 and PI Vision 2017 R2 SP1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OSIsoft PI Vision, PI Vision 2017 R2 and PI Vision 2017 R2 SP1. The affected product is vulnerable to cross-site scripting, which may allow invalid input to be introduced." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18275.json b/2019/18xxx/CVE-2019-18275.json new file mode 100644 index 00000000000..edc8bf93a60 --- /dev/null +++ b/2019/18xxx/CVE-2019-18275.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18275", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OSIsoft PI Vision", + "version": { + "version_data": [ + { + "version_value": "All versions of PI Vision prior to 2019" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER ACCESS CONTROL CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to an improper access control, which may return unauthorized tag data when viewing analysis data reference attributes." + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1929.json b/2020/1xxx/CVE-2020-1929.json index 133d70489e5..fb605d6782e 100644 --- a/2020/1xxx/CVE-2020-1929.json +++ b/2020/1xxx/CVE-2020-1929.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1929", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Beam", + "version": { + "version_data": [ + { + "version_value": "2.10.0 to 2.16.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[beam-user] 20200115 [CVE-2020-1929] Apache Beam MongoDB IO connector disables certificate trust verification", + "url": "https://lists.apache.org/thread.html/rdd0e85b71bf0274471b40fa1396d77f7b2d1165eaea4becbdc69aa04%40%3Cuser.beam.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an option to disable SSL trust verification. However this configuration is not respected and the certificate verification disables trust verification in every case. This exclusion also gets registered globally which disables trust checking for any code running in the same JVM." } ] } diff --git a/2020/2xxx/CVE-2020-2092.json b/2020/2xxx/CVE-2020-2092.json index 291c4a53ed3..51d1ad2dd03 100644 --- a/2020/2xxx/CVE-2020-2092.json +++ b/2020/2xxx/CVE-2020-2092.json @@ -57,11 +57,6 @@ "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1698", "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1698", "refsource": "CONFIRM" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" } ] } diff --git a/2020/2xxx/CVE-2020-2093.json b/2020/2xxx/CVE-2020-2093.json index 622355569c6..efc53a1dc65 100644 --- a/2020/2xxx/CVE-2020-2093.json +++ b/2020/2xxx/CVE-2020-2093.json @@ -57,11 +57,6 @@ "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", "refsource": "CONFIRM" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" } ] } diff --git a/2020/2xxx/CVE-2020-2094.json b/2020/2xxx/CVE-2020-2094.json index 428df80ad9c..0ca318a6c37 100644 --- a/2020/2xxx/CVE-2020-2094.json +++ b/2020/2xxx/CVE-2020-2094.json @@ -57,11 +57,6 @@ "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", "refsource": "CONFIRM" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" } ] } diff --git a/2020/2xxx/CVE-2020-2095.json b/2020/2xxx/CVE-2020-2095.json index cba2f3817bf..81e975b2593 100644 --- a/2020/2xxx/CVE-2020-2095.json +++ b/2020/2xxx/CVE-2020-2095.json @@ -57,11 +57,6 @@ "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1696", "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1696", "refsource": "CONFIRM" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" } ] } diff --git a/2020/2xxx/CVE-2020-2096.json b/2020/2xxx/CVE-2020-2096.json index 2246e5fcab4..6da437e8dba 100644 --- a/2020/2xxx/CVE-2020-2096.json +++ b/2020/2xxx/CVE-2020-2096.json @@ -61,11 +61,6 @@ "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683", "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683", "refsource": "CONFIRM" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" } ] } diff --git a/2020/2xxx/CVE-2020-2097.json b/2020/2xxx/CVE-2020-2097.json index 2aa1301be16..ee1922071a6 100644 --- a/2020/2xxx/CVE-2020-2097.json +++ b/2020/2xxx/CVE-2020-2097.json @@ -61,11 +61,6 @@ "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", "refsource": "CONFIRM" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" } ] } diff --git a/2020/2xxx/CVE-2020-2098.json b/2020/2xxx/CVE-2020-2098.json index bf9d32f294e..9c66003c84d 100644 --- a/2020/2xxx/CVE-2020-2098.json +++ b/2020/2xxx/CVE-2020-2098.json @@ -61,11 +61,6 @@ "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", "refsource": "CONFIRM" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" } ] } From 02ba6e40671c31c0156be0510bf88fe3b51f367c Mon Sep 17 00:00:00 2001 From: santosomar Date: Wed, 15 Jan 2020 19:03:58 +0000 Subject: [PATCH 096/387] Adding Cisco CVE-2019-15961 --- 2019/15xxx/CVE-2019-15961.json | 99 ++++++++++++++++++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 2019/15xxx/CVE-2019-15961.json diff --git a/2019/15xxx/CVE-2019-15961.json b/2019/15xxx/CVE-2019-15961.json new file mode 100644 index 00000000000..0cbc1a79426 --- /dev/null +++ b/2019/15xxx/CVE-2019-15961.json @@ -0,0 +1,99 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2019-15961", + "STATE": "PUBLIC", + "TITLE": "Clam AntiVirus (ClamAV) Software Email Parsing Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ClamAV", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "0.102.0" + }, + { + "version_affected": "<", + "version_value": "0.101.4" + } + ] + } + } + ] + }, + "vendor_name": "ClamAV" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.\n\nThe vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.\n" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.clamav.net/show_bug.cgi?id=12380", + "refsource": "CISCO", + "url": "https://bugzilla.clamav.net/show_bug.cgi?id=12380" + }, + { + "name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010", + "refsource": "CISCO", + "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010" + } + ] + }, + "source": { + "advisory": "CSCvr56010", + "defect": [ + "CSCvr56010" + ], + "discovery": "USER" + } +} From 84ae7380023058e72884e409b5273ad1297e79df Mon Sep 17 00:00:00 2001 From: Nishchala Tangirala Date: Wed, 15 Jan 2020 11:06:20 -0800 Subject: [PATCH 097/387] keeping files related to bbitbucket advisory --- 2019/15xxx/CVE-2019-15006.json | 218 ++++++++++++++++++--------------- 1 file changed, 117 insertions(+), 101 deletions(-) diff --git a/2019/15xxx/CVE-2019-15006.json b/2019/15xxx/CVE-2019-15006.json index e4591a6b0c1..f8481548792 100644 --- a/2019/15xxx/CVE-2019-15006.json +++ b/2019/15xxx/CVE-2019-15006.json @@ -1,104 +1,120 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-12-19T00:00:00", - "ID": "CVE-2019-15006", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Confluence Server", - "version": { - "version_data": [ - { - "version_value": "6.11.0", - "version_affected": ">=" - }, - { - "version_value": "6.13.10", - "version_affected": "<" - }, - { - "version_value": "6.14.0", - "version_affected": ">=" - }, - { - "version_value": "6.15.10", - "version_affected": "<" - }, - { - "version_value": "7.0.1", - "version_affected": ">=" - }, - { - "version_value": "7.0.5", - "version_affected": "<" - }, - { - "version_value": "7.1.0", - "version_affected": ">=" - }, - { - "version_value": "7.1.2", - "version_affected": "<" - }, - { - "version_value": "7.2.0-beta1", - "version_affected": ">=" - }, - { - "version_value": "7.2.0", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence Data Center communicated with the Companion application via the atlassian-domain-for-localhost-connections-only.com domain name, the DNS A record of which points at 127.0.0.1. Additionally, a signed certificate for the domain was publicly distributed with the Companion application. An attacker in the position to control DNS resolution of their victim could carry out a man-in-the-middle (MITM) attack between Confluence Server (or Confluence Data Center) and the atlassian-domain-for-localhost-connections-only.com domain intended to be used with the Companion application. This certificate has been revoked, however, usage of the atlassian-domain-for-localhost-connections-only.com domain name was still present in Confluence Server and Confluence Data Center. An attacker could perform the described attack by denying their victim access to certificate revocation information, and carry out a man-in-the-middle (MITM) attack to observe files being edited using the Companion application and/or modify them, and access some limited user information." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Man-in-the-Middle (MitM)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-12-19T00:00:00", + "ID": "CVE-2019-15006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Confluence Server", + "version": { + "version_data": [ + { + "version_value": "6.11.0", + "version_affected": ">=" + }, + { + "version_value": "6.13.10", + "version_affected": "<" + }, + { + "version_value": "6.14.0", + "version_affected": ">=" + }, + { + "version_value": "6.15.10", + "version_affected": "<" + }, + { + "version_value": "7.0.1", + "version_affected": ">=" + }, + { + "version_value": "7.0.5", + "version_affected": "<" + }, + { + "version_value": "7.1.0", + "version_affected": ">=" + }, + { + "version_value": "7.1.2", + "version_affected": "<" + }, + { + "version_value": "7.2.0-beta1", + "version_affected": ">=" + }, + { + "version_value": "7.2.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/CONFSERVER-59244" - }, - { - "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2019-12-18-982324349.html" - }, - { - "url": "https://twitter.com/SwiftOnSecurity/status/1202034106495832067" - } - ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence Data Center communicated with the Companion application via the atlassian-domain-for-localhost-connections-only.com domain name, the DNS A record of which points at 127.0.0.1. Additionally, a signed certificate for the domain was publicly distributed with the Companion application. An attacker in the position to control DNS resolution of their victim could carry out a man-in-the-middle (MITM) attack between Confluence Server (or Confluence Data Center) and the atlassian-domain-for-localhost-connections-only.com domain intended to be used with the Companion application. This certificate has been revoked, however, usage of the atlassian-domain-for-localhost-connections-only.com domain name was still present in Confluence Server and Confluence Data Center. An attacker could perform the described attack by denying their victim access to certificate revocation information, and carry out a man-in-the-middle (MITM) attack to observe files being edited using the Companion application and/or modify them, and access some limited user information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Man-in-the-Middle (MitM)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/CONFSERVER-59244", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/CONFSERVER-59244" + }, + { + "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2019-12-18-982324349.html", + "refsource": "MISC", + "name": "https://confluence.atlassian.com/doc/confluence-security-advisory-2019-12-18-982324349.html" + }, + { + "url": "https://twitter.com/SwiftOnSecurity/status/1202034106495832067", + "refsource": "MISC", + "name": "https://twitter.com/SwiftOnSecurity/status/1202034106495832067" + }, + { + "refsource": "BUGTRAQ", + "name": "20191219 Confluence Server and Data Center Security Advisory - 2019-12-18 - CVE-2019-15006", + "url": "https://seclists.org/bugtraq/2019/Dec/36" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155742/Atlassian-Confluence-Man-In-The-Middle.html", + "url": "http://packetstormsecurity.com/files/155742/Atlassian-Confluence-Man-In-The-Middle.html" + } + ] + } } From 44306c8fc548546712b70c83c4682d50930816e4 Mon Sep 17 00:00:00 2001 From: bsitu <33327536+bsitu@users.noreply.github.com> Date: Wed, 15 Jan 2020 11:58:28 -0800 Subject: [PATCH 098/387] Update CVE-2020-2585.json Update the version information. --- 2020/2xxx/CVE-2020-2585.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/2020/2xxx/CVE-2020-2585.json b/2020/2xxx/CVE-2020-2585.json index 94d462c498d..a1dd610c81d 100644 --- a/2020/2xxx/CVE-2020-2585.json +++ b/2020/2xxx/CVE-2020-2585.json @@ -15,7 +15,7 @@ "version": { "version_data": [ { - "version_value": "Java SE: 8u241", + "version_value": "Java SE: 8u231", "version_affected": "=" } ] @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)." + "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)." } ] }, @@ -60,4 +60,4 @@ } ] } -} \ No newline at end of file +} From 743946c8808c2df39e5c879c230d2cd1c2b00032 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 20:01:19 +0000 Subject: [PATCH 099/387] "-Synchronized-Data." --- 2014/3xxx/CVE-2014-3004.json | 97 +++--- 2014/3xxx/CVE-2014-3596.json | 151 ++++----- 2015/9xxx/CVE-2015-9251.json | 229 +++++++------- 2016/0xxx/CVE-2016-0701.json | 175 +++++----- 2016/1000xxx/CVE-2016-1000031.json | 163 +++++----- 2016/1xxx/CVE-2016-1181.json | 175 +++++----- 2016/1xxx/CVE-2016-1182.json | 169 +++++----- 2016/2xxx/CVE-2016-2183.json | 493 +++++++++++++++-------------- 2016/4xxx/CVE-2016-4000.json | 145 ++++----- 2016/5xxx/CVE-2016-5019.json | 127 ++++---- 2016/6xxx/CVE-2016-6306.json | 235 +++++++------- 2016/6xxx/CVE-2016-6814.json | 141 +++++---- 2016/8xxx/CVE-2016-8610.json | 213 ++++++------- 2017/1000xxx/CVE-2017-1000376.json | 81 ++--- 2017/12xxx/CVE-2017-12626.json | 93 +++--- 2017/14xxx/CVE-2017-14735.json | 91 +++--- 2017/15xxx/CVE-2017-15708.json | 85 ++--- 2017/15xxx/CVE-2017-15906.json | 103 +++--- 2017/5xxx/CVE-2017-5645.json | 373 +++++++++++----------- 2018/0xxx/CVE-2018-0734.json | 245 +++++++------- 2018/0xxx/CVE-2018-0735.json | 165 +++++----- 2018/1000xxx/CVE-2018-1000030.json | 129 ++++---- 2018/11xxx/CVE-2018-11039.json | 113 +++---- 2018/11xxx/CVE-2018-11040.json | 107 +++---- 2018/11xxx/CVE-2018-11054.json | 107 +++---- 2018/11xxx/CVE-2018-11055.json | 111 +++---- 2018/11xxx/CVE-2018-11056.json | 123 +++---- 2018/11xxx/CVE-2018-11057.json | 111 +++---- 2018/11xxx/CVE-2018-11058.json | 127 ++++---- 2018/11xxx/CVE-2018-11307.json | 169 +++++----- 2018/11xxx/CVE-2018-11759.json | 121 +++---- 2018/11xxx/CVE-2018-11784.json | 253 +++++++-------- 2018/14xxx/CVE-2018-14718.json | 247 ++++++++------- 2018/15xxx/CVE-2018-15473.json | 157 ++++----- 2018/15xxx/CVE-2018-15756.json | 197 ++++++------ 2018/15xxx/CVE-2018-15769.json | 85 ++--- 2018/16xxx/CVE-2018-16395.json | 169 +++++----- 2018/17xxx/CVE-2018-17189.json | 177 ++++++----- 2018/19xxx/CVE-2018-19362.json | 259 +++++++-------- 2018/1xxx/CVE-2018-1060.json | 195 ++++++------ 2018/1xxx/CVE-2018-1257.json | 111 +++---- 2018/1xxx/CVE-2018-1258.json | 131 ++++---- 2018/20xxx/CVE-2018-20684.json | 91 +++--- 2018/5xxx/CVE-2018-5407.json | 217 ++++++------- 2018/6xxx/CVE-2018-6829.json | 79 ++--- 2018/8xxx/CVE-2018-8032.json | 93 +++--- 2018/8xxx/CVE-2018-8039.json | 161 +++++----- 2019/0xxx/CVE-2019-0199.json | 235 +++++++------- 2019/0xxx/CVE-2019-0215.json | 165 +++++----- 2019/0xxx/CVE-2019-0221.json | 173 +++++----- 2019/0xxx/CVE-2019-0227.json | 73 ++--- 2019/0xxx/CVE-2019-0232.json | 203 ++++++------ 2019/10xxx/CVE-2019-10072.json | 127 ++++---- 2019/10xxx/CVE-2019-10086.json | 175 +++++----- 2019/10xxx/CVE-2019-10088.json | 91 +++--- 2019/10xxx/CVE-2019-10092.json | 91 +++--- 2019/10xxx/CVE-2019-10093.json | 91 +++--- 2019/10xxx/CVE-2019-10094.json | 85 ++--- 2019/10xxx/CVE-2019-10098.json | 73 ++--- 2019/10xxx/CVE-2019-10246.json | 95 +++--- 2019/10xxx/CVE-2019-10247.json | 127 ++++---- 2019/11xxx/CVE-2019-11358.json | 355 ++++++++++----------- 2019/11xxx/CVE-2019-11477.json | 297 ++++++++--------- 2019/11xxx/CVE-2019-11478.json | 295 ++++++++--------- 2019/11xxx/CVE-2019-11479.json | 279 ++++++++-------- 2019/12xxx/CVE-2019-12086.json | 253 +++++++-------- 2019/12xxx/CVE-2019-12384.json | 307 +++++++++--------- 2019/12xxx/CVE-2019-12406.json | 67 ++-- 2019/12xxx/CVE-2019-12415.json | 85 ++--- 2019/12xxx/CVE-2019-12419.json | 67 ++-- 2019/12xxx/CVE-2019-12814.json | 367 ++++++++++----------- 2019/13xxx/CVE-2019-13117.json | 109 +++---- 2019/13xxx/CVE-2019-13118.json | 277 ++++++++-------- 2019/14xxx/CVE-2019-14379.json | 355 ++++++++++----------- 2019/14xxx/CVE-2019-14439.json | 211 ++++++------ 2019/14xxx/CVE-2019-14540.json | 193 +++++------ 2019/15xxx/CVE-2019-15845.json | 97 +++--- 2019/15xxx/CVE-2019-15961.json | 4 +- 2019/16xxx/CVE-2019-16168.json | 109 +++---- 2019/16xxx/CVE-2019-16201.json | 97 +++--- 2019/16xxx/CVE-2019-16254.json | 127 ++++---- 2019/16xxx/CVE-2019-16255.json | 121 +++---- 2019/16xxx/CVE-2019-16335.json | 175 +++++----- 2019/16xxx/CVE-2019-16775.json | 113 +++---- 2019/16xxx/CVE-2019-16776.json | 113 +++---- 2019/16xxx/CVE-2019-16777.json | 113 +++---- 2019/16xxx/CVE-2019-16942.json | 157 ++++----- 2019/16xxx/CVE-2019-16943.json | 149 ++++----- 2019/17xxx/CVE-2019-17091.json | 127 ++++---- 2019/17xxx/CVE-2019-17267.json | 109 +++---- 2019/17xxx/CVE-2019-17359.json | 79 ++--- 2019/17xxx/CVE-2019-17531.json | 97 +++--- 2019/1xxx/CVE-2019-1547.json | 227 ++++++------- 2019/1xxx/CVE-2019-1549.json | 139 ++++---- 2019/1xxx/CVE-2019-1552.json | 167 +++++----- 2019/1xxx/CVE-2019-1559.json | 277 ++++++++-------- 2019/1xxx/CVE-2019-1563.json | 215 ++++++------- 2019/2xxx/CVE-2019-2904.json | 97 +++--- 2019/3xxx/CVE-2019-3862.json | 171 +++++----- 2020/3xxx/CVE-2020-3941.json | 50 ++- 100 files changed, 8083 insertions(+), 7957 deletions(-) diff --git a/2014/3xxx/CVE-2014-3004.json b/2014/3xxx/CVE-2014-3004.json index 57ecf0ba4a9..63b0ba2fd86 100644 --- a/2014/3xxx/CVE-2014-3004.json +++ b/2014/3xxx/CVE-2014-3004.json @@ -1,90 +1,91 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2014-3004", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3004", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document." + "lang": "eng", + "value": "The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html", - "refsource":"MISC", - "url":"http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html" + "name": "http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html" }, { - "name":"openSUSE-SU-2014:0822", - "refsource":"SUSE", - "url":"http://lists.opensuse.org/opensuse-updates/2014-06/msg00043.html" + "name": "openSUSE-SU-2014:0822", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00043.html" }, { - "name":"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811", - "refsource":"MISC", - "url":"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811" + "name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811", + "refsource": "MISC", + "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811" }, { - "name":"20140527 CVE-2014-3004 - Castor Library Default Config could lead to XML External Entity (XXE) Attacks", - "refsource":"FULLDISC", - "url":"http://seclists.org/fulldisclosure/2014/May/142" + "name": "20140527 CVE-2014-3004 - Castor Library Default Config could lead to XML External Entity (XXE) Attacks", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/May/142" }, { - "name":"59427", - "refsource":"SECUNIA", - "url":"http://secunia.com/advisories/59427" + "name": "59427", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59427" }, { - "name":"67676", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/67676" + "name": "67676", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67676" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2014/3xxx/CVE-2014-3596.json b/2014/3xxx/CVE-2014-3596.json index 3bdc1ee5fb6..59e337d3945 100644 --- a/2014/3xxx/CVE-2014-3596.json +++ b/2014/3xxx/CVE-2014-3596.json @@ -1,135 +1,136 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert@redhat.com", - "ID":"CVE-2014-3596", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3596", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784." + "lang": "eng", + "value": "The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"[oss-security] 20140820 CVE-2014-3596 - Apache Axis 1 vulnerable to MITM attack", - "refsource":"MLIST", - "url":"http://www.openwall.com/lists/oss-security/2014/08/20/2" + "name": "[oss-security] 20140820 CVE-2014-3596 - Apache Axis 1 vulnerable to MITM attack", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/08/20/2" }, { - "name":"https://issues.apache.org/jira/browse/AXIS-2905", - "refsource":"MISC", - "url":"https://issues.apache.org/jira/browse/AXIS-2905" + "name": "https://issues.apache.org/jira/browse/AXIS-2905", + "refsource": "MISC", + "url": "https://issues.apache.org/jira/browse/AXIS-2905" }, { - "name":"apache-axis-cve20143596-spoofing(95377)", - "refsource":"XF", - "url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/95377" + "name": "apache-axis-cve20143596-spoofing(95377)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95377" }, { - "name":"1030745", - "refsource":"SECTRACK", - "url":"http://www.securitytracker.com/id/1030745" + "name": "1030745", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030745" }, { - "name":"61222", - "refsource":"SECUNIA", - "url":"http://secunia.com/advisories/61222" + "name": "61222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61222" }, { - "name":"RHSA-2014:1193", - "refsource":"REDHAT", - "url":"http://rhn.redhat.com/errata/RHSA-2014-1193.html" + "name": "RHSA-2014:1193", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1193.html" }, { - "name":"69295", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/69295" + "name": "69295", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69295" }, { - "name":"http://linux.oracle.com/errata/ELSA-2014-1193.html", - "refsource":"CONFIRM", - "url":"http://linux.oracle.com/errata/ELSA-2014-1193.html" + "name": "http://linux.oracle.com/errata/ELSA-2014-1193.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1193.html" }, { - "refsource":"MLIST", - "name":"[axis-java-dev] 20190503 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596", - "url":"https://lists.apache.org/thread.html/44d4e88a5fa8ae60deb752029afe9054da87c5f859caf296fcf585e5@%3Cjava-dev.axis.apache.org%3E" + "refsource": "MLIST", + "name": "[axis-java-dev] 20190503 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596", + "url": "https://lists.apache.org/thread.html/44d4e88a5fa8ae60deb752029afe9054da87c5f859caf296fcf585e5@%3Cjava-dev.axis.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[axis-java-dev] 20190503 [jira] [Comment Edited] (AXIS-2905) Insecure certificate validation CVE-2014-3596", - "url":"https://lists.apache.org/thread.html/de2af12dcaba653d02b03235327ca4aa930401813a3cced8e151d29c@%3Cjava-dev.axis.apache.org%3E" + "refsource": "MLIST", + "name": "[axis-java-dev] 20190503 [jira] [Comment Edited] (AXIS-2905) Insecure certificate validation CVE-2014-3596", + "url": "https://lists.apache.org/thread.html/de2af12dcaba653d02b03235327ca4aa930401813a3cced8e151d29c@%3Cjava-dev.axis.apache.org%3E" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1497", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00007.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1497", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00007.html" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1526", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00022.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1526", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00022.html" }, { - "refsource":"MLIST", - "name":"[axis-java-dev] 20190907 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596", - "url":"https://lists.apache.org/thread.html/8aa25c99eeb0693fc229ec87d1423b5ed5d58558618706d8aba1d832@%3Cjava-dev.axis.apache.org%3E" + "refsource": "MLIST", + "name": "[axis-java-dev] 20190907 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596", + "url": "https://lists.apache.org/thread.html/8aa25c99eeb0693fc229ec87d1423b5ed5d58558618706d8aba1d832@%3Cjava-dev.axis.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[axis-java-dev] 20190909 [jira] [Resolved] (AXIS-2905) Insecure certificate validation CVE-2014-3596", - "url":"https://lists.apache.org/thread.html/a308887782e05da7cf692e4851ae2bd429a038570cbf594e6631cc8d@%3Cjava-dev.axis.apache.org%3E" + "refsource": "MLIST", + "name": "[axis-java-dev] 20190909 [jira] [Resolved] (AXIS-2905) Insecure certificate validation CVE-2014-3596", + "url": "https://lists.apache.org/thread.html/a308887782e05da7cf692e4851ae2bd429a038570cbf594e6631cc8d@%3Cjava-dev.axis.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[axis-java-dev] 20190909 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596", - "url":"https://lists.apache.org/thread.html/5e6c92145deddcecf70c3604041dcbd615efa2d37632fc2b9c367780@%3Cjava-dev.axis.apache.org%3E" + "refsource": "MLIST", + "name": "[axis-java-dev] 20190909 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596", + "url": "https://lists.apache.org/thread.html/5e6c92145deddcecf70c3604041dcbd615efa2d37632fc2b9c367780@%3Cjava-dev.axis.apache.org%3E" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2015/9xxx/CVE-2015-9251.json b/2015/9xxx/CVE-2015-9251.json index 94d77ed6d94..6c6aa7e5dbd 100644 --- a/2015/9xxx/CVE-2015-9251.json +++ b/2015/9xxx/CVE-2015-9251.json @@ -1,200 +1,201 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2015-9251", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9251", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed." + "lang": "eng", + "value": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://github.com/jquery/jquery/issues/2432", - "refsource":"MISC", - "url":"https://github.com/jquery/jquery/issues/2432" + "name": "https://github.com/jquery/jquery/issues/2432", + "refsource": "MISC", + "url": "https://github.com/jquery/jquery/issues/2432" }, { - "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource":"CONFIRM", - "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name":"https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", - "refsource":"MISC", - "url":"https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf" + "name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", + "refsource": "MISC", + "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf" }, { - "name":"https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", - "refsource":"MISC", - "url":"https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2" + "name": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", + "refsource": "MISC", + "url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2" }, { - "name":"https://snyk.io/vuln/npm:jquery:20150627", - "refsource":"MISC", - "url":"https://snyk.io/vuln/npm:jquery:20150627" + "name": "https://snyk.io/vuln/npm:jquery:20150627", + "refsource": "MISC", + "url": "https://snyk.io/vuln/npm:jquery:20150627" }, { - "name":"https://github.com/jquery/jquery/pull/2588", - "refsource":"MISC", - "url":"https://github.com/jquery/jquery/pull/2588" + "name": "https://github.com/jquery/jquery/pull/2588", + "refsource": "MISC", + "url": "https://github.com/jquery/jquery/pull/2588" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name":"105658", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/105658" + "name": "105658", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105658" }, { - "name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", - "refsource":"MISC", - "url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04" + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04" }, { - "name":"https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", - "refsource":"MISC", - "url":"https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc" + "name": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", + "refsource": "MISC", + "url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource":"BUGTRAQ", - "name":"20190509 dotCMS v5.1.1 Vulnerabilities", - "url":"https://seclists.org/bugtraq/2019/May/18" + "refsource": "BUGTRAQ", + "name": "20190509 dotCMS v5.1.1 Vulnerabilities", + "url": "https://seclists.org/bugtraq/2019/May/18" }, { - "refsource":"MISC", - "name":"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", - "url":"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", + "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { - "refsource":"FULLDISC", - "name":"20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", - "url":"http://seclists.org/fulldisclosure/2019/May/11" + "refsource": "FULLDISC", + "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", + "url": "http://seclists.org/fulldisclosure/2019/May/11" }, { - "refsource":"FULLDISC", - "name":"20190510 dotCMS v5.1.1 Vulnerabilities", - "url":"http://seclists.org/fulldisclosure/2019/May/10" + "refsource": "FULLDISC", + "name": "20190510 dotCMS v5.1.1 Vulnerabilities", + "url": "http://seclists.org/fulldisclosure/2019/May/10" }, { - "refsource":"FULLDISC", - "name":"20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", - "url":"http://seclists.org/fulldisclosure/2019/May/13" + "refsource": "FULLDISC", + "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", + "url": "http://seclists.org/fulldisclosure/2019/May/13" }, { - "refsource":"MISC", - "name":"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", - "url":"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", + "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource":"MLIST", - "name":"[flink-user] 20190811 Apache flink 1.7.2 security issues", - "url":"https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E" + "refsource": "MLIST", + "name": "[flink-user] 20190811 Apache flink 1.7.2 security issues", + "url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[flink-dev] 20190811 Apache flink 1.7.2 security issues", - "url":"https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E" + "refsource": "MLIST", + "name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues", + "url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[flink-user] 20190813 Apache flink 1.7.2 security issues", - "url":"https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E" + "refsource": "MLIST", + "name": "[flink-user] 20190813 Apache flink 1.7.2 security issues", + "url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[flink-user] 20190813 Re: Apache flink 1.7.2 security issues", - "url":"https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E" + "refsource": "MLIST", + "name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues", + "url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", - "url":"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E" + "refsource": "MLIST", + "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", + "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource":"CONFIRM", - "name":"https://www.tenable.com/security/tns-2019-08", - "url":"https://www.tenable.com/security/tns-2019-08" + "refsource": "CONFIRM", + "name": "https://www.tenable.com/security/tns-2019-08", + "url": "https://www.tenable.com/security/tns-2019-08" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/0xxx/CVE-2016-0701.json b/2016/0xxx/CVE-2016-0701.json index f56cc539891..b178e43f28f 100644 --- a/2016/0xxx/CVE-2016-0701.json +++ b/2016/0xxx/CVE-2016-0701.json @@ -1,155 +1,156 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert@redhat.com", - "ID":"CVE-2016-0701", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-0701", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file." + "lang": "eng", + "value": "The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"FEDORA-2016-527018d2ff", - "refsource":"FEDORA", - "url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html" + "name": "FEDORA-2016-527018d2ff", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { - "name":"1034849", - "refsource":"SECTRACK", - "url":"http://www.securitytracker.com/id/1034849" + "name": "1034849", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034849" }, { - "name":"https://git.openssl.org/?p=openssl.git;a=commit;h=c5b831f21d0d29d1e517d139d9d101763f60c9a2", - "refsource":"CONFIRM", - "url":"https://git.openssl.org/?p=openssl.git;a=commit;h=c5b831f21d0d29d1e517d139d9d101763f60c9a2" + "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=c5b831f21d0d29d1e517d139d9d101763f60c9a2", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=c5b831f21d0d29d1e517d139d9d101763f60c9a2" }, { - "name":"https://git.openssl.org/?p=openssl.git;a=commit;h=878e2c5b13010329c203f309ed0c8f2113f85648", - "refsource":"CONFIRM", - "url":"https://git.openssl.org/?p=openssl.git;a=commit;h=878e2c5b13010329c203f309ed0c8f2113f85648" + "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=878e2c5b13010329c203f309ed0c8f2113f85648", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=878e2c5b13010329c203f309ed0c8f2113f85648" }, { - "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821", - "refsource":"CONFIRM", - "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821" + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821" }, { - "name":"http://www.openssl.org/news/secadv/20160128.txt", - "refsource":"CONFIRM", - "url":"http://www.openssl.org/news/secadv/20160128.txt" + "name": "http://www.openssl.org/news/secadv/20160128.txt", + "refsource": "CONFIRM", + "url": "http://www.openssl.org/news/secadv/20160128.txt" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { - "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893", - "refsource":"CONFIRM", - "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893" + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893" }, { - "name":"GLSA-201601-05", - "refsource":"GENTOO", - "url":"https://security.gentoo.org/glsa/201601-05" + "name": "GLSA-201601-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201601-05" }, { - "name":"http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html", - "refsource":"MISC", - "url":"http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html" + "name": "http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html", + "refsource": "MISC", + "url": "http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html" }, { - "name":"82233", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/82233" + "name": "82233", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/82233" }, { - "name":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us", - "refsource":"CONFIRM", - "url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us" + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us" }, { - "name":"91787", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/91787" + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" }, { - "name":"VU#257823", - "refsource":"CERT-VN", - "url":"https://www.kb.cert.org/vuls/id/257823" + "name": "VU#257823", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/257823" }, { - "name":"openSUSE-SU-2016:0637", - "refsource":"SUSE", - "url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html" + "name": "openSUSE-SU-2016:0637", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html" }, { - "name":"USN-2883-1", - "refsource":"UBUNTU", - "url":"http://www.ubuntu.com/usn/USN-2883-1" + "name": "USN-2883-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2883-1" }, { - "name":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", - "refsource":"CONFIRM", - "url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/1000xxx/CVE-2016-1000031.json b/2016/1000xxx/CVE-2016-1000031.json index d47eec226f1..b2f5a516dc1 100644 --- a/2016/1000xxx/CVE-2016-1000031.json +++ b/2016/1000xxx/CVE-2016-1000031.json @@ -1,145 +1,146 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2016-1000031", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000031", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution" + "lang": "eng", + "value": "Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution" } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"93604", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/93604" + "name": "93604", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93604" }, { - "name":"https://security.netapp.com/advisory/ntap-20190212-0001/", - "refsource":"CONFIRM", - "url":"https://security.netapp.com/advisory/ntap-20190212-0001/" + "name": "https://security.netapp.com/advisory/ntap-20190212-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190212-0001/" }, { - "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource":"CONFIRM", - "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name":"https://issues.apache.org/jira/browse/WW-4812", - "refsource":"CONFIRM", - "url":"https://issues.apache.org/jira/browse/WW-4812" + "name": "https://issues.apache.org/jira/browse/WW-4812", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/WW-4812" }, { - "name":"http://www.zerodayinitiative.com/advisories/ZDI-16-570/", - "refsource":"MISC", - "url":"http://www.zerodayinitiative.com/advisories/ZDI-16-570/" + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-570/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-570/" }, { - "name":"https://www.tenable.com/security/research/tra-2016-30", - "refsource":"MISC", - "url":"https://www.tenable.com/security/research/tra-2016-30" + "name": "https://www.tenable.com/security/research/tra-2016-30", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2016-30" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name":"https://www.tenable.com/security/research/tra-2016-12", - "refsource":"MISC", - "url":"https://www.tenable.com/security/research/tra-2016-12" + "name": "https://www.tenable.com/security/research/tra-2016-12", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2016-12" }, { - "name":"https://issues.apache.org/jira/browse/FILEUPLOAD-279", - "refsource":"CONFIRM", - "url":"https://issues.apache.org/jira/browse/FILEUPLOAD-279" + "name": "https://issues.apache.org/jira/browse/FILEUPLOAD-279", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/FILEUPLOAD-279" }, { - "name":"https://www.tenable.com/security/research/tra-2016-23", - "refsource":"MISC", - "url":"https://www.tenable.com/security/research/tra-2016-23" + "name": "https://www.tenable.com/security/research/tra-2016-23", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2016-23" }, { - "name":"[announce] 20181105 [SECURITY] Immediately upgrade commons-fileupload to version 1.3.3 when running Struts 2.3.36 or prior", - "refsource":"MLIST", - "url":"https://lists.apache.org/thread.html/d66657323fd25e437face5e84899c8ca404ccd187e81c3f2fa8b6080@%3Cannounce.apache.org%3E" + "name": "[announce] 20181105 [SECURITY] Immediately upgrade commons-fileupload to version 1.3.3 when running Struts 2.3.36 or prior", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/d66657323fd25e437face5e84899c8ca404ccd187e81c3f2fa8b6080@%3Cannounce.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", - "url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" + "refsource": "MLIST", + "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1399", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00036.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1399", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00036.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource":"MISC" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "MISC" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/1xxx/CVE-2016-1181.json b/2016/1xxx/CVE-2016-1181.json index a3a791fa79a..c12baade424 100644 --- a/2016/1xxx/CVE-2016-1181.json +++ b/2016/1xxx/CVE-2016-1181.json @@ -1,155 +1,156 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"vultures@jpcert.or.jp", - "ID":"CVE-2016-1181", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-1181", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899." + "lang": "eng", + "value": "ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"JVNDB-2016-000096", - "refsource":"JVNDB", - "url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096" + "name": "JVNDB-2016-000096", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { - "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource":"CONFIRM", - "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name":"https://security.netapp.com/advisory/ntap-20180629-0006/", - "refsource":"CONFIRM", - "url":"https://security.netapp.com/advisory/ntap-20180629-0006/" + "name": "https://security.netapp.com/advisory/ntap-20180629-0006/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180629-0006/" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { - "name":"https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8", - "refsource":"CONFIRM", - "url":"https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8" + "name": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8", + "refsource": "CONFIRM", + "url": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8" }, { - "name":"https://bugzilla.redhat.com/show_bug.cgi?id=1343538", - "refsource":"CONFIRM", - "url":"https://bugzilla.redhat.com/show_bug.cgi?id=1343538" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343538", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343538" }, { - "name":"91068", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/91068" + "name": "91068", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91068" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { - "name":"1036056", - "refsource":"SECTRACK", - "url":"http://www.securitytracker.com/id/1036056" + "name": "1036056", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036056" }, { - "name":"JVN#03188560", - "refsource":"JVN", - "url":"http://jvn.jp/en/jp/JVN03188560/index.html" + "name": "JVN#03188560", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN03188560/index.html" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name":"91787", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/91787" + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" }, { - "name":"https://security-tracker.debian.org/tracker/CVE-2016-1181", - "refsource":"CONFIRM", - "url":"https://security-tracker.debian.org/tracker/CVE-2016-1181" + "name": "https://security-tracker.debian.org/tracker/CVE-2016-1181", + "refsource": "CONFIRM", + "url": "https://security-tracker.debian.org/tracker/CVE-2016-1181" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/1xxx/CVE-2016-1182.json b/2016/1xxx/CVE-2016-1182.json index dc08f37bdd8..b4b4d1f95da 100644 --- a/2016/1xxx/CVE-2016-1182.json +++ b/2016/1xxx/CVE-2016-1182.json @@ -1,150 +1,151 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"vultures@jpcert.or.jp", - "ID":"CVE-2016-1182", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-1182", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899." + "lang": "eng", + "value": "ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"JVNDB-2016-000097", - "refsource":"JVNDB", - "url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000097" + "name": "JVNDB-2016-000097", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000097" }, { - "name":"JVN#65044642", - "refsource":"JVN", - "url":"http://jvn.jp/en/jp/JVN65044642/index.html" + "name": "JVN#65044642", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN65044642/index.html" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { - "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource":"CONFIRM", - "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name":"https://security.netapp.com/advisory/ntap-20180629-0006/", - "refsource":"CONFIRM", - "url":"https://security.netapp.com/advisory/ntap-20180629-0006/" + "name": "https://security.netapp.com/advisory/ntap-20180629-0006/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180629-0006/" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { - "name":"https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8", - "refsource":"CONFIRM", - "url":"https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8" + "name": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8", + "refsource": "CONFIRM", + "url": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { - "name":"1036056", - "refsource":"SECTRACK", - "url":"http://www.securitytracker.com/id/1036056" + "name": "1036056", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036056" }, { - "name":"https://bugzilla.redhat.com/show_bug.cgi?id=1343540", - "refsource":"CONFIRM", - "url":"https://bugzilla.redhat.com/show_bug.cgi?id=1343540" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343540", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343540" }, { - "name":"91067", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/91067" + "name": "91067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91067" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name":"91787", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/91787" + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" }, { - "name":"https://security-tracker.debian.org/tracker/CVE-2016-1182", - "refsource":"CONFIRM", - "url":"https://security-tracker.debian.org/tracker/CVE-2016-1182" + "name": "https://security-tracker.debian.org/tracker/CVE-2016-1182", + "refsource": "CONFIRM", + "url": "https://security-tracker.debian.org/tracker/CVE-2016-1182" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/2xxx/CVE-2016-2183.json b/2016/2xxx/CVE-2016-2183.json index 33552d46ffb..e9f7aece10e 100644 --- a/2016/2xxx/CVE-2016-2183.json +++ b/2016/2xxx/CVE-2016-2183.json @@ -1,420 +1,421 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert@redhat.com", - "ID":"CVE-2016-2183", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2183", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack." + "lang": "eng", + "value": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"RHSA-2017:3113", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:3113" + "name": "RHSA-2017:3113", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3113" }, { - "name":"RHSA-2017:0338", - "refsource":"REDHAT", - "url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html" + "name": "RHSA-2017:0338", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html" }, { - "name":"https://www.tenable.com/security/tns-2016-20", - "refsource":"CONFIRM", - "url":"https://www.tenable.com/security/tns-2016-20" + "name": "https://www.tenable.com/security/tns-2016-20", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-20" }, { - "name":"https://sweet32.info/", - "refsource":"MISC", - "url":"https://sweet32.info/" + "name": "https://sweet32.info/", + "refsource": "MISC", + "url": "https://sweet32.info/" }, { - "name":"http://www.splunk.com/view/SP-CAAAPUE", - "refsource":"CONFIRM", - "url":"http://www.splunk.com/view/SP-CAAAPUE" + "name": "http://www.splunk.com/view/SP-CAAAPUE", + "refsource": "CONFIRM", + "url": "http://www.splunk.com/view/SP-CAAAPUE" }, { - "name":"https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "refsource":"CONFIRM", - "url":"https://bugzilla.redhat.com/show_bug.cgi?id=1369383" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { - "name":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us", - "refsource":"CONFIRM", - "url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us" + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us" }, { - "name":"https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "refsource":"MISC", - "url":"https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/" + "name": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", + "refsource": "MISC", + "url": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/" }, { - "name":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { - "name":"GLSA-201612-16", - "refsource":"GENTOO", - "url":"https://security.gentoo.org/glsa/201612-16" + "name": "GLSA-201612-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-16" }, { - "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "refsource":"CONFIRM", - "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403" + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403" }, { - "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource":"CONFIRM", - "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" }, { - "name":"https://access.redhat.com/articles/2548661", - "refsource":"CONFIRM", - "url":"https://access.redhat.com/articles/2548661" + "name": "https://access.redhat.com/articles/2548661", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/articles/2548661" }, { - "name":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "refsource":"CONFIRM", - "url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "refsource": "CONFIRM", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" }, { - "name":"https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue", - "refsource":"MISC", - "url":"https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" + "name": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue", + "refsource": "MISC", + "url": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" }, { - "name":"http://www.splunk.com/view/SP-CAAAPSV", - "refsource":"CONFIRM", - "url":"http://www.splunk.com/view/SP-CAAAPSV" + "name": "http://www.splunk.com/view/SP-CAAAPSV", + "refsource": "CONFIRM", + "url": "http://www.splunk.com/view/SP-CAAAPSV" }, { - "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "refsource":"CONFIRM", - "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415" + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415" }, { - "name":"RHSA-2017:3240", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:3240" + "name": "RHSA-2017:3240", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3240" }, { - "name":"http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "refsource":"CONFIRM", - "url":"http://www-01.ibm.com/support/docview.wss?uid=swg21995039" + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { - "name":"https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "refsource":"MISC", - "url":"https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633" + "name": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", + "refsource": "MISC", + "url": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { - "name":"https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "refsource":"CONFIRM", - "url":"https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" + "name": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", + "refsource": "CONFIRM", + "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" }, { - "name":"https://www.tenable.com/security/tns-2016-16", - "refsource":"CONFIRM", - "url":"https://www.tenable.com/security/tns-2016-16" + "name": "https://www.tenable.com/security/tns-2016-16", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-16" }, { - "name":"RHSA-2017:2709", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:2709" + "name": "RHSA-2017:2709", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2709" }, { - "name":"92630", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/92630" + "name": "92630", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92630" }, { - "name":"https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "refsource":"MISC", - "url":"https://www.sigsac.org/ccs/CCS2016/accepted-papers/" + "name": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", + "refsource": "MISC", + "url": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/" }, { - "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "refsource":"CONFIRM", - "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499" + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499" }, { - "name":"https://www.tenable.com/security/tns-2016-21", - "refsource":"CONFIRM", - "url":"https://www.tenable.com/security/tns-2016-21" + "name": "https://www.tenable.com/security/tns-2016-21", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-21" }, { - "name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10171", - "refsource":"CONFIRM", - "url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10171" + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10171" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { - "name":"http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "refsource":"CONFIRM", - "url":"http://www-01.ibm.com/support/docview.wss?uid=swg21991482" + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482" }, { - "name":"https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "refsource":"CONFIRM", - "url":"https://www.openssl.org/blog/blog/2016/08/24/sweet32/" + "name": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { - "name":"RHSA-2017:3239", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:3239" + "name": "RHSA-2017:3239", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { - "name":"https://access.redhat.com/security/cve/cve-2016-2183", - "refsource":"CONFIRM", - "url":"https://access.redhat.com/security/cve/cve-2016-2183" + "name": "https://access.redhat.com/security/cve/cve-2016-2183", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/security/cve/cve-2016-2183" }, { - "name":"GLSA-201701-65", - "refsource":"GENTOO", - "url":"https://security.gentoo.org/glsa/201701-65" + "name": "GLSA-201701-65", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-65" }, { - "name":"https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "refsource":"MISC", - "url":"https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/" + "name": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", + "refsource": "MISC", + "url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/" }, { - "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource":"CONFIRM", - "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" }, { - "name":"1036696", - "refsource":"SECTRACK", - "url":"http://www.securitytracker.com/id/1036696" + "name": "1036696", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036696" }, { - "name":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "refsource":"MISC", - "url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" }, { - "name":"https://security.netapp.com/advisory/ntap-20160915-0001/", - "refsource":"CONFIRM", - "url":"https://security.netapp.com/advisory/ntap-20160915-0001/" + "name": "https://security.netapp.com/advisory/ntap-20160915-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20160915-0001/" }, { - "name":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us", - "refsource":"CONFIRM", - "url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us" + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us" }, { - "name":"GLSA-201707-01", - "refsource":"GENTOO", - "url":"https://security.gentoo.org/glsa/201707-01" + "name": "GLSA-201707-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-01" }, { - "name":"95568", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/95568" + "name": "95568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95568" }, { - "name":"RHSA-2017:3114", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:3114" + "name": "RHSA-2017:3114", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3114" }, { - "name":"https://bto.bluecoat.com/security-advisory/sa133", - "refsource":"CONFIRM", - "url":"https://bto.bluecoat.com/security-advisory/sa133" + "name": "https://bto.bluecoat.com/security-advisory/sa133", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa133" }, { - "name":"https://www.tenable.com/security/tns-2017-09", - "refsource":"CONFIRM", - "url":"https://www.tenable.com/security/tns-2017-09" + "name": "https://www.tenable.com/security/tns-2017-09", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2017-09" }, { - "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "refsource":"CONFIRM", - "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849" + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849" }, { - "name":"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { - "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "refsource":"CONFIRM", - "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116" + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116" }, { - "name":"RHSA-2017:1216", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:1216" + "name": "RHSA-2017:1216", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1216" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { - "name":"RHSA-2017:2710", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:2710" + "name": "RHSA-2017:2710", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2710" }, { - "name":"https://security.netapp.com/advisory/ntap-20170119-0001/", - "refsource":"CONFIRM", - "url":"https://security.netapp.com/advisory/ntap-20170119-0001/" + "name": "https://security.netapp.com/advisory/ntap-20170119-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20170119-0001/" }, { - "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "refsource":"CONFIRM", - "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984" + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984" }, { - "name":"[tls] 20091120 RC4+3DES rekeying - long-lived TLS connections", - "refsource":"MLIST", - "url":"https://www.ietf.org/mail-archive/web/tls/current/msg04560.html" + "name": "[tls] 20091120 RC4+3DES rekeying - long-lived TLS connections", + "refsource": "MLIST", + "url": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html" }, { - "name":"RHSA-2018:2123", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:2123" + "name": "RHSA-2018:2123", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2123" }, { - "name":"https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "refsource":"MISC", - "url":"https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/" + "name": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", + "refsource": "MISC", + "url": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/" }, { - "name":"RHSA-2017:0337", - "refsource":"REDHAT", - "url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html" + "name": "RHSA-2017:0337", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html" }, { - "name":"RHSA-2017:2708", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:2708" + "name": "RHSA-2017:2708", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2708" }, { - "name":"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "refsource":"CONFIRM", - "url":"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008" + "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", + "refsource": "CONFIRM", + "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008" }, { - "name":"RHSA-2017:0336", - "refsource":"REDHAT", - "url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html" + "name": "RHSA-2017:0336", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html" }, { - "name":"SUSE-SU-2016:2470", - "refsource":"SUSE", - "url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" + "name": "SUSE-SU-2016:2470", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" }, { - "name":"http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "refsource":"CONFIRM", - "url":"http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697" + "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697" }, { - "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource":"CONFIRM", - "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" }, { - "name":"RHSA-2017:0462", - "refsource":"REDHAT", - "url":"http://rhn.redhat.com/errata/RHSA-2017-0462.html" + "name": "RHSA-2017:0462", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0462.html" }, { - "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "refsource":"CONFIRM", - "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" }, { - "name":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", - "refsource":"CONFIRM", - "url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1245", - "url":"https://access.redhat.com/errata/RHSA-2019:1245" + "refsource": "REDHAT", + "name": "RHSA-2019:1245", + "url": "https://access.redhat.com/errata/RHSA-2019:1245" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2859", - "url":"https://access.redhat.com/errata/RHSA-2019:2859" + "refsource": "REDHAT", + "name": "RHSA-2019:2859", + "url": "https://access.redhat.com/errata/RHSA-2019:2859" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/4xxx/CVE-2016-4000.json b/2016/4xxx/CVE-2016-4000.json index d14fa3d327a..2893dbd4b14 100644 --- a/2016/4xxx/CVE-2016-4000.json +++ b/2016/4xxx/CVE-2016-4000.json @@ -1,130 +1,131 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2016-4000", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4000", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object." + "lang": "eng", + "value": "Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource":"CONFIRM", - "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name":"https://security-tracker.debian.org/tracker/CVE-2016-4000", - "refsource":"MISC", - "url":"https://security-tracker.debian.org/tracker/CVE-2016-4000" + "name": "https://security-tracker.debian.org/tracker/CVE-2016-4000", + "refsource": "MISC", + "url": "https://security-tracker.debian.org/tracker/CVE-2016-4000" }, { - "name":"https://hg.python.org/jython/rev/d06e29d100c0", - "refsource":"CONFIRM", - "url":"https://hg.python.org/jython/rev/d06e29d100c0" + "name": "https://hg.python.org/jython/rev/d06e29d100c0", + "refsource": "CONFIRM", + "url": "https://hg.python.org/jython/rev/d06e29d100c0" }, { - "name":"https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451", - "refsource":"MISC", - "url":"https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451" + "name": "https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451", + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451" }, { - "name":"http://bugs.jython.org/issue2454", - "refsource":"CONFIRM", - "url":"http://bugs.jython.org/issue2454" + "name": "http://bugs.jython.org/issue2454", + "refsource": "CONFIRM", + "url": "http://bugs.jython.org/issue2454" }, { - "name":"DSA-3893", - "refsource":"DEBIAN", - "url":"http://www.debian.org/security/2017/dsa-3893" + "name": "DSA-3893", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3893" }, { - "name":"https://hg.python.org/jython/file/v2.7.1rc1/NEWS", - "refsource":"CONFIRM", - "url":"https://hg.python.org/jython/file/v2.7.1rc1/NEWS" + "name": "https://hg.python.org/jython/file/v2.7.1rc1/NEWS", + "refsource": "CONFIRM", + "url": "https://hg.python.org/jython/file/v2.7.1rc1/NEWS" }, { - "name":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859", - "refsource":"CONFIRM", - "url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859" + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name":"GLSA-201710-28", - "refsource":"GENTOO", - "url":"https://security.gentoo.org/glsa/201710-28" + "name": "GLSA-201710-28", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-28" }, { - "name":"105647", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/105647" + "name": "105647", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105647" }, { - "refsource":"MLIST", - "name":"[infra-devnull] 20190402 [GitHub] [flink] aloyszhang opened pull request #8100: [FLINK-12082] Bump up the jython-standalone version", - "url":"https://lists.apache.org/thread.html/0919ec1db20b1022f22b8e78f355667df74d6142b463ff17d03ad533@%3Cdevnull.infra.apache.org%3E" + "refsource": "MLIST", + "name": "[infra-devnull] 20190402 [GitHub] [flink] aloyszhang opened pull request #8100: [FLINK-12082] Bump up the jython-standalone version", + "url": "https://lists.apache.org/thread.html/0919ec1db20b1022f22b8e78f355667df74d6142b463ff17d03ad533@%3Cdevnull.infra.apache.org%3E" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/5xxx/CVE-2016-5019.json b/2016/5xxx/CVE-2016-5019.json index 31042e39f0f..7c0de80ad4e 100644 --- a/2016/5xxx/CVE-2016-5019.json +++ b/2016/5xxx/CVE-2016-5019.json @@ -1,115 +1,116 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert@redhat.com", - "ID":"CVE-2016-5019", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-5019", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string." + "lang": "eng", + "value": "CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { - "name":"[myfaces-users] 20160929 Re: CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability", - "refsource":"MLIST", - "url":"http://mail-archives.apache.org/mod_mbox/myfaces-users/201609.mbox/%3CCAM1yOjYM%2BEW3mLUfX0pNAVLfUFRAw-Bhvkp3UE5%3DEQzR8Yxsfw%40mail.gmail.com%3E" + "name": "[myfaces-users] 20160929 Re: CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/myfaces-users/201609.mbox/%3CCAM1yOjYM%2BEW3mLUfX0pNAVLfUFRAw-Bhvkp3UE5%3DEQzR8Yxsfw%40mail.gmail.com%3E" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { - "name":"http://packetstormsecurity.com/files/138920/Apache-MyFaces-Trinidad-Information-Disclosure.html", - "refsource":"MISC", - "url":"http://packetstormsecurity.com/files/138920/Apache-MyFaces-Trinidad-Information-Disclosure.html" + "name": "http://packetstormsecurity.com/files/138920/Apache-MyFaces-Trinidad-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/138920/Apache-MyFaces-Trinidad-Information-Disclosure.html" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { - "name":"https://issues.apache.org/jira/browse/TRINIDAD-2542", - "refsource":"CONFIRM", - "url":"https://issues.apache.org/jira/browse/TRINIDAD-2542" + "name": "https://issues.apache.org/jira/browse/TRINIDAD-2542", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/TRINIDAD-2542" }, { - "name":"93236", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/93236" + "name": "93236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93236" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { - "name":"1037633", - "refsource":"SECTRACK", - "url":"http://www.securitytracker.com/id/1037633" + "name": "1037633", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037633" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/6xxx/CVE-2016-6306.json b/2016/6xxx/CVE-2016-6306.json index 6e91b63493c..d6b9a5a6c0b 100644 --- a/2016/6xxx/CVE-2016-6306.json +++ b/2016/6xxx/CVE-2016-6306.json @@ -1,205 +1,206 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert@redhat.com", - "ID":"CVE-2016-6306", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6306", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c." + "lang": "eng", + "value": "The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://www.openssl.org/news/secadv/20160922.txt", - "refsource":"CONFIRM", - "url":"https://www.openssl.org/news/secadv/20160922.txt" + "name": "https://www.openssl.org/news/secadv/20160922.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20160922.txt" }, { - "name":"https://www.tenable.com/security/tns-2016-20", - "refsource":"CONFIRM", - "url":"https://www.tenable.com/security/tns-2016-20" + "name": "https://www.tenable.com/security/tns-2016-20", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-20" }, { - "name":"RHSA-2018:2185", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:2185" + "name": "RHSA-2018:2185", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2185" }, { - "name":"RHSA-2018:2186", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:2186" + "name": "RHSA-2018:2186", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2186" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { - "name":"93153", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/93153" + "name": "93153", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93153" }, { - "name":"RHSA-2016:1940", - "refsource":"REDHAT", - "url":"http://rhn.redhat.com/errata/RHSA-2016-1940.html" + "name": "RHSA-2016:1940", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html" }, { - "name":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { - "name":"GLSA-201612-16", - "refsource":"GENTOO", - "url":"https://security.gentoo.org/glsa/201612-16" + "name": "GLSA-201612-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-16" }, { - "name":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "refsource":"CONFIRM", - "url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "refsource": "CONFIRM", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" }, { - "name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", - "refsource":"CONFIRM", - "url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us" + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us" }, { - "name":"http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "refsource":"CONFIRM", - "url":"http://www-01.ibm.com/support/docview.wss?uid=swg21995039" + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { - "name":"1036885", - "refsource":"SECTRACK", - "url":"http://www.securitytracker.com/id/1036885" + "name": "1036885", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036885" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { - "name":"https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "refsource":"CONFIRM", - "url":"https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" + "name": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", + "refsource": "CONFIRM", + "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" }, { - "name":"https://www.tenable.com/security/tns-2016-16", - "refsource":"CONFIRM", - "url":"https://www.tenable.com/security/tns-2016-16" + "name": "https://www.tenable.com/security/tns-2016-16", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-16" }, { - "name":"https://www.tenable.com/security/tns-2016-21", - "refsource":"CONFIRM", - "url":"https://www.tenable.com/security/tns-2016-21" + "name": "https://www.tenable.com/security/tns-2016-21", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-21" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { - "name":"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { - "name":"https://bto.bluecoat.com/security-advisory/sa132", - "refsource":"CONFIRM", - "url":"https://bto.bluecoat.com/security-advisory/sa132" + "name": "https://bto.bluecoat.com/security-advisory/sa132", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { - "name":"https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9", - "refsource":"CONFIRM", - "url":"https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9" + "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { - "name":"FreeBSD-SA-16:26", - "refsource":"FREEBSD", - "url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc" + "name": "FreeBSD-SA-16:26", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc" }, { - "name":"SUSE-SU-2016:2470", - "refsource":"SUSE", - "url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" + "name": "SUSE-SU-2016:2470", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" }, { - "name":"RHSA-2018:2187", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:2187" + "name": "RHSA-2018:2187", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2187" }, { - "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "refsource":"CONFIRM", - "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" }, { - "name":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", - "refsource":"CONFIRM", - "url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/6xxx/CVE-2016-6814.json b/2016/6xxx/CVE-2016-6814.json index 32ae83e5b3e..02237fdac5c 100644 --- a/2016/6xxx/CVE-2016-6814.json +++ b/2016/6xxx/CVE-2016-6814.json @@ -1,126 +1,127 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "DATE_PUBLIC":"2018-01-15T00:00:00", - "ID":"CVE-2016-6814", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_PUBLIC": "2018-01-15T00:00:00", + "ID": "CVE-2016-6814", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability." + "lang": "eng", + "value": "When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { - "name":"RHSA-2017:2596", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:2596" + "name": "RHSA-2017:2596", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2596" }, { - "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource":"CONFIRM", - "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name":"http://mail-archives.apache.org/mod_mbox/www-announce/201701.mbox/%3CCADRx3PMZ2hBCGDTY35zYXFGaDnjAs0tc5-upaVs6QN2sYUejyA%40mail.gmail.com%3E", - "refsource":"MISC", - "url":"http://mail-archives.apache.org/mod_mbox/www-announce/201701.mbox/%3CCADRx3PMZ2hBCGDTY35zYXFGaDnjAs0tc5-upaVs6QN2sYUejyA%40mail.gmail.com%3E" + "name": "http://mail-archives.apache.org/mod_mbox/www-announce/201701.mbox/%3CCADRx3PMZ2hBCGDTY35zYXFGaDnjAs0tc5-upaVs6QN2sYUejyA%40mail.gmail.com%3E", + "refsource": "MISC", + "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201701.mbox/%3CCADRx3PMZ2hBCGDTY35zYXFGaDnjAs0tc5-upaVs6QN2sYUejyA%40mail.gmail.com%3E" }, { - "name":"RHSA-2017:0868", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:0868" + "name": "RHSA-2017:0868", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0868" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name":"RHSA-2017:2486", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:2486" + "name": "RHSA-2017:2486", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2486" }, { - "name":"RHSA-2017:0272", - "refsource":"REDHAT", - "url":"http://rhn.redhat.com/errata/RHSA-2017-0272.html" + "name": "RHSA-2017:0272", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0272.html" }, { - "name":"95429", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/95429" + "name": "95429", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95429" }, { - "name":"1039600", - "refsource":"SECTRACK", - "url":"http://www.securitytracker.com/id/1039600" + "name": "1039600", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039600" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/8xxx/CVE-2016-8610.json b/2016/8xxx/CVE-2016-8610.json index ec2fa830e6d..1d69a6defca 100644 --- a/2016/8xxx/CVE-2016-8610.json +++ b/2016/8xxx/CVE-2016-8610.json @@ -1,190 +1,191 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert@redhat.com", - "DATE_PUBLIC":"2016-10-24T00:00:00", - "ID":"CVE-2016-8610", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2016-10-24T00:00:00", + "ID": "CVE-2016-8610", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"OpenSSL", - "version":{ - "version_data":[ + "product_name": "OpenSSL", + "version": { + "version_data": [ { - "version_value":"All 0.9.8" + "version_value": "All 0.9.8" }, { - "version_value":"All 1.0.1" + "version_value": "All 1.0.1" }, { - "version_value":"1.0.2 through 1.0.2h" + "version_value": "1.0.2 through 1.0.2h" }, { - "version_value":"1.1.0" + "version_value": "1.1.0" } ] } } ] }, - "vendor_name":"OpenSSL" + "vendor_name": "OpenSSL" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients." + "lang": "eng", + "value": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"CWE-400" + "lang": "eng", + "value": "CWE-400" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"93841", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/93841" + "name": "93841", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93841" }, { - "name":"RHSA-2017:1659", - "refsource":"REDHAT", - "url":"http://rhn.redhat.com/errata/RHSA-2017-1659.html" + "name": "RHSA-2017:1659", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html" }, { - "name":"RHSA-2017:1658", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:1658" + "name": "RHSA-2017:1658", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1658" }, { - "name":"https://security.netapp.com/advisory/ntap-20171130-0001/", - "refsource":"CONFIRM", - "url":"https://security.netapp.com/advisory/ntap-20171130-0001/" + "name": "https://security.netapp.com/advisory/ntap-20171130-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171130-0001/" }, { - "name":"RHSA-2017:1801", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:1801" + "name": "RHSA-2017:1801", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1801" }, { - "name":"RHSA-2017:0286", - "refsource":"REDHAT", - "url":"http://rhn.redhat.com/errata/RHSA-2017-0286.html" + "name": "RHSA-2017:0286", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html" }, { - "name":"RHSA-2017:1413", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:1413" + "name": "RHSA-2017:1413", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1413" }, { - "name":"https://securityadvisories.paloaltonetworks.com/Home/Detail/87", - "refsource":"CONFIRM", - "url":"https://securityadvisories.paloaltonetworks.com/Home/Detail/87" + "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/87", + "refsource": "CONFIRM", + "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/87" }, { - "name":"RHSA-2017:2494", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:2494" + "name": "RHSA-2017:2494", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2494" }, { - "name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610", - "refsource":"CONFIRM", - "url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610" }, { - "name":"FreeBSD-SA-16:35", - "refsource":"FREEBSD", - "url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc" + "name": "FreeBSD-SA-16:35", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc" }, { - "name":"RHSA-2017:1414", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:1414" + "name": "RHSA-2017:1414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1414" }, { - "name":"[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS", - "refsource":"MLIST", - "url":"http://seclists.org/oss-sec/2016/q4/224" + "name": "[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2016/q4/224" }, { - "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401", - "refsource":"CONFIRM", - "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401" + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401" }, { - "name":"https://security.360.cn/cve/CVE-2016-8610/", - "refsource":"MISC", - "url":"https://security.360.cn/cve/CVE-2016-8610/" + "name": "https://security.360.cn/cve/CVE-2016-8610/", + "refsource": "MISC", + "url": "https://security.360.cn/cve/CVE-2016-8610/" }, { - "name":"RHSA-2017:0574", - "refsource":"REDHAT", - "url":"http://rhn.redhat.com/errata/RHSA-2017-0574.html" + "name": "RHSA-2017:0574", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html" }, { - "name":"DSA-3773", - "refsource":"DEBIAN", - "url":"https://www.debian.org/security/2017/dsa-3773" + "name": "DSA-3773", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3773" }, { - "name":"RHSA-2017:1415", - "refsource":"REDHAT", - "url":"http://rhn.redhat.com/errata/RHSA-2017-1415.html" + "name": "RHSA-2017:1415", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html" }, { - "name":"1037084", - "refsource":"SECTRACK", - "url":"http://www.securitytracker.com/id/1037084" + "name": "1037084", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037084" }, { - "name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us", - "refsource":"CONFIRM", - "url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us" + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us" }, { - "name":"RHSA-2017:1802", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:1802" + "name": "RHSA-2017:1802", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1802" }, { - "name":"RHSA-2017:2493", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:2493" + "name": "RHSA-2017:2493", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2493" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/1000xxx/CVE-2017-1000376.json b/2017/1000xxx/CVE-2017-1000376.json index fb689a1f36b..3ce410de8ea 100644 --- a/2017/1000xxx/CVE-2017-1000376.json +++ b/2017/1000xxx/CVE-2017-1000376.json @@ -1,76 +1,77 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2017-1000376", - "REQUESTER":"qsa@qualys.com", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1000376", + "REQUESTER": "qsa@qualys.com", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1." + "lang": "eng", + "value": "libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", - "refsource":"MISC", - "url":"https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" + "name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", + "refsource": "MISC", + "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" }, { - "name":"https://access.redhat.com/security/cve/CVE-2017-1000376", - "refsource":"CONFIRM", - "url":"https://access.redhat.com/security/cve/CVE-2017-1000376" + "name": "https://access.redhat.com/security/cve/CVE-2017-1000376", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/security/cve/CVE-2017-1000376" }, { - "name":"DSA-3889", - "refsource":"DEBIAN", - "url":"http://www.debian.org/security/2017/dsa-3889" + "name": "DSA-3889", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3889" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/12xxx/CVE-2017-12626.json b/2017/12xxx/CVE-2017-12626.json index 5bc4084a344..633c7bd1ddc 100644 --- a/2017/12xxx/CVE-2017-12626.json +++ b/2017/12xxx/CVE-2017-12626.json @@ -1,86 +1,87 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"security@apache.org", - "DATE_PUBLIC":"2018-01-26T00:00:00", - "ID":"CVE-2017-12626", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-01-26T00:00:00", + "ID": "CVE-2017-12626", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"Apache POI", - "version":{ - "version_data":[ + "product_name": "Apache POI", + "version": { + "version_data": [ { - "version_value":"< 3.17" + "version_value": "< 3.17" } ] } } ] }, - "vendor_name":"Apache Software Foundation" + "vendor_name": "Apache Software Foundation" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295)." + "lang": "eng", + "value": "Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295)." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Denial of Service Vulnerabilities" + "lang": "eng", + "value": "Denial of Service Vulnerabilities" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"RHSA-2018:1322", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:1322" + "name": "RHSA-2018:1322", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1322" }, { - "name":"[dev] 20180126 CVE-2017-12626 - Denial of Service Vulnerabilities in Apache POI < 3.17", - "refsource":"MLIST", - "url":"https://lists.apache.org/thread.html/453d9af5dbabaccd9afb58d27279a9dbfe8e35f4e5ea1645ddd6960b@%3Cdev.poi.apache.org%3E" + "name": "[dev] 20180126 CVE-2017-12626 - Denial of Service Vulnerabilities in Apache POI < 3.17", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/453d9af5dbabaccd9afb58d27279a9dbfe8e35f4e5ea1645ddd6960b@%3Cdev.poi.apache.org%3E" }, { - "name":"102879", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/102879" + "name": "102879", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102879" }, { - "refsource":"MLIST", - "name":"[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", - "url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" + "refsource": "MLIST", + "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/14xxx/CVE-2017-14735.json b/2017/14xxx/CVE-2017-14735.json index 4b6a6a022cd..86d9167bb83 100644 --- a/2017/14xxx/CVE-2017-14735.json +++ b/2017/14xxx/CVE-2017-14735.json @@ -1,85 +1,86 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2017-14735", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14735", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL." + "lang": "eng", + "value": "OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource":"CONFIRM", - "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name":"https://github.com/nahsra/antisamy/issues/10", - "refsource":"CONFIRM", - "url":"https://github.com/nahsra/antisamy/issues/10" + "name": "https://github.com/nahsra/antisamy/issues/10", + "refsource": "CONFIRM", + "url": "https://github.com/nahsra/antisamy/issues/10" }, { - "name":"105656", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/105656" + "name": "105656", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105656" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/15xxx/CVE-2017-15708.json b/2017/15xxx/CVE-2017-15708.json index 48dca6c11ed..ed1669472ed 100644 --- a/2017/15xxx/CVE-2017-15708.json +++ b/2017/15xxx/CVE-2017-15708.json @@ -1,86 +1,87 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"security@apache.org", - "DATE_PUBLIC":"2017-12-10T00:00:00", - "ID":"CVE-2017-15708", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-12-10T00:00:00", + "ID": "CVE-2017-15708", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"Apache Synapse", - "version":{ - "version_data":[ + "product_name": "Apache Synapse", + "version": { + "version_data": [ { - "version_value":"3.0.0" + "version_value": "3.0.0" }, { - "version_value":"2.1.0" + "version_value": "2.1.0" }, { - "version_value":"2.0.0" + "version_value": "2.0.0" }, { - "version_value":"1.2" + "version_value": "1.2" }, { - "version_value":"1.1.2" + "version_value": "1.1.2" }, { - "version_value":"1.1.1" + "version_value": "1.1.1" } ] } } ] }, - "vendor_name":"Apache Software Foundation" + "vendor_name": "Apache Software Foundation" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version." + "lang": "eng", + "value": "In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Remote Code Execution Vulnerability" + "lang": "eng", + "value": "Remote Code Execution Vulnerability" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"102154", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/102154" + "name": "102154", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102154" }, { - "name":"[dev] 20171210 [CVE-2017-15708] Apache Synapse Remote Code Execution Vulnerability", - "refsource":"MLIST", - "url":"https://lists.apache.org/thread.html/77f2accf240d25d91b47033e2f8ebec84ffbc6e6627112b2f98b66c9@%3Cdev.synapse.apache.org%3E" + "name": "[dev] 20171210 [CVE-2017-15708] Apache Synapse Remote Code Execution Vulnerability", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/77f2accf240d25d91b47033e2f8ebec84ffbc6e6627112b2f98b66c9@%3Cdev.synapse.apache.org%3E" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/15xxx/CVE-2017-15906.json b/2017/15xxx/CVE-2017-15906.json index 713ede0c9db..e4c5a71fb66 100644 --- a/2017/15xxx/CVE-2017-15906.json +++ b/2017/15xxx/CVE-2017-15906.json @@ -1,95 +1,96 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2017-15906", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15906", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files." + "lang": "eng", + "value": "The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://www.openssh.com/txt/release-7.6", - "refsource":"CONFIRM", - "url":"https://www.openssh.com/txt/release-7.6" + "name": "https://www.openssh.com/txt/release-7.6", + "refsource": "CONFIRM", + "url": "https://www.openssh.com/txt/release-7.6" }, { - "name":"101552", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/101552" + "name": "101552", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101552" }, { - "name":"https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19", - "refsource":"CONFIRM", - "url":"https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19" + "name": "https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19", + "refsource": "CONFIRM", + "url": "https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19" }, { - "name":"GLSA-201801-05", - "refsource":"GENTOO", - "url":"https://security.gentoo.org/glsa/201801-05" + "name": "GLSA-201801-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201801-05" }, { - "name":"https://security.netapp.com/advisory/ntap-20180423-0004/", - "refsource":"CONFIRM", - "url":"https://security.netapp.com/advisory/ntap-20180423-0004/" + "name": "https://security.netapp.com/advisory/ntap-20180423-0004/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180423-0004/" }, { - "name":"RHSA-2018:0980", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:0980" + "name": "RHSA-2018:0980", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0980" }, { - "name":"[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", - "refsource":"MLIST", - "url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" + "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/5xxx/CVE-2017-5645.json b/2017/5xxx/CVE-2017-5645.json index e5ed951451c..78fc86f1eb1 100644 --- a/2017/5xxx/CVE-2017-5645.json +++ b/2017/5xxx/CVE-2017-5645.json @@ -1,326 +1,327 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"security@apache.org", - "ID":"CVE-2017-5645", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-5645", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"Apache Log4j", - "version":{ - "version_data":[ + "product_name": "Apache Log4j", + "version": { + "version_data": [ { - "version_value":"All versions between 2.0-alpha1 and 2.8.1" + "version_value": "All versions between 2.0-alpha1 and 2.8.1" } ] } } ] }, - "vendor_name":"Apache Software Foundation" + "vendor_name": "Apache Software Foundation" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code." + "lang": "eng", + "value": "In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Remote Code Execution." + "lang": "eng", + "value": "Remote Code Execution." } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"RHSA-2017:2888", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:2888" + "name": "RHSA-2017:2888", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2888" }, { - "name":"RHSA-2017:2809", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:2809" + "name": "RHSA-2017:2809", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2809" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { - "name":"97702", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/97702" + "name": "97702", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97702" }, { - "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource":"CONFIRM", - "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name":"1041294", - "refsource":"SECTRACK", - "url":"http://www.securitytracker.com/id/1041294" + "name": "1041294", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041294" }, { - "name":"RHSA-2017:2810", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:2810" + "name": "RHSA-2017:2810", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2810" }, { - "name":"RHSA-2017:1801", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:1801" + "name": "RHSA-2017:1801", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1801" }, { - "name":"RHSA-2017:2889", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:2889" + "name": "RHSA-2017:2889", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2889" }, { - "name":"RHSA-2017:2635", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:2635" + "name": "RHSA-2017:2635", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2635" }, { - "name":"RHSA-2017:2638", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:2638" + "name": "RHSA-2017:2638", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2638" }, { - "name":"https://security.netapp.com/advisory/ntap-20181107-0002/", - "refsource":"CONFIRM", - "url":"https://security.netapp.com/advisory/ntap-20181107-0002/" + "name": "https://security.netapp.com/advisory/ntap-20181107-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181107-0002/" }, { - "name":"RHSA-2017:1417", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:1417" + "name": "RHSA-2017:1417", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1417" }, { - "name":"RHSA-2017:2423", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:2423" + "name": "RHSA-2017:2423", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2423" }, { - "name":"RHSA-2017:2808", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:2808" + "name": "RHSA-2017:2808", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2808" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { - "name":"1040200", - "refsource":"SECTRACK", - "url":"http://www.securitytracker.com/id/1040200" + "name": "1040200", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040200" }, { - "name":"RHSA-2017:2636", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:2636" + "name": "RHSA-2017:2636", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2636" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name":"RHSA-2017:3399", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:3399" + "name": "RHSA-2017:3399", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3399" }, { - "name":"https://security.netapp.com/advisory/ntap-20180726-0002/", - "refsource":"CONFIRM", - "url":"https://security.netapp.com/advisory/ntap-20180726-0002/" + "name": "https://security.netapp.com/advisory/ntap-20180726-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180726-0002/" }, { - "name":"RHSA-2017:2637", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:2637" + "name": "RHSA-2017:2637", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2637" }, { - "name":"RHSA-2017:3244", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:3244" + "name": "RHSA-2017:3244", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3244" }, { - "name":"https://issues.apache.org/jira/browse/LOG4J2-1863", - "refsource":"CONFIRM", - "url":"https://issues.apache.org/jira/browse/LOG4J2-1863" + "name": "https://issues.apache.org/jira/browse/LOG4J2-1863", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/LOG4J2-1863" }, { - "name":"RHSA-2017:3400", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:3400" + "name": "RHSA-2017:3400", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3400" }, { - "name":"RHSA-2017:2633", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:2633" + "name": "RHSA-2017:2633", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2633" }, { - "name":"RHSA-2017:2811", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:2811" + "name": "RHSA-2017:2811", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2811" }, { - "name":"RHSA-2017:1802", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2017:1802" + "name": "RHSA-2017:1802", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1802" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1545", - "url":"https://access.redhat.com/errata/RHSA-2019:1545" + "refsource": "REDHAT", + "name": "RHSA-2019:1545", + "url": "https://access.redhat.com/errata/RHSA-2019:1545" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"MLIST", - "name":"[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", - "url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E" + "refsource": "MLIST", + "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", + "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[logging-dev] 20191215 Re: Is there any chance that there will be a security fix for log4j-v1.2.17?", - "url":"https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc@%3Cdev.logging.apache.org%3E" + "refsource": "MLIST", + "name": "[logging-dev] 20191215 Re: Is there any chance that there will be a security fix for log4j-v1.2.17?", + "url": "https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc@%3Cdev.logging.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[logging-dev] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", - "url":"https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125@%3Cdev.logging.apache.org%3E" + "refsource": "MLIST", + "name": "[logging-dev] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url": "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125@%3Cdev.logging.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[oss-security] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", - "url":"http://www.openwall.com/lists/oss-security/2019/12/19/2" + "refsource": "MLIST", + "name": "[oss-security] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url": "http://www.openwall.com/lists/oss-security/2019/12/19/2" }, { - "refsource":"MLIST", - "name":"[announce] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", - "url":"https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917@%3Cannounce.apache.org%3E" + "refsource": "MLIST", + "name": "[announce] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url": "https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917@%3Cannounce.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[logging-dev] 20191219 Re: [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", - "url":"https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9@%3Cdev.logging.apache.org%3E" + "refsource": "MLIST", + "name": "[logging-dev] 20191219 Re: [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url": "https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9@%3Cdev.logging.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[activemq-issues] 20191226 [jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", - "url":"https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac@%3Cissues.activemq.apache.org%3E" + "refsource": "MLIST", + "name": "[activemq-issues] 20191226 [jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac@%3Cissues.activemq.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tika-dev] 20191226 [jira] [Created] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", - "url":"https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c@%3Cdev.tika.apache.org%3E" + "refsource": "MLIST", + "name": "[tika-dev] 20191226 [jira] [Created] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c@%3Cdev.tika.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tika-dev] 20191226 [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", - "url":"https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1@%3Cdev.tika.apache.org%3E" + "refsource": "MLIST", + "name": "[tika-dev] 20191226 [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1@%3Cdev.tika.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tika-dev] 20191230 [jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", - "url":"https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6@%3Cdev.tika.apache.org%3E" + "refsource": "MLIST", + "name": "[tika-dev] 20191230 [jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url": "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6@%3Cdev.tika.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[activemq-issues] 20191230 [jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", - "url":"https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c@%3Cissues.activemq.apache.org%3E" + "refsource": "MLIST", + "name": "[activemq-issues] 20191230 [jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", + "url": "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c@%3Cissues.activemq.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tika-dev] 20200106 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", - "url":"https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f@%3Cdev.tika.apache.org%3E" + "refsource": "MLIST", + "name": "[tika-dev] 20200106 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url": "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f@%3Cdev.tika.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tika-dev] 20200107 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", - "url":"https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8@%3Cdev.tika.apache.org%3E" + "refsource": "MLIST", + "name": "[tika-dev] 20200107 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url": "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8@%3Cdev.tika.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", - "url":"https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7@%3Cdev.tika.apache.org%3E" + "refsource": "MLIST", + "name": "[tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url": "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7@%3Cdev.tika.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", - "url":"https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3Cdev.tika.apache.org%3E" + "refsource": "MLIST", + "name": "[tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url": "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3Cdev.tika.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", - "url":"https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3Cdev.tika.apache.org%3E" + "refsource": "MLIST", + "name": "[tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3Cdev.tika.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", - "url":"https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3Cdev.tika.apache.org%3E" + "refsource": "MLIST", + "name": "[tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3Cdev.tika.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", - "url":"https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3Cdev.tika.apache.org%3E" + "refsource": "MLIST", + "name": "[tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3Cdev.tika.apache.org%3E" }, { "refsource": "MLIST", "name": "[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", "url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3Cdev.tika.apache.org%3E" }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, { "refsource": "MLIST", "name": "[tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", "url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3Cdev.tika.apache.org%3E" - }, - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" - } + } ] } } \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0734.json b/2018/0xxx/CVE-2018-0734.json index e56bf1f7983..6f23a52840a 100644 --- a/2018/0xxx/CVE-2018-0734.json +++ b/2018/0xxx/CVE-2018-0734.json @@ -1,216 +1,217 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"openssl-security@openssl.org", - "DATE_PUBLIC":"2018-10-30", - "ID":"CVE-2018-0734", - "STATE":"PUBLIC", - "TITLE":"Timing attack against DSA" + "CVE_data_meta": { + "ASSIGNER": "openssl-security@openssl.org", + "DATE_PUBLIC": "2018-10-30", + "ID": "CVE-2018-0734", + "STATE": "PUBLIC", + "TITLE": "Timing attack against DSA" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"OpenSSL", - "version":{ - "version_data":[ + "product_name": "OpenSSL", + "version": { + "version_data": [ { - "version_value":"Fixed in OpenSSL 1.1.1a (Affected 1.1.1)" + "version_value": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)" }, { - "version_value":"Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)" + "version_value": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)" }, { - "version_value":"Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)" + "version_value": "Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)" } ] } } ] }, - "vendor_name":"OpenSSL" + "vendor_name": "OpenSSL" } ] } }, - "credit":[ + "credit": [ { - "lang":"eng", - "value":"Samuel Weiser" + "lang": "eng", + "value": "Samuel Weiser" } ], - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)." + "lang": "eng", + "value": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)." } ] }, - "impact":[ + "impact": [ { - "lang":"eng", - "url":"https://www.openssl.org/policies/secpolicy.html#Low", - "value":"Low" + "lang": "eng", + "url": "https://www.openssl.org/policies/secpolicy.html#Low", + "value": "Low" } ], - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Constant time issue" + "lang": "eng", + "value": "Constant time issue" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource":"CONFIRM", - "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name":"USN-3840-1", - "refsource":"UBUNTU", - "url":"https://usn.ubuntu.com/3840-1/" + "name": "USN-3840-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3840-1/" }, { - "name":"DSA-4355", - "refsource":"DEBIAN", - "url":"https://www.debian.org/security/2018/dsa-4355" + "name": "DSA-4355", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4355" }, { - "name":"https://security.netapp.com/advisory/ntap-20181105-0002/", - "refsource":"CONFIRM", - "url":"https://security.netapp.com/advisory/ntap-20181105-0002/" + "name": "https://security.netapp.com/advisory/ntap-20181105-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181105-0002/" }, { - "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", - "refsource":"CONFIRM", - "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f" + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f" }, { - "name":"https://www.tenable.com/security/tns-2018-17", - "refsource":"CONFIRM", - "url":"https://www.tenable.com/security/tns-2018-17" + "name": "https://www.tenable.com/security/tns-2018-17", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2018-17" }, { - "name":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "refsource":"CONFIRM", - "url":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" + "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "refsource": "CONFIRM", + "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { - "name":"https://www.tenable.com/security/tns-2018-16", - "refsource":"CONFIRM", - "url":"https://www.tenable.com/security/tns-2018-16" + "name": "https://www.tenable.com/security/tns-2018-16", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2018-16" }, { - "name":"105758", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/105758" + "name": "105758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105758" }, { - "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", - "refsource":"CONFIRM", - "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7" + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7" }, { - "name":"DSA-4348", - "refsource":"DEBIAN", - "url":"https://www.debian.org/security/2018/dsa-4348" + "name": "DSA-4348", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4348" }, { - "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", - "refsource":"CONFIRM", - "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac" + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac" }, { - "name":"https://www.openssl.org/news/secadv/20181030.txt", - "refsource":"CONFIRM", - "url":"https://www.openssl.org/news/secadv/20181030.txt" + "name": "https://www.openssl.org/news/secadv/20181030.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20181030.txt" }, { - "name":"https://security.netapp.com/advisory/ntap-20190118-0002/", - "refsource":"CONFIRM", - "url":"https://security.netapp.com/advisory/ntap-20190118-0002/" + "name": "https://security.netapp.com/advisory/ntap-20190118-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190118-0002/" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190423-0002/", - "url":"https://security.netapp.com/advisory/ntap-20190423-0002/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190423-0002/", + "url": "https://security.netapp.com/advisory/ntap-20190423-0002/" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1547", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1547", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1814", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1814", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2304", - "url":"https://access.redhat.com/errata/RHSA-2019:2304" + "refsource": "REDHAT", + "name": "RHSA-2019:2304", + "url": "https://access.redhat.com/errata/RHSA-2019:2304" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-db06efdea1", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" + "refsource": "FEDORA", + "name": "FEDORA-2019-db06efdea1", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-00c25b9379", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" + "refsource": "FEDORA", + "name": "FEDORA-2019-00c25b9379", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-9a0a7c0986", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" + "refsource": "FEDORA", + "name": "FEDORA-2019-9a0a7c0986", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3700", - "url":"https://access.redhat.com/errata/RHSA-2019:3700" + "refsource": "REDHAT", + "name": "RHSA-2019:3700", + "url": "https://access.redhat.com/errata/RHSA-2019:3700" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3933", - "url":"https://access.redhat.com/errata/RHSA-2019:3933" + "refsource": "REDHAT", + "name": "RHSA-2019:3933", + "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3935", - "url":"https://access.redhat.com/errata/RHSA-2019:3935" + "refsource": "REDHAT", + "name": "RHSA-2019:3935", + "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3932", - "url":"https://access.redhat.com/errata/RHSA-2019:3932" + "refsource": "REDHAT", + "name": "RHSA-2019:3932", + "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/0xxx/CVE-2018-0735.json b/2018/0xxx/CVE-2018-0735.json index b6c38d1c5c9..421909664d5 100644 --- a/2018/0xxx/CVE-2018-0735.json +++ b/2018/0xxx/CVE-2018-0735.json @@ -1,148 +1,149 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"openssl-security@openssl.org", - "DATE_PUBLIC":"2018-10-29", - "ID":"CVE-2018-0735", - "STATE":"PUBLIC", - "TITLE":"Timing attack against ECDSA signature generation" + "CVE_data_meta": { + "ASSIGNER": "openssl-security@openssl.org", + "DATE_PUBLIC": "2018-10-29", + "ID": "CVE-2018-0735", + "STATE": "PUBLIC", + "TITLE": "Timing attack against ECDSA signature generation" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"OpenSSL", - "version":{ - "version_data":[ + "product_name": "OpenSSL", + "version": { + "version_data": [ { - "version_value":"Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)" + "version_value": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)" }, { - "version_value":"Fixed in OpenSSL 1.1.1a (Affected 1.1.1)" + "version_value": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)" } ] } } ] }, - "vendor_name":"OpenSSL" + "vendor_name": "OpenSSL" } ] } }, - "credit":[ + "credit": [ { - "lang":"eng", - "value":"Samuel Weiser" + "lang": "eng", + "value": "Samuel Weiser" } ], - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)." + "lang": "eng", + "value": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)." } ] }, - "impact":[ + "impact": [ { - "lang":"eng", - "url":"https://www.openssl.org/policies/secpolicy.html#Low", - "value":"Low" + "lang": "eng", + "url": "https://www.openssl.org/policies/secpolicy.html#Low", + "value": "Low" } ], - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Constant time issue" + "lang": "eng", + "value": "Constant time issue" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1", - "refsource":"CONFIRM", - "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1" + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1" }, { - "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource":"CONFIRM", - "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name":"105750", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/105750" + "name": "105750", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105750" }, { - "name":"USN-3840-1", - "refsource":"UBUNTU", - "url":"https://usn.ubuntu.com/3840-1/" + "name": "USN-3840-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3840-1/" }, { - "name":"https://security.netapp.com/advisory/ntap-20181105-0002/", - "refsource":"CONFIRM", - "url":"https://security.netapp.com/advisory/ntap-20181105-0002/" + "name": "https://security.netapp.com/advisory/ntap-20181105-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181105-0002/" }, { - "name":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "refsource":"CONFIRM", - "url":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" + "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "refsource": "CONFIRM", + "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { - "name":"1041986", - "refsource":"SECTRACK", - "url":"http://www.securitytracker.com/id/1041986" + "name": "1041986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041986" }, { - "name":"[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", - "refsource":"MLIST", - "url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" + "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" }, { - "name":"DSA-4348", - "refsource":"DEBIAN", - "url":"https://www.debian.org/security/2018/dsa-4348" + "name": "DSA-4348", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4348" }, { - "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4", - "refsource":"CONFIRM", - "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4" + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4" }, { - "name":"https://www.openssl.org/news/secadv/20181029.txt", - "refsource":"CONFIRM", - "url":"https://www.openssl.org/news/secadv/20181029.txt" + "name": "https://www.openssl.org/news/secadv/20181029.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20181029.txt" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3700", - "url":"https://access.redhat.com/errata/RHSA-2019:3700" + "refsource": "REDHAT", + "name": "RHSA-2019:3700", + "url": "https://access.redhat.com/errata/RHSA-2019:3700" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/1000xxx/CVE-2018-1000030.json b/2018/1000xxx/CVE-2018-1000030.json index 7261e56d6f8..a71c628be8d 100644 --- a/2018/1000xxx/CVE-2018-1000030.json +++ b/2018/1000xxx/CVE-2018-1000030.json @@ -1,108 +1,109 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "DATE_ASSIGNED":"2018-02-02", - "ID":"CVE-2018-1000030", - "REQUESTER":"tylerp96@gmail.com", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-02-02", + "ID": "CVE-2018-1000030", + "REQUESTER": "tylerp96@gmail.com", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE." + "lang": "eng", + "value": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE." } ] }, - "impact":{ - "cvss":{ - "attackComplexity":"HIGH", - "attackVector":"LOCAL", - "availabilityImpact":"LOW", - "baseScore":"3.6", - "baseSeverity":"LOW", - "confidentialityImpact":"LOW", - "integrityImpact":"NONE", - "privilegesRequired":"LOW", - "scope":"UNCHANGED", - "userInteraction":"NONE", - "vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "version":"3.0" + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": "3.6", + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", + "version": "3.0" } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", - "refsource":"MISC", - "url":"https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view" + "name": "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", + "refsource": "MISC", + "url": "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view" }, { - "name":"USN-3817-2", - "refsource":"UBUNTU", - "url":"https://usn.ubuntu.com/3817-2/" + "name": "USN-3817-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3817-2/" }, { - "name":"GLSA-201811-02", - "refsource":"GENTOO", - "url":"https://security.gentoo.org/glsa/201811-02" + "name": "GLSA-201811-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-02" }, { - "name":"https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0", - "refsource":"MISC", - "url":"https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" + "name": "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0", + "refsource": "MISC", + "url": "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" }, { - "name":"USN-3817-1", - "refsource":"UBUNTU", - "url":"https://usn.ubuntu.com/3817-1/" + "name": "USN-3817-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3817-1/" }, { - "name":"https://bugs.python.org/issue31530", - "refsource":"CONFIRM", - "url":"https://bugs.python.org/issue31530" + "name": "https://bugs.python.org/issue31530", + "refsource": "CONFIRM", + "url": "https://bugs.python.org/issue31530" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/11xxx/CVE-2018-11039.json b/2018/11xxx/CVE-2018-11039.json index 98328c3228e..afd204ce154 100644 --- a/2018/11xxx/CVE-2018-11039.json +++ b/2018/11xxx/CVE-2018-11039.json @@ -1,102 +1,103 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secure@dell.com", - "DATE_PUBLIC":"2018-06-14T04:00:00.000Z", - "ID":"CVE-2018-11039", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2018-06-14T04:00:00.000Z", + "ID": "CVE-2018-11039", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"Spring Framework", - "version":{ - "version_data":[ + "product_name": "Spring Framework", + "version": { + "version_data": [ { - "affected":"<", - "version_name":"5.0.x", - "version_value":"5.0.7" + "affected": "<", + "version_name": "5.0.x", + "version_value": "5.0.7" }, { - "affected":"<", - "version_name":"4.3.x ", - "version_value":"4.3.18" + "affected": "<", + "version_name": "4.3.x ", + "version_value": "4.3.18" } ] } } ] }, - "vendor_name":"Pivotal" + "vendor_name": "Pivotal" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack." + "lang": "eng", + "value": "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Cross Site Tracing" + "lang": "eng", + "value": "Cross Site Tracing" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource":"CONFIRM", - "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name":"https://pivotal.io/security/cve-2018-11039", - "refsource":"CONFIRM", - "url":"https://pivotal.io/security/cve-2018-11039" + "name": "https://pivotal.io/security/cve-2018-11039", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2018-11039" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource":"BID", - "name":"107984", - "url":"http://www.securityfocus.com/bid/107984" + "refsource": "BID", + "name": "107984", + "url": "http://www.securityfocus.com/bid/107984" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source":{ - "discovery":"UNKNOWN" + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11040.json b/2018/11xxx/CVE-2018-11040.json index 0ceb4e9d439..03bde433bfe 100644 --- a/2018/11xxx/CVE-2018-11040.json +++ b/2018/11xxx/CVE-2018-11040.json @@ -1,97 +1,98 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secure@dell.com", - "DATE_PUBLIC":"2018-06-14T04:00:00.000Z", - "ID":"CVE-2018-11040", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2018-06-14T04:00:00.000Z", + "ID": "CVE-2018-11040", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"Spring Framework", - "version":{ - "version_data":[ + "product_name": "Spring Framework", + "version": { + "version_data": [ { - "affected":"<", - "version_name":"5.0.x", - "version_value":"5.0.7" + "affected": "<", + "version_name": "5.0.x", + "version_value": "5.0.7" }, { - "affected":"<", - "version_name":"4.3.x ", - "version_value":"4.3.18" + "affected": "<", + "version_name": "4.3.x ", + "version_value": "4.3.18" } ] } } ] }, - "vendor_name":"Pivotal" + "vendor_name": "Pivotal" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the \"jsonp\" and \"callback\" JSONP parameters, enabling cross-domain requests." + "lang": "eng", + "value": "Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the \"jsonp\" and \"callback\" JSONP parameters, enabling cross-domain requests." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"JSONP enabled by default in MappingJackson2JsonView" + "lang": "eng", + "value": "JSONP enabled by default in MappingJackson2JsonView" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://pivotal.io/security/cve-2018-11040", - "refsource":"CONFIRM", - "url":"https://pivotal.io/security/cve-2018-11040" + "name": "https://pivotal.io/security/cve-2018-11040", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2018-11040" }, { - "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource":"CONFIRM", - "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source":{ - "discovery":"UNKNOWN" + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11054.json b/2018/11xxx/CVE-2018-11054.json index bc3f89d5108..46f3b3324a3 100644 --- a/2018/11xxx/CVE-2018-11054.json +++ b/2018/11xxx/CVE-2018-11054.json @@ -1,91 +1,92 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secure@dell.com", - "ID":"CVE-2018-11054", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "ID": "CVE-2018-11054", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"BSAFE Micro Edition Suite", - "version":{ - "version_data":[ + "product_name": "BSAFE Micro Edition Suite", + "version": { + "version_data": [ { - "affected":"=", - "version_value":"4.1.6" + "affected": "=", + "version_value": "4.1.6" } ] } } ] }, - "vendor_name":"RSA" + "vendor_name": "RSA" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service." + "lang": "eng", + "value": "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service." } ] }, - "impact":{ - "cvss":{ - "attackComplexity":"LOW", - "attackVector":"NETWORK", - "availabilityImpact":"HIGH", - "baseScore":7.5, - "baseSeverity":"HIGH", - "confidentialityImpact":"NONE", - "integrityImpact":"NONE", - "privilegesRequired":"NONE", - "scope":"UNCHANGED", - "userInteraction":"NONE", - "vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version":"3.0" + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"integer overflow vulnerability" + "lang": "eng", + "value": "integer overflow vulnerability" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", - "refsource":"FULLDISC", - "url":"http://seclists.org/fulldisclosure/2018/Aug/46" + "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Aug/46" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source":{ - "discovery":"UNKNOWN" + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11055.json b/2018/11xxx/CVE-2018-11055.json index 241c08c90e4..baf4c53a53b 100644 --- a/2018/11xxx/CVE-2018-11055.json +++ b/2018/11xxx/CVE-2018-11055.json @@ -1,95 +1,96 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secure@dell.com", - "ID":"CVE-2018-11055", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "ID": "CVE-2018-11055", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"BSAFE Micro Edition Suite", - "version":{ - "version_data":[ + "product_name": "BSAFE Micro Edition Suite", + "version": { + "version_data": [ { - "affected":"<", - "version_value":"4.0.11" + "affected": "<", + "version_value": "4.0.11" }, { - "affected":"<", - "version_value":"4.1.6.1" + "affected": "<", + "version_value": "4.1.6.1" } ] } } ] }, - "vendor_name":"RSA" + "vendor_name": "RSA" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection." + "lang": "eng", + "value": "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection." } ] }, - "impact":{ - "cvss":{ - "attackComplexity":"LOW", - "attackVector":"LOCAL", - "availabilityImpact":"NONE", - "baseScore":4.4, - "baseSeverity":"MEDIUM", - "confidentialityImpact":"HIGH", - "integrityImpact":"NONE", - "privilegesRequired":"HIGH", - "scope":"UNCHANGED", - "userInteraction":"NONE", - "vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", - "version":"3.0" + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability" + "lang": "eng", + "value": "Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", - "refsource":"FULLDISC", - "url":"http://seclists.org/fulldisclosure/2018/Aug/46" + "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Aug/46" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source":{ - "discovery":"UNKNOWN" + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11056.json b/2018/11xxx/CVE-2018-11056.json index 7db2223da06..0633268efb2 100644 --- a/2018/11xxx/CVE-2018-11056.json +++ b/2018/11xxx/CVE-2018-11056.json @@ -1,109 +1,110 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secure@dell.com", - "ID":"CVE-2018-11056", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "ID": "CVE-2018-11056", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"BSAFE Micro Edition Suite", - "version":{ - "version_data":[ + "product_name": "BSAFE Micro Edition Suite", + "version": { + "version_data": [ { - "affected":"<", - "version_value":"4.1.6.1" + "affected": "<", + "version_value": "4.1.6.1" } ] } } ] }, - "vendor_name":"RSA" + "vendor_name": "RSA" }, { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"BSAFE Crypto-C Micro Edition", - "version":{ - "version_data":[ + "product_name": "BSAFE Crypto-C Micro Edition", + "version": { + "version_data": [ { - "affected":"<", - "version_value":"4.0.5.3" + "affected": "<", + "version_value": "4.0.5.3" } ] } } ] }, - "vendor_name":"RSA" + "vendor_name": "RSA" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service." + "lang": "eng", + "value": "RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service." } ] }, - "impact":{ - "cvss":{ - "attackComplexity":"LOW", - "attackVector":"NETWORK", - "availabilityImpact":"HIGH", - "baseScore":6.5, - "baseSeverity":"MEDIUM", - "confidentialityImpact":"NONE", - "integrityImpact":"NONE", - "privilegesRequired":"NONE", - "scope":"UNCHANGED", - "userInteraction":"REQUIRED", - "vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "version":"3.0" + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version": "3.0" } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability " + "lang": "eng", + "value": "Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability " } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", - "refsource":"FULLDISC", - "url":"http://seclists.org/fulldisclosure/2018/Aug/46" + "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Aug/46" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source":{ - "discovery":"UNKNOWN" + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11057.json b/2018/11xxx/CVE-2018-11057.json index 2c4d63f9e79..29bd9ad4643 100644 --- a/2018/11xxx/CVE-2018-11057.json +++ b/2018/11xxx/CVE-2018-11057.json @@ -1,95 +1,96 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secure@dell.com", - "ID":"CVE-2018-11057", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "ID": "CVE-2018-11057", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"BSAFE Micro Edition Suite", - "version":{ - "version_data":[ + "product_name": "BSAFE Micro Edition Suite", + "version": { + "version_data": [ { - "affected":"<", - "version_value":"4.0.11" + "affected": "<", + "version_value": "4.0.11" }, { - "affected":"<", - "version_value":"4.1.6.1" + "affected": "<", + "version_value": "4.1.6.1" } ] } } ] }, - "vendor_name":"RSA" + "vendor_name": "RSA" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key." + "lang": "eng", + "value": "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key." } ] }, - "impact":{ - "cvss":{ - "attackComplexity":"HIGH", - "attackVector":"NETWORK", - "availabilityImpact":"NONE", - "baseScore":5.9, - "baseSeverity":"MEDIUM", - "confidentialityImpact":"HIGH", - "integrityImpact":"NONE", - "privilegesRequired":"NONE", - "scope":"UNCHANGED", - "userInteraction":"NONE", - "vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "version":"3.0" + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Covert Timing Channel vulnerability" + "lang": "eng", + "value": "Covert Timing Channel vulnerability" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", - "refsource":"FULLDISC", - "url":"http://seclists.org/fulldisclosure/2018/Aug/46" + "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Aug/46" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source":{ - "discovery":"UNKNOWN" + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11058.json b/2018/11xxx/CVE-2018-11058.json index 56f787a0ac2..c3ce5cfc58b 100644 --- a/2018/11xxx/CVE-2018-11058.json +++ b/2018/11xxx/CVE-2018-11058.json @@ -1,111 +1,112 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secure@dell.com", - "ID":"CVE-2018-11058", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "ID": "CVE-2018-11058", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"BSAFE Micro Edition Suite", - "version":{ - "version_data":[ + "product_name": "BSAFE Micro Edition Suite", + "version": { + "version_data": [ { - "affected":"<", - "version_value":"4.0.11" + "affected": "<", + "version_value": "4.0.11" }, { - "affected":"<", - "version_value":"4.1.6.1" + "affected": "<", + "version_value": "4.1.6.1" } ] } }, { - "product_name":"BSAFE Crypto-C Micro Edition", - "version":{ - "version_data":[ + "product_name": "BSAFE Crypto-C Micro Edition", + "version": { + "version_data": [ { - "affected":"<", - "version_value":"4.0.5.3" + "affected": "<", + "version_value": "4.0.5.3" } ] } } ] }, - "vendor_name":"RSA" + "vendor_name": "RSA" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue." + "lang": "eng", + "value": "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue." } ] }, - "impact":{ - "cvss":{ - "attackComplexity":"LOW", - "attackVector":"NETWORK", - "availabilityImpact":"HIGH", - "baseScore":7.5, - "baseSeverity":"HIGH", - "confidentialityImpact":"NONE", - "integrityImpact":"NONE", - "privilegesRequired":"NONE", - "scope":"UNCHANGED", - "userInteraction":"NONE", - "vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version":"3.0" + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Buffer Over-Read vulnerability" + "lang": "eng", + "value": "Buffer Over-Read vulnerability" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", - "refsource":"FULLDISC", - "url":"http://seclists.org/fulldisclosure/2018/Aug/46" + "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Aug/46" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource":"BID", - "name":"108106", - "url":"http://www.securityfocus.com/bid/108106" + "refsource": "BID", + "name": "108106", + "url": "http://www.securityfocus.com/bid/108106" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source":{ - "discovery":"UNKNOWN" + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11307.json b/2018/11xxx/CVE-2018-11307.json index 5cfbd3ed8b5..2231a8e5b7f 100644 --- a/2018/11xxx/CVE-2018-11307.json +++ b/2018/11xxx/CVE-2018-11307.json @@ -1,150 +1,151 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2018-11307", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11307", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6." + "lang": "eng", + "value": "An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", - "refsource":"MISC", - "name":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" + "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "refsource": "MISC", + "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { - "url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7525", - "refsource":"MISC", - "name":"https://nvd.nist.gov/vuln/detail/CVE-2017-7525" + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525", + "refsource": "MISC", + "name": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525" }, { - "refsource":"CONFIRM", - "name":"https://access.redhat.com/errata/RHSA-2019:0782", - "url":"https://access.redhat.com/errata/RHSA-2019:0782" + "refsource": "CONFIRM", + "name": "https://access.redhat.com/errata/RHSA-2019:0782", + "url": "https://access.redhat.com/errata/RHSA-2019:0782" }, { - "refsource":"MISC", - "name":"https://github.com/FasterXML/jackson-databind/issues/2032", - "url":"https://github.com/FasterXML/jackson-databind/issues/2032" + "refsource": "MISC", + "name": "https://github.com/FasterXML/jackson-databind/issues/2032", + "url": "https://github.com/FasterXML/jackson-databind/issues/2032" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1822", - "url":"https://access.redhat.com/errata/RHSA-2019:1822" + "refsource": "REDHAT", + "name": "RHSA-2019:1822", + "url": "https://access.redhat.com/errata/RHSA-2019:1822" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1823", - "url":"https://access.redhat.com/errata/RHSA-2019:1823" + "refsource": "REDHAT", + "name": "RHSA-2019:1823", + "url": "https://access.redhat.com/errata/RHSA-2019:1823" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2804", - "url":"https://access.redhat.com/errata/RHSA-2019:2804" + "refsource": "REDHAT", + "name": "RHSA-2019:2804", + "url": "https://access.redhat.com/errata/RHSA-2019:2804" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2858", - "url":"https://access.redhat.com/errata/RHSA-2019:2858" + "refsource": "REDHAT", + "name": "RHSA-2019:2858", + "url": "https://access.redhat.com/errata/RHSA-2019:2858" }, { - "refsource":"MLIST", - "name":"[lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0", - "url":"https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E" + "refsource": "MLIST", + "name": "[lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0", + "url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3002", - "url":"https://access.redhat.com/errata/RHSA-2019:3002" + "refsource": "REDHAT", + "name": "RHSA-2019:3002", + "url": "https://access.redhat.com/errata/RHSA-2019:3002" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3140", - "url":"https://access.redhat.com/errata/RHSA-2019:3140" + "refsource": "REDHAT", + "name": "RHSA-2019:3140", + "url": "https://access.redhat.com/errata/RHSA-2019:3140" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3149", - "url":"https://access.redhat.com/errata/RHSA-2019:3149" + "refsource": "REDHAT", + "name": "RHSA-2019:3149", + "url": "https://access.redhat.com/errata/RHSA-2019:3149" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3892", - "url":"https://access.redhat.com/errata/RHSA-2019:3892" + "refsource": "REDHAT", + "name": "RHSA-2019:3892", + "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:4037", - "url":"https://access.redhat.com/errata/RHSA-2019:4037" + "refsource": "REDHAT", + "name": "RHSA-2019:4037", + "url": "https://access.redhat.com/errata/RHSA-2019:4037" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/11xxx/CVE-2018-11759.json b/2018/11xxx/CVE-2018-11759.json index fd99ec76aa5..24df94e804f 100644 --- a/2018/11xxx/CVE-2018-11759.json +++ b/2018/11xxx/CVE-2018-11759.json @@ -1,110 +1,111 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"security@apache.org", - "ID":"CVE-2018-11759", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2018-11759", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"Apache Tomcat Connectors", - "version":{ - "version_data":[ + "product_name": "Apache Tomcat Connectors", + "version": { + "version_data": [ { - "version_value":"Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44" + "version_value": "Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44" } ] } } ] }, - "vendor_name":"Apache Software Foundation" + "vendor_name": "Apache Software Foundation" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical." + "lang": "eng", + "value": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Information Disclosure" + "lang": "eng", + "value": "Information Disclosure" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"DSA-4357", - "refsource":"DEBIAN", - "url":"https://www.debian.org/security/2018/dsa-4357" + "name": "DSA-4357", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4357" }, { - "name":"RHSA-2019:0367", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2019:0367" + "name": "RHSA-2019:0367", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { - "name":"105888", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/105888" + "name": "105888", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105888" }, { - "name":"https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E", - "refsource":"MISC", - "url":"https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E" + "name": "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E", + "refsource": "MISC", + "url": "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E" }, { - "name":"[debian-lts-announce] 20181217 [SECURITY] [DLA 1609-1] libapache-mod-jk security update", - "refsource":"MLIST", - "url":"https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html" + "name": "[debian-lts-announce] 20181217 [SECURITY] [DLA 1609-1] libapache-mod-jk security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html" }, { - "name":"RHSA-2019:0366", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2019:0366" + "name": "RHSA-2019:0366", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url":"https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", - "url":"https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url":"https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url":"https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/11xxx/CVE-2018-11784.json b/2018/11xxx/CVE-2018-11784.json index b0efcc5a6bb..54f1c2786ec 100644 --- a/2018/11xxx/CVE-2018-11784.json +++ b/2018/11xxx/CVE-2018-11784.json @@ -1,222 +1,223 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"security@apache.org", - "DATE_PUBLIC":"2018-10-03T00:00:00", - "ID":"CVE-2018-11784", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-10-03T00:00:00", + "ID": "CVE-2018-11784", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"Apache Tomcat", - "version":{ - "version_data":[ + "product_name": "Apache Tomcat", + "version": { + "version_data": [ { - "version_value":"9.0.0.M1 to 9.0.11" + "version_value": "9.0.0.M1 to 9.0.11" }, { - "version_value":"8.5.0 to 8.5.33" + "version_value": "8.5.0 to 8.5.33" }, { - "version_value":"7.0.23 to 7.0.90" + "version_value": "7.0.23 to 7.0.90" } ] } } ] }, - "vendor_name":"Apache Software Foundation" + "vendor_name": "Apache Software Foundation" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice." + "lang": "eng", + "value": "When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Open Redirect" + "lang": "eng", + "value": "Open Redirect" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource":"CONFIRM", - "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name":"[announce] 20181003 [SECURITY] CVE-2018-11784 Apache Tomcat - Open Redirect", - "refsource":"MLIST", - "url":"https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E" + "name": "[announce] 20181003 [SECURITY] CVE-2018-11784 Apache Tomcat - Open Redirect", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E" }, { - "name":"https://security.netapp.com/advisory/ntap-20181014-0002/", - "refsource":"CONFIRM", - "url":"https://security.netapp.com/advisory/ntap-20181014-0002/" + "name": "https://security.netapp.com/advisory/ntap-20181014-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181014-0002/" }, { - "name":"105524", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/105524" + "name": "105524", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105524" }, { - "name":"RHSA-2019:0131", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2019:0131" + "name": "RHSA-2019:0131", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0131" }, { - "name":"RHSA-2019:0485", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2019:0485" + "name": "RHSA-2019:0485", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0485" }, { - "name":"RHSA-2019:0130", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2019:0130" + "name": "RHSA-2019:0130", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0130" }, { - "name":"[debian-lts-announce] 20181014 [SECURITY] [DLA 1544-1] tomcat7 security update", - "refsource":"MLIST", - "url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html" + "name": "[debian-lts-announce] 20181014 [SECURITY] [DLA 1544-1] tomcat7 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html" }, { - "name":"USN-3787-1", - "refsource":"UBUNTU", - "url":"https://usn.ubuntu.com/3787-1/" + "name": "USN-3787-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3787-1/" }, { - "name":"[debian-lts-announce] 20181015 [SECURITY] [DLA 1545-1] tomcat8 security update", - "refsource":"MLIST", - "url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html" + "name": "[debian-lts-announce] 20181015 [SECURITY] [DLA 1545-1] tomcat8 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", - "url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", - "url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", - "url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"FEDORA", - "name":"FEDORA-2018-b18f9dd65b", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP/" + "refsource": "FEDORA", + "name": "FEDORA-2018-b18f9dd65b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP/" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1547", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1547", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1529", - "url":"https://access.redhat.com/errata/RHSA-2019:1529" + "refsource": "REDHAT", + "name": "RHSA-2019:1529", + "url": "https://access.redhat.com/errata/RHSA-2019:1529" }, { - "refsource":"CONFIRM", - "name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10284", - "url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10284" + "refsource": "CONFIRM", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10284", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10284" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1814", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1814", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"DEBIAN", - "name":"DSA-4596", - "url":"https://www.debian.org/security/2019/dsa-4596" + "refsource": "DEBIAN", + "name": "DSA-4596", + "url": "https://www.debian.org/security/2019/dsa-4596" }, { - "refsource":"BUGTRAQ", - "name":"20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", - "url":"https://seclists.org/bugtraq/2019/Dec/43" + "refsource": "BUGTRAQ", + "name": "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", + "url": "https://seclists.org/bugtraq/2019/Dec/43" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/14xxx/CVE-2018-14718.json b/2018/14xxx/CVE-2018-14718.json index f657552ee75..4e2c0f209e5 100644 --- a/2018/14xxx/CVE-2018-14718.json +++ b/2018/14xxx/CVE-2018-14718.json @@ -1,215 +1,216 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2018-14718", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14718", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization." + "lang": "eng", + "value": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", - "refsource":"CONFIRM", - "url":"https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44" + "name": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", + "refsource": "CONFIRM", + "url": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44" }, { - "name":"https://github.com/FasterXML/jackson-databind/issues/2097", - "refsource":"CONFIRM", - "url":"https://github.com/FasterXML/jackson-databind/issues/2097" + "name": "https://github.com/FasterXML/jackson-databind/issues/2097", + "refsource": "CONFIRM", + "url": "https://github.com/FasterXML/jackson-databind/issues/2097" }, { - "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource":"CONFIRM", - "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", - "refsource":"CONFIRM", - "url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7" + "name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", + "refsource": "CONFIRM", + "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7" }, { - "name":"[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", - "refsource":"MLIST", - "url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html" + "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html" }, { - "refsource":"MLIST", - "name":"[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", - "url":"https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E" + "refsource": "MLIST", + "name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", + "url": "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", - "url":"https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E" + "refsource": "MLIST", + "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", + "url": "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource":"MLIST", - "name":"[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", - "url":"https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df@%3Cdev.lucene.apache.org%3E" + "refsource": "MLIST", + "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", + "url": "https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df@%3Cdev.lucene.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:0782", - "url":"https://access.redhat.com/errata/RHSA-2019:0782" + "refsource": "REDHAT", + "name": "RHSA-2019:0782", + "url": "https://access.redhat.com/errata/RHSA-2019:0782" }, { - "refsource":"BID", - "name":"106601", - "url":"http://www.securityfocus.com/bid/106601" + "refsource": "BID", + "name": "106601", + "url": "http://www.securityfocus.com/bid/106601" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:0877", - "url":"https://access.redhat.com/errata/RHSA-2019:0877" + "refsource": "REDHAT", + "name": "RHSA-2019:0877", + "url": "https://access.redhat.com/errata/RHSA-2019:0877" }, { - "refsource":"REDHAT", - "name":"RHBA-2019:0959", - "url":"https://access.redhat.com/errata/RHBA-2019:0959" + "refsource": "REDHAT", + "name": "RHBA-2019:0959", + "url": "https://access.redhat.com/errata/RHBA-2019:0959" }, { - "refsource":"DEBIAN", - "name":"DSA-4452", - "url":"https://www.debian.org/security/2019/dsa-4452" + "refsource": "DEBIAN", + "name": "DSA-4452", + "url": "https://www.debian.org/security/2019/dsa-4452" }, { - "refsource":"BUGTRAQ", - "name":"20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", - "url":"https://seclists.org/bugtraq/2019/May/68" + "refsource": "BUGTRAQ", + "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", + "url": "https://seclists.org/bugtraq/2019/May/68" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190530-0003/", - "url":"https://security.netapp.com/advisory/ntap-20190530-0003/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190530-0003/", + "url": "https://security.netapp.com/advisory/ntap-20190530-0003/" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1782", - "url":"https://access.redhat.com/errata/RHSA-2019:1782" + "refsource": "REDHAT", + "name": "RHSA-2019:1782", + "url": "https://access.redhat.com/errata/RHSA-2019:1782" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1797", - "url":"https://access.redhat.com/errata/RHSA-2019:1797" + "refsource": "REDHAT", + "name": "RHSA-2019:1797", + "url": "https://access.redhat.com/errata/RHSA-2019:1797" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1822", - "url":"https://access.redhat.com/errata/RHSA-2019:1822" + "refsource": "REDHAT", + "name": "RHSA-2019:1822", + "url": "https://access.redhat.com/errata/RHSA-2019:1822" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1823", - "url":"https://access.redhat.com/errata/RHSA-2019:1823" + "refsource": "REDHAT", + "name": "RHSA-2019:1823", + "url": "https://access.redhat.com/errata/RHSA-2019:1823" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2804", - "url":"https://access.redhat.com/errata/RHSA-2019:2804" + "refsource": "REDHAT", + "name": "RHSA-2019:2804", + "url": "https://access.redhat.com/errata/RHSA-2019:2804" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2858", - "url":"https://access.redhat.com/errata/RHSA-2019:2858" + "refsource": "REDHAT", + "name": "RHSA-2019:2858", + "url": "https://access.redhat.com/errata/RHSA-2019:2858" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3002", - "url":"https://access.redhat.com/errata/RHSA-2019:3002" + "refsource": "REDHAT", + "name": "RHSA-2019:3002", + "url": "https://access.redhat.com/errata/RHSA-2019:3002" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3140", - "url":"https://access.redhat.com/errata/RHSA-2019:3140" + "refsource": "REDHAT", + "name": "RHSA-2019:3140", + "url": "https://access.redhat.com/errata/RHSA-2019:3140" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3149", - "url":"https://access.redhat.com/errata/RHSA-2019:3149" + "refsource": "REDHAT", + "name": "RHSA-2019:3149", + "url": "https://access.redhat.com/errata/RHSA-2019:3149" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3892", - "url":"https://access.redhat.com/errata/RHSA-2019:3892" + "refsource": "REDHAT", + "name": "RHSA-2019:3892", + "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:4037", - "url":"https://access.redhat.com/errata/RHSA-2019:4037" + "refsource": "REDHAT", + "name": "RHSA-2019:4037", + "url": "https://access.redhat.com/errata/RHSA-2019:4037" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/15xxx/CVE-2018-15473.json b/2018/15xxx/CVE-2018-15473.json index 3d789ff1c17..16656865fe3 100644 --- a/2018/15xxx/CVE-2018-15473.json +++ b/2018/15xxx/CVE-2018-15473.json @@ -1,140 +1,141 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2018-15473", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15473", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c." + "lang": "eng", + "value": "OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"GLSA-201810-03", - "refsource":"GENTOO", - "url":"https://security.gentoo.org/glsa/201810-03" + "name": "GLSA-201810-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201810-03" }, { - "name":"1041487", - "refsource":"SECTRACK", - "url":"http://www.securitytracker.com/id/1041487" + "name": "1041487", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041487" }, { - "name":"45233", - "refsource":"EXPLOIT-DB", - "url":"https://www.exploit-db.com/exploits/45233/" + "name": "45233", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45233/" }, { - "name":"https://bugs.debian.org/906236", - "refsource":"MISC", - "url":"https://bugs.debian.org/906236" + "name": "https://bugs.debian.org/906236", + "refsource": "MISC", + "url": "https://bugs.debian.org/906236" }, { - "name":"45210", - "refsource":"EXPLOIT-DB", - "url":"https://www.exploit-db.com/exploits/45210/" + "name": "45210", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45210/" }, { - "name":"https://security.netapp.com/advisory/ntap-20181101-0001/", - "refsource":"CONFIRM", - "url":"https://security.netapp.com/advisory/ntap-20181101-0001/" + "name": "https://security.netapp.com/advisory/ntap-20181101-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181101-0001/" }, { - "name":"https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0", - "refsource":"MISC", - "url":"https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0" + "name": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0", + "refsource": "MISC", + "url": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0" }, { - "name":"USN-3809-1", - "refsource":"UBUNTU", - "url":"https://usn.ubuntu.com/3809-1/" + "name": "USN-3809-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3809-1/" }, { - "name":"[debian-lts-announce] 20180821 [SECURITY] [DLA-1474-1] openssh security update", - "refsource":"MLIST", - "url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html" + "name": "[debian-lts-announce] 20180821 [SECURITY] [DLA-1474-1] openssh security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html" }, { - "name":"105140", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/105140" + "name": "105140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105140" }, { - "name":"DSA-4280", - "refsource":"DEBIAN", - "url":"https://www.debian.org/security/2018/dsa-4280" + "name": "DSA-4280", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4280" }, { - "name":"45939", - "refsource":"EXPLOIT-DB", - "url":"https://www.exploit-db.com/exploits/45939/" + "name": "45939", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45939/" }, { - "name":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011", - "refsource":"CONFIRM", - "url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011" + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011" }, { - "name":"http://www.openwall.com/lists/oss-security/2018/08/15/5", - "refsource":"MISC", - "url":"http://www.openwall.com/lists/oss-security/2018/08/15/5" + "name": "http://www.openwall.com/lists/oss-security/2018/08/15/5", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2018/08/15/5" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:0711", - "url":"https://access.redhat.com/errata/RHSA-2019:0711" + "refsource": "REDHAT", + "name": "RHSA-2019:0711", + "url": "https://access.redhat.com/errata/RHSA-2019:0711" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2143", - "url":"https://access.redhat.com/errata/RHSA-2019:2143" + "refsource": "REDHAT", + "name": "RHSA-2019:2143", + "url": "https://access.redhat.com/errata/RHSA-2019:2143" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/15xxx/CVE-2018-15756.json b/2018/15xxx/CVE-2018-15756.json index 3e6552b9738..5fe188fa709 100644 --- a/2018/15xxx/CVE-2018-15756.json +++ b/2018/15xxx/CVE-2018-15756.json @@ -1,164 +1,165 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secure@dell.com", - "DATE_PUBLIC":"2018-10-16T07:00:00.000Z", - "ID":"CVE-2018-15756", - "STATE":"PUBLIC", - "TITLE":"DoS Attack via Range Requests" + "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2018-10-16T07:00:00.000Z", + "ID": "CVE-2018-15756", + "STATE": "PUBLIC", + "TITLE": "DoS Attack via Range Requests" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"Spring framework", - "version":{ - "version_data":[ + "product_name": "Spring framework", + "version": { + "version_data": [ { - "affected":"=", - "version_name":"5.1", - "version_value":"5.1" + "affected": "=", + "version_name": "5.1", + "version_value": "5.1" }, { - "affected":"<=", - "version_name":"5.0.0", - "version_value":"5.0.9" + "affected": "<=", + "version_name": "5.0.0", + "version_value": "5.0.9" }, { - "affected":"<=", - "version_name":"4.3", - "version_value":"4.3.19" + "affected": "<=", + "version_name": "4.3", + "version_value": "4.3.19" } ] } } ] }, - "vendor_name":"Pivotal" + "vendor_name": "Pivotal" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable." + "lang": "eng", + "value": "Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable." } ] }, - "impact":{ - "cvss":{ - "attackComplexity":"LOW", - "attackVector":"NETWORK", - "availabilityImpact":"HIGH", - "baseScore":7.5, - "baseSeverity":"HIGH", - "confidentialityImpact":"NONE", - "integrityImpact":"NONE", - "privilegesRequired":"NONE", - "scope":"UNCHANGED", - "userInteraction":"NONE", - "vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version":"3.0" + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Numeric Range Comparison Without Minimum Check" + "lang": "eng", + "value": "Numeric Range Comparison Without Minimum Check" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"105703", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/105703" + "name": "105703", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105703" }, { - "name":"https://pivotal.io/security/cve-2018-15756", - "refsource":"CONFIRM", - "url":"https://pivotal.io/security/cve-2018-15756" + "name": "https://pivotal.io/security/cve-2018-15756", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2018-15756" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource":"MLIST", - "name":"[activemq-issues] 20190529 [jira] [Created] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url":"https://lists.apache.org/thread.html/a3071e11c6fbd593022074ec1b4693f6d948c2b02cfa4a5d854aed68@%3Cissues.activemq.apache.org%3E" + "refsource": "MLIST", + "name": "[activemq-issues] 20190529 [jira] [Created] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url": "https://lists.apache.org/thread.html/a3071e11c6fbd593022074ec1b4693f6d948c2b02cfa4a5d854aed68@%3Cissues.activemq.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[activemq-issues] 20190529 [jira] [Commented] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url":"https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12@%3Cissues.activemq.apache.org%3E" + "refsource": "MLIST", + "name": "[activemq-issues] 20190529 [jira] [Commented] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url": "https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12@%3Cissues.activemq.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[activemq-issues] 20190529 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url":"https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd@%3Cissues.activemq.apache.org%3E" + "refsource": "MLIST", + "name": "[activemq-issues] 20190529 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url": "https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd@%3Cissues.activemq.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[activemq-issues] 20190626 [jira] [Assigned] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url":"https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d@%3Cissues.activemq.apache.org%3E" + "refsource": "MLIST", + "name": "[activemq-issues] 20190626 [jira] [Assigned] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url": "https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d@%3Cissues.activemq.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[activemq-issues] 20190626 [jira] [Work logged] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url":"https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3@%3Cissues.activemq.apache.org%3E" + "refsource": "MLIST", + "name": "[activemq-issues] 20190626 [jira] [Work logged] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url": "https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3@%3Cissues.activemq.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[activemq-issues] 20190716 [jira] [Commented] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url":"https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228@%3Cissues.activemq.apache.org%3E" + "refsource": "MLIST", + "name": "[activemq-issues] 20190716 [jira] [Commented] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url": "https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228@%3Cissues.activemq.apache.org%3E" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource":"MLIST", - "name":"[activemq-issues] 20190826 [jira] [Reopened] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url":"https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd@%3Cissues.activemq.apache.org%3E" + "refsource": "MLIST", + "name": "[activemq-issues] 20190826 [jira] [Reopened] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url": "https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd@%3Cissues.activemq.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[activemq-issues] 20190826 [jira] [Closed] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url":"https://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d@%3Cissues.activemq.apache.org%3E" + "refsource": "MLIST", + "name": "[activemq-issues] 20190826 [jira] [Closed] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url": "https://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d@%3Cissues.activemq.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[activemq-issues] 20190826 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url":"https://lists.apache.org/thread.html/f8905507a2c94af6b08b72d7be0c4b8c6660e585f00abfafeccc86bc@%3Cissues.activemq.apache.org%3E" + "refsource": "MLIST", + "name": "[activemq-issues] 20190826 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url": "https://lists.apache.org/thread.html/f8905507a2c94af6b08b72d7be0c4b8c6660e585f00abfafeccc86bc@%3Cissues.activemq.apache.org%3E" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source":{ - "discovery":"UNKNOWN" + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15769.json b/2018/15xxx/CVE-2018-15769.json index d3dd7290917..f980f4c70be 100644 --- a/2018/15xxx/CVE-2018-15769.json +++ b/2018/15xxx/CVE-2018-15769.json @@ -1,80 +1,81 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secure@dell.com", - "ID":"CVE-2018-15769", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "ID": "CVE-2018-15769", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used." + "lang": "eng", + "value": "RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"105929", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/105929" + "name": "105929", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105929" }, { - "name":"20181112 DSA-2018-198: RSA BSAFE Micro Edition Suite Key Management Error Vulnerability", - "refsource":"FULLDISC", - "url":"https://seclists.org/fulldisclosure/2018/Nov/37" + "name": "20181112 DSA-2018-198: RSA BSAFE Micro Edition Suite Key Management Error Vulnerability", + "refsource": "FULLDISC", + "url": "https://seclists.org/fulldisclosure/2018/Nov/37" }, { - "name":"1042057", - "refsource":"SECTRACK", - "url":"http://www.securitytracker.com/id/1042057" + "name": "1042057", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042057" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/16xxx/CVE-2018-16395.json b/2018/16xxx/CVE-2018-16395.json index e813c12b16f..cc261a42daa 100644 --- a/2018/16xxx/CVE-2018-16395.json +++ b/2018/16xxx/CVE-2018-16395.json @@ -1,150 +1,151 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2018-16395", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16395", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations." + "lang": "eng", + "value": "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/", - "refsource":"CONFIRM", - "url":"https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/" + "name": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/", + "refsource": "CONFIRM", + "url": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/" }, { - "name":"RHSA-2018:3738", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:3738" + "name": "RHSA-2018:3738", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3738" }, { - "name":"https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/", - "refsource":"CONFIRM", - "url":"https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/" + "name": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/", + "refsource": "CONFIRM", + "url": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/" }, { - "name":"RHSA-2018:3729", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:3729" + "name": "RHSA-2018:3729", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3729" }, { - "name":"https://hackerone.com/reports/387250", - "refsource":"MISC", - "url":"https://hackerone.com/reports/387250" + "name": "https://hackerone.com/reports/387250", + "refsource": "MISC", + "url": "https://hackerone.com/reports/387250" }, { - "name":"RHSA-2018:3730", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:3730" + "name": "RHSA-2018:3730", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3730" }, { - "name":"RHSA-2018:3731", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:3731" + "name": "RHSA-2018:3731", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3731" }, { - "name":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/", - "refsource":"CONFIRM", - "url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/" + "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/", + "refsource": "CONFIRM", + "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/" }, { - "name":"DSA-4332", - "refsource":"DEBIAN", - "url":"https://www.debian.org/security/2018/dsa-4332" + "name": "DSA-4332", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4332" }, { - "name":"USN-3808-1", - "refsource":"UBUNTU", - "url":"https://usn.ubuntu.com/3808-1/" + "name": "USN-3808-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3808-1/" }, { - "name":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/", - "refsource":"CONFIRM", - "url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/" + "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/", + "refsource": "CONFIRM", + "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/" }, { - "name":"https://security.netapp.com/advisory/ntap-20190221-0002/", - "refsource":"CONFIRM", - "url":"https://security.netapp.com/advisory/ntap-20190221-0002/" + "name": "https://security.netapp.com/advisory/ntap-20190221-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190221-0002/" }, { - "name":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/", - "refsource":"CONFIRM", - "url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/" + "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/", + "refsource": "CONFIRM", + "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/" }, { - "name":"[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update", - "refsource":"MLIST", - "url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html" + "name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html" }, { - "name":"1042105", - "refsource":"SECTRACK", - "url":"http://www.securitytracker.com/id/1042105" + "name": "1042105", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042105" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1771", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1771", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1948", - "url":"https://access.redhat.com/errata/RHSA-2019:1948" + "refsource": "REDHAT", + "name": "RHSA-2019:1948", + "url": "https://access.redhat.com/errata/RHSA-2019:1948" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2565", - "url":"https://access.redhat.com/errata/RHSA-2019:2565" + "refsource": "REDHAT", + "name": "RHSA-2019:2565", + "url": "https://access.redhat.com/errata/RHSA-2019:2565" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/17xxx/CVE-2018-17189.json b/2018/17xxx/CVE-2018-17189.json index 1d47db46c73..0ef3d1eec8a 100644 --- a/2018/17xxx/CVE-2018-17189.json +++ b/2018/17xxx/CVE-2018-17189.json @@ -1,156 +1,157 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"security@apache.org", - "DATE_PUBLIC":"2019-01-22T00:00:00", - "ID":"CVE-2018-17189", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2019-01-22T00:00:00", + "ID": "CVE-2018-17189", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"Apache HTTP Server", - "version":{ - "version_data":[ + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ { - "version_value":"2.4.17 to 2.4.37" + "version_value": "2.4.17 to 2.4.37" } ] } } ] }, - "vendor_name":"Apache Software Foundation" + "vendor_name": "Apache Software Foundation" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections." + "lang": "eng", + "value": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"mod_http2, DoS via slow request bodies" + "lang": "eng", + "value": "mod_http2, DoS via slow request bodies" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://httpd.apache.org/security/vulnerabilities_24.html", - "refsource":"CONFIRM", - "url":"https://httpd.apache.org/security/vulnerabilities_24.html" + "name": "https://httpd.apache.org/security/vulnerabilities_24.html", + "refsource": "CONFIRM", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { - "name":"106685", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/106685" + "name": "106685", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106685" }, { - "name":"https://security.netapp.com/advisory/ntap-20190125-0001/", - "refsource":"CONFIRM", - "url":"https://security.netapp.com/advisory/ntap-20190125-0001/" + "name": "https://security.netapp.com/advisory/ntap-20190125-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190125-0001/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-0300c36537", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/" + "refsource": "FEDORA", + "name": "FEDORA-2019-0300c36537", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-133a8a7cb5", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/" + "refsource": "FEDORA", + "name": "FEDORA-2019-133a8a7cb5", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/" }, { - "refsource":"GENTOO", - "name":"GLSA-201903-21", - "url":"https://security.gentoo.org/glsa/201903-21" + "refsource": "GENTOO", + "name": "GLSA-201903-21", + "url": "https://security.gentoo.org/glsa/201903-21" }, { - "refsource":"BUGTRAQ", - "name":"20190403 [SECURITY] [DSA 4422-1] apache2 security update", - "url":"https://seclists.org/bugtraq/2019/Apr/5" + "refsource": "BUGTRAQ", + "name": "20190403 [SECURITY] [DSA 4422-1] apache2 security update", + "url": "https://seclists.org/bugtraq/2019/Apr/5" }, { - "refsource":"UBUNTU", - "name":"USN-3937-1", - "url":"https://usn.ubuntu.com/3937-1/" + "refsource": "UBUNTU", + "name": "USN-3937-1", + "url": "https://usn.ubuntu.com/3937-1/" }, { - "refsource":"DEBIAN", - "name":"DSA-4422", - "url":"https://www.debian.org/security/2019/dsa-4422" + "refsource": "DEBIAN", + "name": "DSA-4422", + "url": "https://www.debian.org/security/2019/dsa-4422" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource":"MLIST", - "name":"[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", - "url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" + "refsource": "MLIST", + "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", + "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", - "url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" + "refsource": "MLIST", + "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", + "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" }, { - "refsource":"CONFIRM", - "name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", - "url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us" + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3933", - "url":"https://access.redhat.com/errata/RHSA-2019:3933" + "refsource": "REDHAT", + "name": "RHSA-2019:3933", + "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3935", - "url":"https://access.redhat.com/errata/RHSA-2019:3935" + "refsource": "REDHAT", + "name": "RHSA-2019:3935", + "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3932", - "url":"https://access.redhat.com/errata/RHSA-2019:3932" + "refsource": "REDHAT", + "name": "RHSA-2019:3932", + "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:4126", - "url":"https://access.redhat.com/errata/RHSA-2019:4126" + "refsource": "REDHAT", + "name": "RHSA-2019:4126", + "url": "https://access.redhat.com/errata/RHSA-2019:4126" }, { - "refsource":"CONFIRM", - "name":"https://www.tenable.com/security/tns-2019-09", - "url":"https://www.tenable.com/security/tns-2019-09" + "refsource": "CONFIRM", + "name": "https://www.tenable.com/security/tns-2019-09", + "url": "https://www.tenable.com/security/tns-2019-09" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/19xxx/CVE-2018-19362.json b/2018/19xxx/CVE-2018-19362.json index c65d8dd4c6c..24955c18cf6 100644 --- a/2018/19xxx/CVE-2018-19362.json +++ b/2018/19xxx/CVE-2018-19362.json @@ -1,225 +1,226 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2018-19362", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19362", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization." + "lang": "eng", + "value": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://github.com/FasterXML/jackson-databind/issues/2186", - "refsource":"CONFIRM", - "url":"https://github.com/FasterXML/jackson-databind/issues/2186" + "name": "https://github.com/FasterXML/jackson-databind/issues/2186", + "refsource": "CONFIRM", + "url": "https://github.com/FasterXML/jackson-databind/issues/2186" }, { - "name":"[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", - "refsource":"MLIST", - "url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html" + "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html" }, { - "name":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8", - "refsource":"CONFIRM", - "url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8" + "name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8", + "refsource": "CONFIRM", + "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8" }, { - "name":"https://issues.apache.org/jira/browse/TINKERPOP-2121", - "refsource":"CONFIRM", - "url":"https://issues.apache.org/jira/browse/TINKERPOP-2121" + "name": "https://issues.apache.org/jira/browse/TINKERPOP-2121", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/TINKERPOP-2121" }, { - "name":"https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b", - "refsource":"CONFIRM", - "url":"https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b" + "name": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b", + "refsource": "CONFIRM", + "url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b" }, { - "refsource":"MLIST", - "name":"[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities", - "url":"https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E" + "refsource": "MLIST", + "name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities", + "url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities", - "url":"https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E" + "refsource": "MLIST", + "name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities", + "url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", - "url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E" + "refsource": "MLIST", + "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", + "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:0782", - "url":"https://access.redhat.com/errata/RHSA-2019:0782" + "refsource": "REDHAT", + "name": "RHSA-2019:0782", + "url": "https://access.redhat.com/errata/RHSA-2019:0782" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:0877", - "url":"https://access.redhat.com/errata/RHSA-2019:0877" + "refsource": "REDHAT", + "name": "RHSA-2019:0877", + "url": "https://access.redhat.com/errata/RHSA-2019:0877" }, { - "refsource":"REDHAT", - "name":"RHBA-2019:0959", - "url":"https://access.redhat.com/errata/RHBA-2019:0959" + "refsource": "REDHAT", + "name": "RHBA-2019:0959", + "url": "https://access.redhat.com/errata/RHBA-2019:0959" }, { - "refsource":"DEBIAN", - "name":"DSA-4452", - "url":"https://www.debian.org/security/2019/dsa-4452" + "refsource": "DEBIAN", + "name": "DSA-4452", + "url": "https://www.debian.org/security/2019/dsa-4452" }, { - "refsource":"BUGTRAQ", - "name":"20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", - "url":"https://seclists.org/bugtraq/2019/May/68" + "refsource": "BUGTRAQ", + "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", + "url": "https://seclists.org/bugtraq/2019/May/68" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190530-0003/", - "url":"https://security.netapp.com/advisory/ntap-20190530-0003/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190530-0003/", + "url": "https://security.netapp.com/advisory/ntap-20190530-0003/" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1782", - "url":"https://access.redhat.com/errata/RHSA-2019:1782" + "refsource": "REDHAT", + "name": "RHSA-2019:1782", + "url": "https://access.redhat.com/errata/RHSA-2019:1782" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1797", - "url":"https://access.redhat.com/errata/RHSA-2019:1797" + "refsource": "REDHAT", + "name": "RHSA-2019:1797", + "url": "https://access.redhat.com/errata/RHSA-2019:1797" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource":"BID", - "name":"107985", - "url":"http://www.securityfocus.com/bid/107985" + "refsource": "BID", + "name": "107985", + "url": "http://www.securityfocus.com/bid/107985" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1822", - "url":"https://access.redhat.com/errata/RHSA-2019:1822" + "refsource": "REDHAT", + "name": "RHSA-2019:1822", + "url": "https://access.redhat.com/errata/RHSA-2019:1822" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1823", - "url":"https://access.redhat.com/errata/RHSA-2019:1823" + "refsource": "REDHAT", + "name": "RHSA-2019:1823", + "url": "https://access.redhat.com/errata/RHSA-2019:1823" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2804", - "url":"https://access.redhat.com/errata/RHSA-2019:2804" + "refsource": "REDHAT", + "name": "RHSA-2019:2804", + "url": "https://access.redhat.com/errata/RHSA-2019:2804" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2858", - "url":"https://access.redhat.com/errata/RHSA-2019:2858" + "refsource": "REDHAT", + "name": "RHSA-2019:2858", + "url": "https://access.redhat.com/errata/RHSA-2019:2858" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3002", - "url":"https://access.redhat.com/errata/RHSA-2019:3002" + "refsource": "REDHAT", + "name": "RHSA-2019:3002", + "url": "https://access.redhat.com/errata/RHSA-2019:3002" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3140", - "url":"https://access.redhat.com/errata/RHSA-2019:3140" + "refsource": "REDHAT", + "name": "RHSA-2019:3140", + "url": "https://access.redhat.com/errata/RHSA-2019:3140" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3149", - "url":"https://access.redhat.com/errata/RHSA-2019:3149" + "refsource": "REDHAT", + "name": "RHSA-2019:3149", + "url": "https://access.redhat.com/errata/RHSA-2019:3149" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource": "MLIST", + "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3892", - "url":"https://access.redhat.com/errata/RHSA-2019:3892" + "refsource": "REDHAT", + "name": "RHSA-2019:3892", + "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:4037", - "url":"https://access.redhat.com/errata/RHSA-2019:4037" + "refsource": "REDHAT", + "name": "RHSA-2019:4037", + "url": "https://access.redhat.com/errata/RHSA-2019:4037" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/1xxx/CVE-2018-1060.json b/2018/1xxx/CVE-2018-1060.json index 44371dc3160..48f7d2450c3 100644 --- a/2018/1xxx/CVE-2018-1060.json +++ b/2018/1xxx/CVE-2018-1060.json @@ -1,179 +1,180 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert@redhat.com", - "ID":"CVE-2018-1060", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-1060", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"python", - "version":{ - "version_data":[ + "product_name": "python", + "version": { + "version_data": [ { - "version_value":"python 2.7.15" + "version_value": "python 2.7.15" }, { - "version_value":"python 3.4.9" + "version_value": "python 3.4.9" }, { - "version_value":"python 3.5.6" + "version_value": "python 3.5.6" }, { - "version_value":"python 3.7.0" + "version_value": "python 3.7.0" } ] } } ] }, - "vendor_name":"[UNKNOWN]" + "vendor_name": "[UNKNOWN]" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service." + "lang": "eng", + "value": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service." } ] }, - "impact":{ - "cvss":[ + "impact": { + "cvss": [ [ { - "vectorString":"4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "version":"3.0" + "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version": "3.0" } ] ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"CWE-20" + "lang": "eng", + "value": "CWE-20" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"DSA-4306", - "refsource":"DEBIAN", - "url":"https://www.debian.org/security/2018/dsa-4306" + "name": "DSA-4306", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4306" }, { - "name":"1042001", - "refsource":"SECTRACK", - "url":"http://www.securitytracker.com/id/1042001" + "name": "1042001", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042001" }, { - "name":"[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update", - "refsource":"MLIST", - "url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html" + "name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html" }, { - "name":"https://bugs.python.org/issue32981", - "refsource":"CONFIRM", - "url":"https://bugs.python.org/issue32981" + "name": "https://bugs.python.org/issue32981", + "refsource": "CONFIRM", + "url": "https://bugs.python.org/issue32981" }, { - "name":"USN-3817-2", - "refsource":"UBUNTU", - "url":"https://usn.ubuntu.com/3817-2/" + "name": "USN-3817-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3817-2/" }, { - "name":"https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", - "refsource":"CONFIRM", - "url":"https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1" + "name": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", + "refsource": "CONFIRM", + "url": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1" }, { - "name":"https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", - "refsource":"CONFIRM", - "url":"https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1" + "name": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", + "refsource": "CONFIRM", + "url": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1" }, { - "name":"RHSA-2018:3505", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:3505" + "name": "RHSA-2018:3505", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3505" }, { - "name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060", - "refsource":"CONFIRM", - "url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060" }, { - "name":"RHSA-2018:3041", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:3041" + "name": "RHSA-2018:3041", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3041" }, { - "name":"DSA-4307", - "refsource":"DEBIAN", - "url":"https://www.debian.org/security/2018/dsa-4307" + "name": "DSA-4307", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4307" }, { - "name":"USN-3817-1", - "refsource":"UBUNTU", - "url":"https://usn.ubuntu.com/3817-1/" + "name": "USN-3817-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3817-1/" }, { - "name":"[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update", - "refsource":"MLIST", - "url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html" + "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-6e1938a3c5", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/" + "refsource": "FEDORA", + "name": "FEDORA-2019-6e1938a3c5", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-cf725dd20b", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/" + "refsource": "FEDORA", + "name": "FEDORA-2019-cf725dd20b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-51f1e08207", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/" + "refsource": "FEDORA", + "name": "FEDORA-2019-51f1e08207", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/" }, { - "refsource":"REDHAT", - "name":"RHBA-2019:0327", - "url":"https://access.redhat.com/errata/RHBA-2019:0327" + "refsource": "REDHAT", + "name": "RHBA-2019:0327", + "url": "https://access.redhat.com/errata/RHBA-2019:0327" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1260", - "url":"https://access.redhat.com/errata/RHSA-2019:1260" + "refsource": "REDHAT", + "name": "RHSA-2019:1260", + "url": "https://access.redhat.com/errata/RHSA-2019:1260" }, { - "refsource":"CONFIRM", - "name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us", - "url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us" + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3725", - "url":"https://access.redhat.com/errata/RHSA-2019:3725" + "refsource": "REDHAT", + "name": "RHSA-2019:3725", + "url": "https://access.redhat.com/errata/RHSA-2019:3725" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/1xxx/CVE-2018-1257.json b/2018/1xxx/CVE-2018-1257.json index 0a8ff049f00..ae52e2a6422 100644 --- a/2018/1xxx/CVE-2018-1257.json +++ b/2018/1xxx/CVE-2018-1257.json @@ -1,101 +1,102 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secure@dell.com", - "DATE_PUBLIC":"2018-05-09T00:00:00", - "ID":"CVE-2018-1257", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2018-05-09T00:00:00", + "ID": "CVE-2018-1257", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"Spring Framework", - "version":{ - "version_data":[ + "product_name": "Spring Framework", + "version": { + "version_data": [ { - "version_value":"5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17" + "version_value": "5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17" } ] } } ] }, - "vendor_name":"Pivotal" + "vendor_name": "Pivotal" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack." + "lang": "eng", + "value": "Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"ReDoS" + "lang": "eng", + "value": "ReDoS" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource":"CONFIRM", - "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name":"104260", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/104260" + "name": "104260", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104260" }, { - "name":"RHSA-2018:1809", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:1809" + "name": "RHSA-2018:1809", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1809" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name":"https://pivotal.io/security/cve-2018-1257", - "refsource":"CONFIRM", - "url":"https://pivotal.io/security/cve-2018-1257" + "name": "https://pivotal.io/security/cve-2018-1257", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2018-1257" }, { - "name":"RHSA-2018:3768", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:3768" + "name": "RHSA-2018:3768", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3768" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/1xxx/CVE-2018-1258.json b/2018/1xxx/CVE-2018-1258.json index 9004ab64f6d..a63b7a6d44b 100644 --- a/2018/1xxx/CVE-2018-1258.json +++ b/2018/1xxx/CVE-2018-1258.json @@ -1,117 +1,118 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secure@dell.com", - "DATE_PUBLIC":"2018-05-09T00:00:00", - "ID":"CVE-2018-1258", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2018-05-09T00:00:00", + "ID": "CVE-2018-1258", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"Spring Framework", - "version":{ - "version_data":[ + "product_name": "Spring Framework", + "version": { + "version_data": [ { - "affected":"=", - "version_value":"5.0.5" + "affected": "=", + "version_value": "5.0.5" } ] } } ] }, - "vendor_name":"Pivotal" + "vendor_name": "Pivotal" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted." + "lang": "eng", + "value": "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Authorization Bypass" + "lang": "eng", + "value": "Authorization Bypass" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { - "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource":"CONFIRM", - "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name":"104222", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/104222" + "name": "104222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104222" }, { - "name":"1041888", - "refsource":"SECTRACK", - "url":"http://www.securitytracker.com/id/1041888" + "name": "1041888", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041888" }, { - "name":"1041896", - "refsource":"SECTRACK", - "url":"http://www.securitytracker.com/id/1041896" + "name": "1041896", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041896" }, { - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name":"https://security.netapp.com/advisory/ntap-20181018-0002/", - "refsource":"CONFIRM", - "url":"https://security.netapp.com/advisory/ntap-20181018-0002/" + "name": "https://security.netapp.com/advisory/ntap-20181018-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181018-0002/" }, { - "name":"https://pivotal.io/security/cve-2018-1258", - "refsource":"CONFIRM", - "url":"https://pivotal.io/security/cve-2018-1258" + "name": "https://pivotal.io/security/cve-2018-1258", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2018-1258" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2413", - "url":"https://access.redhat.com/errata/RHSA-2019:2413" + "refsource": "REDHAT", + "name": "RHSA-2019:2413", + "url": "https://access.redhat.com/errata/RHSA-2019:2413" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/20xxx/CVE-2018-20684.json b/2018/20xxx/CVE-2018-20684.json index e56c39f2696..33c88ea1a1f 100644 --- a/2018/20xxx/CVE-2018-20684.json +++ b/2018/20xxx/CVE-2018-20684.json @@ -1,85 +1,86 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2018-20684", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20684", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp." + "lang": "eng", + "value": "In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"106526", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/106526" + "name": "106526", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106526" }, { - "name":"https://github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54", - "refsource":"MISC", - "url":"https://github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54" + "name": "https://github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54", + "refsource": "MISC", + "url": "https://github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54" }, { - "name":"https://winscp.net/eng/docs/history", - "refsource":"MISC", - "url":"https://winscp.net/eng/docs/history" + "name": "https://winscp.net/eng/docs/history", + "refsource": "MISC", + "url": "https://winscp.net/eng/docs/history" }, { - "name":"https://winscp.net/tracker/1675", - "refsource":"MISC", - "url":"https://winscp.net/tracker/1675" + "name": "https://winscp.net/tracker/1675", + "refsource": "MISC", + "url": "https://winscp.net/tracker/1675" }, { - "name":"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", - "refsource":"MISC", - "url":"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" + "name": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", + "refsource": "MISC", + "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/5xxx/CVE-2018-5407.json b/2018/5xxx/CVE-2018-5407.json index ca8c0bc149f..ac3edca31b3 100644 --- a/2018/5xxx/CVE-2018-5407.json +++ b/2018/5xxx/CVE-2018-5407.json @@ -1,190 +1,191 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cert@cert.org", - "ID":"CVE-2018-5407", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2018-5407", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"Processors supporting Simultaneous Multi-Threading", - "version":{ - "version_data":[ + "product_name": "Processors supporting Simultaneous Multi-Threading", + "version": { + "version_data": [ { - "version_value":"N/A" + "version_value": "N/A" } ] } } ] }, - "vendor_name":"N/A" + "vendor_name": "N/A" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'." + "lang": "eng", + "value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"CWE-200" + "lang": "eng", + "value": "CWE-200" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"RHSA-2019:0483", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2019:0483" + "name": "RHSA-2019:0483", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0483" }, { - "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource":"CONFIRM", - "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name":"https://security.netapp.com/advisory/ntap-20181126-0001/", - "refsource":"CONFIRM", - "url":"https://security.netapp.com/advisory/ntap-20181126-0001/" + "name": "https://security.netapp.com/advisory/ntap-20181126-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181126-0001/" }, { - "name":"USN-3840-1", - "refsource":"UBUNTU", - "url":"https://usn.ubuntu.com/3840-1/" + "name": "USN-3840-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3840-1/" }, { - "name":"DSA-4355", - "refsource":"DEBIAN", - "url":"https://www.debian.org/security/2018/dsa-4355" + "name": "DSA-4355", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4355" }, { - "name":"https://www.tenable.com/security/tns-2018-17", - "refsource":"CONFIRM", - "url":"https://www.tenable.com/security/tns-2018-17" + "name": "https://www.tenable.com/security/tns-2018-17", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2018-17" }, { - "name":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "refsource":"CONFIRM", - "url":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" + "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "refsource": "CONFIRM", + "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { - "name":"GLSA-201903-10", - "refsource":"GENTOO", - "url":"https://security.gentoo.org/glsa/201903-10" + "name": "GLSA-201903-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201903-10" }, { - "name":"https://www.tenable.com/security/tns-2018-16", - "refsource":"CONFIRM", - "url":"https://www.tenable.com/security/tns-2018-16" + "name": "https://www.tenable.com/security/tns-2018-16", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2018-16" }, { - "name":"45785", - "refsource":"EXPLOIT-DB", - "url":"https://www.exploit-db.com/exploits/45785/" + "name": "45785", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45785/" }, { - "name":"[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", - "refsource":"MLIST", - "url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" + "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" }, { - "name":"https://github.com/bbbrumley/portsmash", - "refsource":"MISC", - "url":"https://github.com/bbbrumley/portsmash" + "name": "https://github.com/bbbrumley/portsmash", + "refsource": "MISC", + "url": "https://github.com/bbbrumley/portsmash" }, { - "name":"DSA-4348", - "refsource":"DEBIAN", - "url":"https://www.debian.org/security/2018/dsa-4348" + "name": "DSA-4348", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4348" }, { - "name":"105897", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/105897" + "name": "105897", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105897" }, { - "name":"https://eprint.iacr.org/2018/1060.pdf", - "refsource":"MISC", - "url":"https://eprint.iacr.org/2018/1060.pdf" + "name": "https://eprint.iacr.org/2018/1060.pdf", + "refsource": "MISC", + "url": "https://eprint.iacr.org/2018/1060.pdf" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:0651", - "url":"https://access.redhat.com/errata/RHSA-2019:0651" + "refsource": "REDHAT", + "name": "RHSA-2019:0651", + "url": "https://access.redhat.com/errata/RHSA-2019:0651" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:0652", - "url":"https://access.redhat.com/errata/RHSA-2019:0652" + "refsource": "REDHAT", + "name": "RHSA-2019:0652", + "url": "https://access.redhat.com/errata/RHSA-2019:0652" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2125", - "url":"https://access.redhat.com/errata/RHSA-2019:2125" + "refsource": "REDHAT", + "name": "RHSA-2019:2125", + "url": "https://access.redhat.com/errata/RHSA-2019:2125" }, { - "refsource":"CONFIRM", - "name":"https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS", - "url":"https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS" + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS", + "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3929", - "url":"https://access.redhat.com/errata/RHSA-2019:3929" + "refsource": "REDHAT", + "name": "RHSA-2019:3929", + "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3933", - "url":"https://access.redhat.com/errata/RHSA-2019:3933" + "refsource": "REDHAT", + "name": "RHSA-2019:3933", + "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3931", - "url":"https://access.redhat.com/errata/RHSA-2019:3931" + "refsource": "REDHAT", + "name": "RHSA-2019:3931", + "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3935", - "url":"https://access.redhat.com/errata/RHSA-2019:3935" + "refsource": "REDHAT", + "name": "RHSA-2019:3935", + "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3932", - "url":"https://access.redhat.com/errata/RHSA-2019:3932" + "refsource": "REDHAT", + "name": "RHSA-2019:3932", + "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/6xxx/CVE-2018-6829.json b/2018/6xxx/CVE-2018-6829.json index fbce92b39f6..a0cf9a3edd6 100644 --- a/2018/6xxx/CVE-2018-6829.json +++ b/2018/6xxx/CVE-2018-6829.json @@ -1,75 +1,76 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2018-6829", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6829", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation." + "lang": "eng", + "value": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "refsource":"MISC", - "url":"https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki" + "name": "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "refsource": "MISC", + "url": "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki" }, { - "name":"https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "refsource":"MISC", - "url":"https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html" + "name": "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "refsource": "MISC", + "url": "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html" }, { - "name":"https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "refsource":"MISC", - "url":"https://github.com/weikengchen/attack-on-libgcrypt-elgamal" + "name": "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "refsource": "MISC", + "url": "https://github.com/weikengchen/attack-on-libgcrypt-elgamal" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/8xxx/CVE-2018-8032.json b/2018/8xxx/CVE-2018-8032.json index 657c28e6ed7..c4d4080fdaf 100644 --- a/2018/8xxx/CVE-2018-8032.json +++ b/2018/8xxx/CVE-2018-8032.json @@ -1,86 +1,87 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"security@apache.org", - "DATE_PUBLIC":"2018-07-08T00:00:00", - "ID":"CVE-2018-8032", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-07-08T00:00:00", + "ID": "CVE-2018-8032", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"Apache Axis", - "version":{ - "version_data":[ + "product_name": "Apache Axis", + "version": { + "version_data": [ { - "version_value":"1.x up to and including 1.4" + "version_value": "1.x up to and including 1.4" } ] } } ] }, - "vendor_name":"Apache Software Foundation" + "vendor_name": "Apache Software Foundation" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services." + "lang": "eng", + "value": "Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Cross-site Scripting" + "lang": "eng", + "value": "Cross-site Scripting" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://issues.apache.org/jira/browse/AXIS-2924", - "refsource":"CONFIRM", - "url":"https://issues.apache.org/jira/browse/AXIS-2924" + "name": "https://issues.apache.org/jira/browse/AXIS-2924", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/AXIS-2924" }, { - "name":"[axis-java-dev] 20180708 [jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerability", - "refsource":"MLIST", - "url":"http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060@Atlassian.JIRA%3E" + "name": "[axis-java-dev] 20180708 [jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerability", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060@Atlassian.JIRA%3E" }, { - "refsource":"MLIST", - "name":"[axis-java-dev] 20190925 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability", - "url":"https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041@%3Cjava-dev.axis.apache.org%3E" + "refsource": "MLIST", + "name": "[axis-java-dev] 20190925 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability", + "url": "https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041@%3Cjava-dev.axis.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[axis-java-dev] 20190929 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability", - "url":"https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b@%3Cjava-dev.axis.apache.org%3E" + "refsource": "MLIST", + "name": "[axis-java-dev] 20190929 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability", + "url": "https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b@%3Cjava-dev.axis.apache.org%3E" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/8xxx/CVE-2018-8039.json b/2018/8xxx/CVE-2018-8039.json index ceadcc90477..2aeb3389e32 100644 --- a/2018/8xxx/CVE-2018-8039.json +++ b/2018/8xxx/CVE-2018-8039.json @@ -1,144 +1,145 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"security@apache.org", - "DATE_PUBLIC":"2018-06-28T00:00:00", - "ID":"CVE-2018-8039", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-06-28T00:00:00", + "ID": "CVE-2018-8039", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"Apache CXF", - "version":{ - "version_data":[ + "product_name": "Apache CXF", + "version": { + "version_data": [ { - "version_value":"prior to 3.1.16" + "version_value": "prior to 3.1.16" }, { - "version_value":"3.2.x prior to 3.2.5" + "version_value": "3.2.x prior to 3.2.5" } ] } } ] }, - "vendor_name":"Apache Software Foundation" + "vendor_name": "Apache Software Foundation" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty(\"java.protocol.handler.pkgs\", \"com.sun.net.ssl.internal.www.protocol\");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks." + "lang": "eng", + "value": "It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty(\"java.protocol.handler.pkgs\", \"com.sun.net.ssl.internal.www.protocol\");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Improper Validation of Certificate with Host Mismatch" + "lang": "eng", + "value": "Improper Validation of Certificate with Host Mismatch" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b", - "refsource":"CONFIRM", - "url":"https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b" + "name": "https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b", + "refsource": "CONFIRM", + "url": "https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b" }, { - "name":"RHSA-2018:2428", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:2428" + "name": "RHSA-2018:2428", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2428" }, { - "name":"RHSA-2018:3817", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:3817" + "name": "RHSA-2018:3817", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3817" }, { - "name":"RHSA-2018:2643", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:2643" + "name": "RHSA-2018:2643", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2643" }, { - "name":"[cxf-user] 20180628 Apache CXF 3.2.6 and 3.1.16 are released", - "refsource":"MLIST", - "url":"https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866@%3Cdev.cxf.apache.org%3E" + "name": "[cxf-user] 20180628 Apache CXF 3.2.6 and 3.1.16 are released", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866@%3Cdev.cxf.apache.org%3E" }, { - "name":"106357", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/106357" + "name": "106357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106357" }, { - "name":"RHSA-2018:2279", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:2279" + "name": "RHSA-2018:2279", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2279" }, { - "name":"RHSA-2018:2424", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:2424" + "name": "RHSA-2018:2424", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2424" }, { - "name":"RHSA-2018:2276", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:2276" + "name": "RHSA-2018:2276", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2276" }, { - "name":"RHSA-2018:2423", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:2423" + "name": "RHSA-2018:2423", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2423" }, { - "name":"RHSA-2018:2425", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:2425" + "name": "RHSA-2018:2425", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2425" }, { - "name":"RHSA-2018:2277", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:2277" + "name": "RHSA-2018:2277", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2277" }, { - "name":"http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2", - "refsource":"CONFIRM", - "url":"http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2" + "name": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2", + "refsource": "CONFIRM", + "url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2" }, { - "name":"1041199", - "refsource":"SECTRACK", - "url":"http://www.securitytracker.com/id/1041199" + "name": "1041199", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041199" }, { - "name":"RHSA-2018:3768", - "refsource":"REDHAT", - "url":"https://access.redhat.com/errata/RHSA-2018:3768" + "name": "RHSA-2018:3768", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3768" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/0xxx/CVE-2019-0199.json b/2019/0xxx/CVE-2019-0199.json index 38770a11a90..fe3ff5108f5 100644 --- a/2019/0xxx/CVE-2019-0199.json +++ b/2019/0xxx/CVE-2019-0199.json @@ -1,26 +1,25 @@ - { - "data_type":"CVE", - "data_format":"MITRE", - "data_version":"4.0", - "CVE_data_meta":{ - "ID":"CVE-2019-0199", - "ASSIGNER":"security@apache.org", - "STATE":"PUBLIC" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0199", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "vendor_name":"n/a", - "product":{ - "product_data":[ + "vendor_name": "n/a", + "product": { + "product_data": [ { - "product_name":"Apache Tomcat", - "version":{ - "version_data":[ + "product_name": "Apache Tomcat", + "version": { + "version_data": [ { - "version_value":"Apache Tomcat 9.0.0.M1 to 9.0.14, 8.5.0 to 8.5.37" + "version_value": "Apache Tomcat 9.0.0.M1 to 9.0.14, 8.5.0 to 8.5.37" } ] } @@ -31,175 +30,177 @@ ] } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"DoS" + "lang": "eng", + "value": "DoS" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"MISC", - "name":"https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E", - "url":"https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E" + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E", + "url": "https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190419-0001/", - "url":"https://security.netapp.com/advisory/ntap-20190419-0001/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190419-0001/", + "url": "https://security.netapp.com/advisory/ntap-20190419-0001/" }, { - "refsource":"MLIST", - "name":"[tomee-commits] 20190528 [jira] [Closed] (TOMEE-2497) Upgrade Tomcat in TomEE 7.0.x/7.1.x/8.0.x for CVE-2019-0199", - "url":"https://lists.apache.org/thread.html/e56886e1bac9319ecce81b3612dd7a1a43174a3a741a1c805e16880e@%3Ccommits.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-commits] 20190528 [jira] [Closed] (TOMEE-2497) Upgrade Tomcat in TomEE 7.0.x/7.1.x/8.0.x for CVE-2019-0199", + "url": "https://lists.apache.org/thread.html/e56886e1bac9319ecce81b3612dd7a1a43174a3a741a1c805e16880e@%3Ccommits.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-users] 20190620 Re: [EXTERNAL] [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url":"https://lists.apache.org/thread.html/9fe25f98bac6d66f8a663a15c37a98bc2d8f8bbed1d408791a3e4067@%3Cusers.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-users] 20190620 Re: [EXTERNAL] [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url": "https://lists.apache.org/thread.html/9fe25f98bac6d66f8a663a15c37a98bc2d8f8bbed1d408791a3e4067@%3Cusers.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url":"https://lists.apache.org/thread.html/4c438fa4c78cb1ce8979077f668ab7145baf83e7c59f2faf7eccf094@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url": "https://lists.apache.org/thread.html/4c438fa4c78cb1ce8979077f668ab7145baf83e7c59f2faf7eccf094@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[announce] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url":"https://lists.apache.org/thread.html/cf4eb2bd2083cebb3602a293c653f9a7faa96c86f672c876f25b37ef@%3Cannounce.apache.org%3E" + "refsource": "MLIST", + "name": "[announce] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url": "https://lists.apache.org/thread.html/cf4eb2bd2083cebb3602a293c653f9a7faa96c86f672c876f25b37ef@%3Cannounce.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-announce] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url":"https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-announce] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url": "https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190620 svn commit: r1861711 - in /tomcat/site/trunk: docs/security-8.html docs/security-9.html xdocs/security-8.xml xdocs/security-9.xml", - "url":"https://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190620 svn commit: r1861711 - in /tomcat/site/trunk: docs/security-8.html docs/security-9.html xdocs/security-8.xml xdocs/security-9.xml", + "url": "https://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-users] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url":"https://lists.apache.org/thread.html/e87733036e8c84ea648cdcdca3098f3c8a897e2652c33062b2b1535c@%3Cusers.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-users] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url": "https://lists.apache.org/thread.html/e87733036e8c84ea648cdcdca3098f3c8a897e2652c33062b2b1535c@%3Cusers.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url":"https://lists.apache.org/thread.html/a7a201bd23e67fd3326c9b22b814dd0537d3270b3b54a768e2e7ef50@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url": "https://lists.apache.org/thread.html/a7a201bd23e67fd3326c9b22b814dd0537d3270b3b54a768e2e7ef50@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-announce] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url":"https://lists.apache.org/thread.html/dddb3590bac28fbe89f69f5ccbe26283d014ddc691abdd042de14600@%3Cannounce.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-announce] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url": "https://lists.apache.org/thread.html/dddb3590bac28fbe89f69f5ccbe26283d014ddc691abdd042de14600@%3Cannounce.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-users] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url":"https://lists.apache.org/thread.html/7bb193bc68b28d21ff1c726fd38bea164deb6333b59eec2eb3661da6@%3Cusers.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-users] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url": "https://lists.apache.org/thread.html/7bb193bc68b28d21ff1c726fd38bea164deb6333b59eec2eb3661da6@%3Cusers.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[announce] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url":"https://lists.apache.org/thread.html/ac0185ce240a711b542a55bccf9349ab0c2f343d70cf7835e08fabc9@%3Cannounce.apache.org%3E" + "refsource": "MLIST", + "name": "[announce] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url": "https://lists.apache.org/thread.html/ac0185ce240a711b542a55bccf9349ab0c2f343d70cf7835e08fabc9@%3Cannounce.apache.org%3E" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-1a3f878d27", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/" + "refsource": "FEDORA", + "name": "FEDORA-2019-1a3f878d27", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/" }, { - "refsource":"CONFIRM", - "name":"https://support.f5.com/csp/article/K17321505", - "url":"https://support.f5.com/csp/article/K17321505" + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K17321505", + "url": "https://support.f5.com/csp/article/K17321505" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1673", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1673", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-d66febb5df", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/" + "refsource": "FEDORA", + "name": "FEDORA-2019-d66febb5df", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource":"BID", - "name":"107674", - "url":"http://www.securityfocus.com/bid/107674" + "refsource": "BID", + "name": "107674", + "url": "http://www.securityfocus.com/bid/107674" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1723", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00013.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1723", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00013.html" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1808", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1808", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3929", - "url":"https://access.redhat.com/errata/RHSA-2019:3929" + "refsource": "REDHAT", + "name": "RHSA-2019:3929", + "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3931", - "url":"https://access.redhat.com/errata/RHSA-2019:3931" + "refsource": "REDHAT", + "name": "RHSA-2019:3931", + "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { - "refsource":"DEBIAN", - "name":"DSA-4596", - "url":"https://www.debian.org/security/2019/dsa-4596" + "refsource": "DEBIAN", + "name": "DSA-4596", + "url": "https://www.debian.org/security/2019/dsa-4596" }, { - "refsource":"BUGTRAQ", - "name":"20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", - "url":"https://seclists.org/bugtraq/2019/Dec/43" + "refsource": "BUGTRAQ", + "name": "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", + "url": "https://seclists.org/bugtraq/2019/Dec/43" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description":{ - "description_data":[ + "description": { + "description_data": [ { - "lang":"eng", - "value":"The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS." + "lang": "eng", + "value": "The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS." } ] } diff --git a/2019/0xxx/CVE-2019-0215.json b/2019/0xxx/CVE-2019-0215.json index e64662ab29c..088f2bd3ebc 100644 --- a/2019/0xxx/CVE-2019-0215.json +++ b/2019/0xxx/CVE-2019-0215.json @@ -1,29 +1,28 @@ - { - "data_type":"CVE", - "data_format":"MITRE", - "data_version":"4.0", - "CVE_data_meta":{ - "ID":"CVE-2019-0215", - "ASSIGNER":"security@apache.org", - "STATE":"PUBLIC" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0215", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "vendor_name":"Apache", - "product":{ - "product_data":[ + "vendor_name": "Apache", + "product": { + "product_data": [ { - "product_name":"Apache HTTP Server", - "version":{ - "version_data":[ + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ { - "version_value":"2.4.37" + "version_value": "2.4.37" }, { - "version_value":"2.4.38" + "version_value": "2.4.38" } ] } @@ -34,115 +33,117 @@ ] } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Access Control Bypass" + "lang": "eng", + "value": "Access Control Bypass" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"MLIST", - "name":"[oss-security] 20190401 CVE-2019-0215: mod_ssl access control bypass", - "url":"http://www.openwall.com/lists/oss-security/2019/04/02/4" + "refsource": "MLIST", + "name": "[oss-security] 20190401 CVE-2019-0215: mod_ssl access control bypass", + "url": "http://www.openwall.com/lists/oss-security/2019/04/02/4" }, { - "refsource":"MLIST", - "name":"[httpd-cvs] 20190402 svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", - "url":"https://lists.apache.org/thread.html/2d6bd429a0ba9af1580da896575cfca6e42bb05e7536562d4b095fcf@%3Ccvs.httpd.apache.org%3E" + "refsource": "MLIST", + "name": "[httpd-cvs] 20190402 svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", + "url": "https://lists.apache.org/thread.html/2d6bd429a0ba9af1580da896575cfca6e42bb05e7536562d4b095fcf@%3Ccvs.httpd.apache.org%3E" }, { - "refsource":"BID", - "name":"107667", - "url":"http://www.securityfocus.com/bid/107667" + "refsource": "BID", + "name": "107667", + "url": "http://www.securityfocus.com/bid/107667" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-cf7695b470", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/" + "refsource": "FEDORA", + "name": "FEDORA-2019-cf7695b470", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-119b14075a", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/" + "refsource": "FEDORA", + "name": "FEDORA-2019-119b14075a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/" }, { - "refsource":"MISC", - "name":"https://httpd.apache.org/security/vulnerabilities_24.html", - "url":"https://httpd.apache.org/security/vulnerabilities_24.html" + "refsource": "MISC", + "name": "https://httpd.apache.org/security/vulnerabilities_24.html", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { - "refsource":"CONFIRM", - "name":"https://support.f5.com/csp/article/K59440504", - "url":"https://support.f5.com/csp/article/K59440504" + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K59440504", + "url": "https://support.f5.com/csp/article/K59440504" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190423-0001/", - "url":"https://security.netapp.com/advisory/ntap-20190423-0001/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190423-0001/", + "url": "https://security.netapp.com/advisory/ntap-20190423-0001/" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:0980", - "url":"https://access.redhat.com/errata/RHSA-2019:0980" + "refsource": "REDHAT", + "name": "RHSA-2019:0980", + "url": "https://access.redhat.com/errata/RHSA-2019:0980" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-a4ed7400f4", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/" + "refsource": "FEDORA", + "name": "FEDORA-2019-a4ed7400f4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource":"MLIST", - "name":"[httpd-dev] 20190804 Re: svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", - "url":"https://lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb@%3Cdev.httpd.apache.org%3E" + "refsource": "MLIST", + "name": "[httpd-dev] 20190804 Re: svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", + "url": "https://lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb@%3Cdev.httpd.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[httpd-cvs] 20190806 svn commit: r1864463 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", - "url":"https://lists.apache.org/thread.html/bc1a6d4137798565ab02e60079b6788442147f4efeb4200c665bed5b@%3Ccvs.httpd.apache.org%3E" + "refsource": "MLIST", + "name": "[httpd-cvs] 20190806 svn commit: r1864463 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", + "url": "https://lists.apache.org/thread.html/bc1a6d4137798565ab02e60079b6788442147f4efeb4200c665bed5b@%3Ccvs.httpd.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[httpd-dev] 20190806 Re: svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", - "url":"https://lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47@%3Cdev.httpd.apache.org%3E" + "refsource": "MLIST", + "name": "[httpd-dev] 20190806 Re: svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", + "url": "https://lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47@%3Cdev.httpd.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", - "url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" + "refsource": "MLIST", + "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", + "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", - "url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" + "refsource": "MLIST", + "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", + "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description":{ - "description_data":[ + "description": { + "description_data": [ { - "lang":"eng", - "value":"In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions." + "lang": "eng", + "value": "In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions." } ] } diff --git a/2019/0xxx/CVE-2019-0221.json b/2019/0xxx/CVE-2019-0221.json index 7c532a772b7..b5f693fedbf 100644 --- a/2019/0xxx/CVE-2019-0221.json +++ b/2019/0xxx/CVE-2019-0221.json @@ -1,32 +1,31 @@ - { - "data_type":"CVE", - "data_format":"MITRE", - "data_version":"4.0", - "CVE_data_meta":{ - "ID":"CVE-2019-0221", - "ASSIGNER":"security@apache.org", - "STATE":"PUBLIC" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0221", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "vendor_name":"Apache", - "product":{ - "product_data":[ + "vendor_name": "Apache", + "product": { + "product_data": [ { - "product_name":"Apache Tomcat", - "version":{ - "version_data":[ + "product_name": "Apache Tomcat", + "version": { + "version_data": [ { - "version_value":"Apache Tomcat 9.0.0.M1 to 9.0.0.17" + "version_value": "Apache Tomcat 9.0.0.M1 to 9.0.0.17" }, { - "version_value":"8.5.0 to 8.5.39" + "version_value": "8.5.0 to 8.5.39" }, { - "version_value":"7.0.0 to 7.0.93" + "version_value": "7.0.0 to 7.0.93" } ] } @@ -37,120 +36,122 @@ ] } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Cross-Site Scripting" + "lang": "eng", + "value": "Cross-Site Scripting" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"CONFIRM", - "name":"https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E", - "url":"https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E" + "refsource": "CONFIRM", + "name": "https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E", + "url": "https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E" }, { - "refsource":"FULLDISC", - "name":"20190529 XSS in SSI printenv command - Apache Tomcat - CVE-2019-0221", - "url":"http://seclists.org/fulldisclosure/2019/May/50" + "refsource": "FULLDISC", + "name": "20190529 XSS in SSI printenv command - Apache Tomcat - CVE-2019-0221", + "url": "http://seclists.org/fulldisclosure/2019/May/50" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20190530 [SECURITY] [DLA 1810-1] tomcat7 security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00044.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190530 [SECURITY] [DLA 1810-1] tomcat7 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00044.html" }, { - "refsource":"BID", - "name":"108545", - "url":"http://www.securityfocus.com/bid/108545" + "refsource": "BID", + "name": "108545", + "url": "http://www.securityfocus.com/bid/108545" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190606-0001/", - "url":"https://security.netapp.com/advisory/ntap-20190606-0001/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190606-0001/", + "url": "https://security.netapp.com/advisory/ntap-20190606-0001/" }, { - "refsource":"MISC", - "name":"https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/", - "url":"https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/" + "refsource": "MISC", + "name": "https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/", + "url": "https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-1a3f878d27", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/" + "refsource": "FEDORA", + "name": "FEDORA-2019-1a3f878d27", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1673", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1673", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-d66febb5df", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/" + "refsource": "FEDORA", + "name": "FEDORA-2019-d66febb5df", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1808", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1808", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20190813 [SECURITY] [DLA 1883-1] tomcat8 security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1883-1] tomcat8 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html" }, { - "refsource":"UBUNTU", - "name":"USN-4128-1", - "url":"https://usn.ubuntu.com/4128-1/" + "refsource": "UBUNTU", + "name": "USN-4128-1", + "url": "https://usn.ubuntu.com/4128-1/" }, { - "refsource":"UBUNTU", - "name":"USN-4128-2", - "url":"https://usn.ubuntu.com/4128-2/" + "refsource": "UBUNTU", + "name": "USN-4128-2", + "url": "https://usn.ubuntu.com/4128-2/" }, { - "refsource":"CONFIRM", - "name":"https://support.f5.com/csp/article/K13184144?utm_source=f5support&utm_medium=RSS", - "url":"https://support.f5.com/csp/article/K13184144?utm_source=f5support&utm_medium=RSS" + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K13184144?utm_source=f5support&utm_medium=RSS", + "url": "https://support.f5.com/csp/article/K13184144?utm_source=f5support&utm_medium=RSS" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3929", - "url":"https://access.redhat.com/errata/RHSA-2019:3929" + "refsource": "REDHAT", + "name": "RHSA-2019:3929", + "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3931", - "url":"https://access.redhat.com/errata/RHSA-2019:3931" + "refsource": "REDHAT", + "name": "RHSA-2019:3931", + "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { - "refsource":"DEBIAN", - "name":"DSA-4596", - "url":"https://www.debian.org/security/2019/dsa-4596" + "refsource": "DEBIAN", + "name": "DSA-4596", + "url": "https://www.debian.org/security/2019/dsa-4596" }, { - "refsource":"BUGTRAQ", - "name":"20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", - "url":"https://seclists.org/bugtraq/2019/Dec/43" + "refsource": "BUGTRAQ", + "name": "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", + "url": "https://seclists.org/bugtraq/2019/Dec/43" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description":{ - "description_data":[ + "description": { + "description_data": [ { - "lang":"eng", - "value":"The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website." + "lang": "eng", + "value": "The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website." } ] } diff --git a/2019/0xxx/CVE-2019-0227.json b/2019/0xxx/CVE-2019-0227.json index 9feb55d4701..2aa18b7520b 100644 --- a/2019/0xxx/CVE-2019-0227.json +++ b/2019/0xxx/CVE-2019-0227.json @@ -1,26 +1,25 @@ - { - "data_type":"CVE", - "data_format":"MITRE", - "data_version":"4.0", - "CVE_data_meta":{ - "ID":"CVE-2019-0227", - "ASSIGNER":"security@apache.org", - "STATE":"PUBLIC" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0227", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "vendor_name":"Apache", - "product":{ - "product_data":[ + "vendor_name": "Apache", + "product": { + "product_data": [ { - "product_name":"Apache Axis 1.4", - "version":{ - "version_data":[ + "product_name": "Apache Axis 1.4", + "version": { + "version_data": [ { - "version_value":"Apache Axis 1.4" + "version_value": "Apache Axis 1.4" } ] } @@ -31,40 +30,42 @@ ] } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"SSRF" + "lang": "eng", + "value": "SSRF" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"MISC", - "name":"https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/", - "url":"https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/" + "refsource": "MISC", + "name": "https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/", + "url": "https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description":{ - "description_data":[ + "description": { + "description_data": [ { - "lang":"eng", - "value":"A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue." + "lang": "eng", + "value": "A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue." } ] } diff --git a/2019/0xxx/CVE-2019-0232.json b/2019/0xxx/CVE-2019-0232.json index c41c4eaf486..97b58387763 100644 --- a/2019/0xxx/CVE-2019-0232.json +++ b/2019/0xxx/CVE-2019-0232.json @@ -1,32 +1,31 @@ - { - "data_type":"CVE", - "data_format":"MITRE", - "data_version":"4.0", - "CVE_data_meta":{ - "ID":"CVE-2019-0232", - "ASSIGNER":"security@apache.org", - "STATE":"PUBLIC" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0232", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "vendor_name":"Apache", - "product":{ - "product_data":[ + "vendor_name": "Apache", + "product": { + "product_data": [ { - "product_name":"Tomcat", - "version":{ - "version_data":[ + "product_name": "Tomcat", + "version": { + "version_data": [ { - "version_value":"9.0.0.M1 to 9.0.17" + "version_value": "9.0.0.M1 to 9.0.17" }, { - "version_value":"8.5.0 to 8.5.39" + "version_value": "8.5.0 to 8.5.39" }, { - "version_value":"7.0.0 to 7.0.93" + "version_value": "7.0.0 to 7.0.93" } ] } @@ -37,145 +36,147 @@ ] } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Remote Code Execution" + "lang": "eng", + "value": "Remote Code Execution" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"MISC", - "name":"https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html", - "url":"https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html" + "refsource": "MISC", + "name": "https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html", + "url": "https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html" }, { - "refsource":"MISC", - "name":"https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/", - "url":"https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/" + "refsource": "MISC", + "name": "https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/", + "url": "https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/" }, { - "refsource":"MLIST", - "name":"[tomcat-users] 20190410 [SECURITY] CVE-2019-0232 Apache Tomcat Remote Code Execution on Windows", - "url":"https://lists.apache.org/thread.html/5f297a4b9080b5f65a05bc139596d0e437d6a539b25e31d29d028767@%3Cannounce.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-users] 20190410 [SECURITY] CVE-2019-0232 Apache Tomcat Remote Code Execution on Windows", + "url": "https://lists.apache.org/thread.html/5f297a4b9080b5f65a05bc139596d0e437d6a539b25e31d29d028767@%3Cannounce.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[ofbiz-commits] 20190415 svn commit: r1857587 - in /ofbiz: ofbiz-framework/branches/release18.12/build.gradle ofbiz-plugins/branches/release18.12/example/build.gradle", - "url":"https://lists.apache.org/thread.html/673b6148d92cd7bc99ea2dcf85ad75d57da44fc322d51f37fb529a2a@%3Ccommits.ofbiz.apache.org%3E" + "refsource": "MLIST", + "name": "[ofbiz-commits] 20190415 svn commit: r1857587 - in /ofbiz: ofbiz-framework/branches/release18.12/build.gradle ofbiz-plugins/branches/release18.12/example/build.gradle", + "url": "https://lists.apache.org/thread.html/673b6148d92cd7bc99ea2dcf85ad75d57da44fc322d51f37fb529a2a@%3Ccommits.ofbiz.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[ofbiz-commits] 20190415 svn commit: r1857586 - in /ofbiz: ofbiz-framework/trunk/build.gradle ofbiz-plugins/trunk/example/build.gradle", - "url":"https://lists.apache.org/thread.html/a6c87a09a71162fd563ab1c4e70a08a103e0b7c199fc391f1c9c4c35@%3Ccommits.ofbiz.apache.org%3E" + "refsource": "MLIST", + "name": "[ofbiz-commits] 20190415 svn commit: r1857586 - in /ofbiz: ofbiz-framework/trunk/build.gradle ofbiz-plugins/trunk/example/build.gradle", + "url": "https://lists.apache.org/thread.html/a6c87a09a71162fd563ab1c4e70a08a103e0b7c199fc391f1c9c4c35@%3Ccommits.ofbiz.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[ofbiz-commits] 20190415 svn commit: r1857588 - in /ofbiz: ofbiz-framework/branches/release17.12/build.gradle ofbiz-plugins/branches/release17.12/example/build.gradle", - "url":"https://lists.apache.org/thread.html/52ffb9fbf661245386a83a661183d13f1de2e5779fa23837a08e02ac@%3Ccommits.ofbiz.apache.org%3E" + "refsource": "MLIST", + "name": "[ofbiz-commits] 20190415 svn commit: r1857588 - in /ofbiz: ofbiz-framework/branches/release17.12/build.gradle ofbiz-plugins/branches/release17.12/example/build.gradle", + "url": "https://lists.apache.org/thread.html/52ffb9fbf661245386a83a661183d13f1de2e5779fa23837a08e02ac@%3Ccommits.ofbiz.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[ofbiz-notifications] 20190415 [jira] [Commented] (OFBIZ-10920) Update Tomcat to 9.0.18 due to CVE-2019-0232", - "url":"https://lists.apache.org/thread.html/dd4b325cdb261183dbf5ce913c102920a8f09c26dae666a98309165b@%3Cnotifications.ofbiz.apache.org%3E" + "refsource": "MLIST", + "name": "[ofbiz-notifications] 20190415 [jira] [Commented] (OFBIZ-10920) Update Tomcat to 9.0.18 due to CVE-2019-0232", + "url": "https://lists.apache.org/thread.html/dd4b325cdb261183dbf5ce913c102920a8f09c26dae666a98309165b@%3Cnotifications.ofbiz.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[ofbiz-notifications] 20190415 [jira] [Closed] (OFBIZ-10920) Update Tomcat to 9.0.18 due to CVE-2019-0232", - "url":"https://lists.apache.org/thread.html/96849486813a95dfd542e1618b7923ca945508aaf4a4341f674d83e3@%3Cnotifications.ofbiz.apache.org%3E" + "refsource": "MLIST", + "name": "[ofbiz-notifications] 20190415 [jira] [Closed] (OFBIZ-10920) Update Tomcat to 9.0.18 due to CVE-2019-0232", + "url": "https://lists.apache.org/thread.html/96849486813a95dfd542e1618b7923ca945508aaf4a4341f674d83e3@%3Cnotifications.ofbiz.apache.org%3E" }, { - "refsource":"BID", - "name":"107906", - "url":"http://www.securityfocus.com/bid/107906" + "refsource": "BID", + "name": "107906", + "url": "http://www.securityfocus.com/bid/107906" }, { - "refsource":"CONFIRM", - "name":"https://www.synology.com/security/advisory/Synology_SA_19_17", - "url":"https://www.synology.com/security/advisory/Synology_SA_19_17" + "refsource": "CONFIRM", + "name": "https://www.synology.com/security/advisory/Synology_SA_19_17", + "url": "https://www.synology.com/security/advisory/Synology_SA_19_17" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190419-0001/", - "url":"https://security.netapp.com/advisory/ntap-20190419-0001/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190419-0001/", + "url": "https://security.netapp.com/advisory/ntap-20190419-0001/" }, { - "refsource":"MLIST", - "name":"[tomcat-dev] 20190421 svn commit: r1857901 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml", - "url":"https://lists.apache.org/thread.html/f4d48b32ef2b6aa49c8830241a9475da5b46e451f964b291c7a0a715@%3Cdev.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[tomcat-dev] 20190421 svn commit: r1857901 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml", + "url": "https://lists.apache.org/thread.html/f4d48b32ef2b6aa49c8830241a9475da5b46e451f964b291c7a0a715@%3Cdev.tomcat.apache.org%3E" }, { - "refsource":"CONFIRM", - "name":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-784", - "url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-784" + "refsource": "CONFIRM", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-784", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-784" }, { - "refsource":"FULLDISC", - "name":"20190504 RCE in CGI Servlet - Apache Tomcat on Windows - CVE-2019-0232", - "url":"http://seclists.org/fulldisclosure/2019/May/4" + "refsource": "FULLDISC", + "name": "20190504 RCE in CGI Servlet - Apache Tomcat on Windows - CVE-2019-0232", + "url": "http://seclists.org/fulldisclosure/2019/May/4" }, { - "refsource":"MISC", - "name":"https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/", - "url":"https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/" + "refsource": "MISC", + "name": "https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/" }, { - "refsource":"MISC", - "name":"https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/", - "url":"https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/" + "refsource": "MISC", + "name": "https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/", + "url": "https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/" }, { - "refsource":"MISC", - "name":"http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html", - "url":"http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html" + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1712", - "url":"https://access.redhat.com/errata/RHSA-2019:1712" + "refsource": "REDHAT", + "name": "RHSA-2019:1712", + "url": "https://access.redhat.com/errata/RHSA-2019:1712" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description":{ - "description_data":[ + "description": { + "description_data": [ { - "lang":"eng", - "value":"When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/)." + "lang": "eng", + "value": "When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/)." } ] } diff --git a/2019/10xxx/CVE-2019-10072.json b/2019/10xxx/CVE-2019-10072.json index 1c5f0a90e4e..d0f61d9e069 100644 --- a/2019/10xxx/CVE-2019-10072.json +++ b/2019/10xxx/CVE-2019-10072.json @@ -1,26 +1,25 @@ - { - "data_type":"CVE", - "data_format":"MITRE", - "data_version":"4.0", - "CVE_data_meta":{ - "ID":"CVE-2019-10072", - "ASSIGNER":"security@apache.org", - "STATE":"PUBLIC" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10072", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "vendor_name":"n/a", - "product":{ - "product_data":[ + "vendor_name": "n/a", + "product": { + "product_data": [ { - "product_name":"Apache Tomcat", - "version":{ - "version_data":[ + "product_name": "Apache Tomcat", + "version": { + "version_data": [ { - "version_value":"Apache Tomcat 9.0.0.M1 to 9.0.19, 8.5.0 to 8.5.40" + "version_value": "Apache Tomcat 9.0.0.M1 to 9.0.19, 8.5.0 to 8.5.40" } ] } @@ -31,85 +30,87 @@ ] } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Denial of Service" + "lang": "eng", + "value": "Denial of Service" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"MISC", - "name":"https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E", - "url":"https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E" + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E", + "url": "https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E" }, { - "refsource":"CONFIRM", - "name":"https://www.synology.com/security/advisory/Synology_SA_19_29", - "url":"https://www.synology.com/security/advisory/Synology_SA_19_29" + "refsource": "CONFIRM", + "name": "https://www.synology.com/security/advisory/Synology_SA_19_29", + "url": "https://www.synology.com/security/advisory/Synology_SA_19_29" }, { - "refsource":"BID", - "name":"108874", - "url":"http://www.securityfocus.com/bid/108874" + "refsource": "BID", + "name": "108874", + "url": "http://www.securityfocus.com/bid/108874" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190625-0002/", - "url":"https://security.netapp.com/advisory/ntap-20190625-0002/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190625-0002/", + "url": "https://security.netapp.com/advisory/ntap-20190625-0002/" }, { - "refsource":"CONFIRM", - "name":"https://support.f5.com/csp/article/K17321505", - "url":"https://support.f5.com/csp/article/K17321505" + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K17321505", + "url": "https://support.f5.com/csp/article/K17321505" }, { - "refsource":"UBUNTU", - "name":"USN-4128-1", - "url":"https://usn.ubuntu.com/4128-1/" + "refsource": "UBUNTU", + "name": "USN-4128-1", + "url": "https://usn.ubuntu.com/4128-1/" }, { - "refsource":"UBUNTU", - "name":"USN-4128-2", - "url":"https://usn.ubuntu.com/4128-2/" + "refsource": "UBUNTU", + "name": "USN-4128-2", + "url": "https://usn.ubuntu.com/4128-2/" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3929", - "url":"https://access.redhat.com/errata/RHSA-2019:3929" + "refsource": "REDHAT", + "name": "RHSA-2019:3929", + "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3931", - "url":"https://access.redhat.com/errata/RHSA-2019:3931" + "refsource": "REDHAT", + "name": "RHSA-2019:3931", + "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2020:0038", - "url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0038", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description":{ - "description_data":[ + "description": { + "description_data": [ { - "lang":"eng", - "value":"The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS." + "lang": "eng", + "value": "The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS." } ] } diff --git a/2019/10xxx/CVE-2019-10086.json b/2019/10xxx/CVE-2019-10086.json index 7180bcc0150..785b749edc9 100644 --- a/2019/10xxx/CVE-2019-10086.json +++ b/2019/10xxx/CVE-2019-10086.json @@ -1,26 +1,25 @@ - { - "data_type":"CVE", - "data_format":"MITRE", - "data_version":"4.0", - "CVE_data_meta":{ - "ID":"CVE-2019-10086", - "ASSIGNER":"security@apache.org", - "STATE":"PUBLIC" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10086", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "vendor_name":"Apache", - "product":{ - "product_data":[ + "vendor_name": "Apache", + "product": { + "product_data": [ { - "product_name":"Apache Commons Beanutils", - "version":{ - "version_data":[ + "product_name": "Apache Commons Beanutils", + "version": { + "version_data": [ { - "version_value":"Apache Commons Beanutils 1.0 to 1.9.3" + "version_value": "Apache Commons Beanutils 1.0 to 1.9.3" } ] } @@ -31,125 +30,127 @@ ] } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Information Disclosure" + "lang": "eng", + "value": "Information Disclosure" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"MLIST", - "name":"[www-announce] 20190815 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.", - "url":"http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4@apache.org%3e" + "refsource": "MLIST", + "name": "[www-announce] 20190815 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.", + "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4@apache.org%3e" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20190824 [SECURITY] [DLA 1896-1] commons-beanutils security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190824 [SECURITY] [DLA 1896-1] commons-beanutils security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html" }, { - "refsource":"MLIST", - "name":"[tinkerpop-commits] 20190829 [tinkerpop] branch master updated: Bump commons-beanutils to 1.9.4 for CVE-2019-10086 - CTR", - "url":"https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125@%3Ccommits.tinkerpop.apache.org%3E" + "refsource": "MLIST", + "name": "[tinkerpop-commits] 20190829 [tinkerpop] branch master updated: Bump commons-beanutils to 1.9.4 for CVE-2019-10086 - CTR", + "url": "https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125@%3Ccommits.tinkerpop.apache.org%3E" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:2058", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2058", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html" }, { - "refsource":"MLIST", - "name":"[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.", - "url":"https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E" + "refsource": "MLIST", + "name": "[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.", + "url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.", - "url":"https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E" + "refsource": "MLIST", + "name": "[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.", + "url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[commons-issues] 20190925 [GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml", - "url":"https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc@%3Cissues.commons.apache.org%3E" + "refsource": "MLIST", + "name": "[commons-issues] 20190925 [GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml", + "url": "https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc@%3Cissues.commons.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[shiro-dev] 20191001 [jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", - "url":"https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f@%3Cdev.shiro.apache.org%3E" + "refsource": "MLIST", + "name": "[shiro-dev] 20191001 [jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", + "url": "https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f@%3Cdev.shiro.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[shiro-dev] 20191001 [jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix", - "url":"https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48@%3Cdev.shiro.apache.org%3E" + "refsource": "MLIST", + "name": "[shiro-dev] 20191001 [jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix", + "url": "https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48@%3Cdev.shiro.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[shiro-dev] 20191001 [jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", - "url":"https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3@%3Cdev.shiro.apache.org%3E" + "refsource": "MLIST", + "name": "[shiro-dev] 20191001 [jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", + "url": "https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3@%3Cdev.shiro.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[shiro-dev] 20191023 [jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", - "url":"https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6@%3Cdev.shiro.apache.org%3E" + "refsource": "MLIST", + "name": "[shiro-dev] 20191023 [jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", + "url": "https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6@%3Cdev.shiro.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[shiro-dev] 20191105 [jira] [Resolved] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", - "url":"https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa@%3Cdev.shiro.apache.org%3E" + "refsource": "MLIST", + "name": "[shiro-dev] 20191105 [jira] [Resolved] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", + "url": "https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa@%3Cdev.shiro.apache.org%3E" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-bcad44b5d6", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/" + "refsource": "FEDORA", + "name": "FEDORA-2019-bcad44b5d6", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-79b5790566", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/" + "refsource": "FEDORA", + "name": "FEDORA-2019-79b5790566", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:4317", - "url":"https://access.redhat.com/errata/RHSA-2019:4317" + "refsource": "REDHAT", + "name": "RHSA-2019:4317", + "url": "https://access.redhat.com/errata/RHSA-2019:4317" }, { - "refsource":"REDHAT", - "name":"RHSA-2020:0057", - "url":"https://access.redhat.com/errata/RHSA-2020:0057" + "refsource": "REDHAT", + "name": "RHSA-2020:0057", + "url": "https://access.redhat.com/errata/RHSA-2020:0057" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description":{ - "description_data":[ + "description": { + "description_data": [ { - "lang":"eng", - "value":"In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean." + "lang": "eng", + "value": "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean." } ] } diff --git a/2019/10xxx/CVE-2019-10088.json b/2019/10xxx/CVE-2019-10088.json index 67e23979ba8..abcd0975ac9 100644 --- a/2019/10xxx/CVE-2019-10088.json +++ b/2019/10xxx/CVE-2019-10088.json @@ -1,26 +1,25 @@ - { - "data_type":"CVE", - "data_format":"MITRE", - "data_version":"4.0", - "CVE_data_meta":{ - "ID":"CVE-2019-10088", - "ASSIGNER":"security@apache.org", - "STATE":"PUBLIC" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10088", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "vendor_name":"Apache", - "product":{ - "product_data":[ + "vendor_name": "Apache", + "product": { + "product_data": [ { - "product_name":"Apache Tika", - "version":{ - "version_data":[ + "product_name": "Apache Tika", + "version": { + "version_data": [ { - "version_value":"1.7 to 1.21" + "version_value": "1.7 to 1.21" } ] } @@ -31,55 +30,57 @@ ] } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"DoS/OOM" + "lang": "eng", + "value": "DoS/OOM" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"CONFIRM", - "name":"https://lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e1b7e08@%3Cdev.tika.apache.org%3E", - "url":"https://lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e1b7e08@%3Cdev.tika.apache.org%3E" + "refsource": "CONFIRM", + "name": "https://lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e1b7e08@%3Cdev.tika.apache.org%3E", + "url": "https://lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e1b7e08@%3Cdev.tika.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url":"https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E" + "refsource": "MLIST", + "name": "[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url": "https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url":"https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E" + "refsource": "MLIST", + "name": "[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url": "https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url":"https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E" + "refsource": "MLIST", + "name": "[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url": "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190828-0004/", - "url":"https://security.netapp.com/advisory/ntap-20190828-0004/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190828-0004/", + "url": "https://security.netapp.com/advisory/ntap-20190828-0004/" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description":{ - "description_data":[ + "description": { + "description_data": [ { - "lang":"eng", - "value":"A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later." + "lang": "eng", + "value": "A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later." } ] } diff --git a/2019/10xxx/CVE-2019-10092.json b/2019/10xxx/CVE-2019-10092.json index 53853dba144..cc1a9121a36 100644 --- a/2019/10xxx/CVE-2019-10092.json +++ b/2019/10xxx/CVE-2019-10092.json @@ -1,26 +1,25 @@ - { - "data_type":"CVE", - "data_format":"MITRE", - "data_version":"4.0", - "CVE_data_meta":{ - "ID":"CVE-2019-10092", - "ASSIGNER":"security@apache.org", - "STATE":"PUBLIC" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10092", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "vendor_name":"n/a", - "product":{ - "product_data":[ + "vendor_name": "n/a", + "product": { + "product_data": [ { - "product_name":"Apache HTTP Server", - "version":{ - "version_data":[ + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ { - "version_value":"2.4.0 to 2.4.39" + "version_value": "2.4.0 to 2.4.39" } ] } @@ -31,55 +30,57 @@ ] } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Limited cross-site scriptingcross-site scripting in mod_proxy" + "lang": "eng", + "value": "Limited cross-site scriptingcross-site scripting in mod_proxy" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"MISC", - "name":"https://httpd.apache.org/security/vulnerabilities_24.html", - "url":"https://httpd.apache.org/security/vulnerabilities_24.html" + "refsource": "MISC", + "name": "https://httpd.apache.org/security/vulnerabilities_24.html", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20190930 [SECURITY] [DLA 1900-2] apache2 regression update", - "url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1900-2] apache2 regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"BUGTRAQ", - "name":"20191016 [SECURITY] [DSA 4509-3] apache2 security update", - "url":"https://seclists.org/bugtraq/2019/Oct/24" + "refsource": "BUGTRAQ", + "name": "20191016 [SECURITY] [DSA 4509-3] apache2 security update", + "url": "https://seclists.org/bugtraq/2019/Oct/24" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:4126", - "url":"https://access.redhat.com/errata/RHSA-2019:4126" + "refsource": "REDHAT", + "name": "RHSA-2019:4126", + "url": "https://access.redhat.com/errata/RHSA-2019:4126" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description":{ - "description_data":[ + "description": { + "description_data": [ { - "lang":"eng", - "value":"In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed." + "lang": "eng", + "value": "In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed." } ] } diff --git a/2019/10xxx/CVE-2019-10093.json b/2019/10xxx/CVE-2019-10093.json index d7e8780fa3b..25fb08ffbd1 100644 --- a/2019/10xxx/CVE-2019-10093.json +++ b/2019/10xxx/CVE-2019-10093.json @@ -1,26 +1,25 @@ - { - "data_type":"CVE", - "data_format":"MITRE", - "data_version":"4.0", - "CVE_data_meta":{ - "ID":"CVE-2019-10093", - "ASSIGNER":"security@apache.org", - "STATE":"PUBLIC" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10093", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "vendor_name":"Apache", - "product":{ - "product_data":[ + "vendor_name": "Apache", + "product": { + "product_data": [ { - "product_name":"Apache Tika", - "version":{ - "version_data":[ + "product_name": "Apache Tika", + "version": { + "version_data": [ { - "version_value":"1.19 to 1.21" + "version_value": "1.19 to 1.21" } ] } @@ -31,55 +30,57 @@ ] } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"DoS" + "lang": "eng", + "value": "DoS" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"CONFIRM", - "name":"https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21@%3Cdev.tika.apache.org%3E", - "url":"https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21@%3Cdev.tika.apache.org%3E" + "refsource": "CONFIRM", + "name": "https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21@%3Cdev.tika.apache.org%3E", + "url": "https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21@%3Cdev.tika.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url":"https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E" + "refsource": "MLIST", + "name": "[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url": "https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url":"https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E" + "refsource": "MLIST", + "name": "[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url": "https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url":"https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E" + "refsource": "MLIST", + "name": "[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url": "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190828-0004/", - "url":"https://security.netapp.com/advisory/ntap-20190828-0004/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190828-0004/", + "url": "https://security.netapp.com/advisory/ntap-20190828-0004/" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description":{ - "description_data":[ + "description": { + "description_data": [ { - "lang":"eng", - "value":"In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later." + "lang": "eng", + "value": "In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later." } ] } diff --git a/2019/10xxx/CVE-2019-10094.json b/2019/10xxx/CVE-2019-10094.json index b03bd5b2c80..6dea2dd59d5 100644 --- a/2019/10xxx/CVE-2019-10094.json +++ b/2019/10xxx/CVE-2019-10094.json @@ -1,26 +1,25 @@ - { - "data_type":"CVE", - "data_format":"MITRE", - "data_version":"4.0", - "CVE_data_meta":{ - "ID":"CVE-2019-10094", - "ASSIGNER":"security@apache.org", - "STATE":"PUBLIC" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10094", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "vendor_name":"Apache", - "product":{ - "product_data":[ + "vendor_name": "Apache", + "product": { + "product_data": [ { - "product_name":"Apache Tika", - "version":{ - "version_data":[ + "product_name": "Apache Tika", + "version": { + "version_data": [ { - "version_value":"1.7 to 1.21" + "version_value": "1.7 to 1.21" } ] } @@ -31,50 +30,52 @@ ] } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"DoS" + "lang": "eng", + "value": "DoS" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"CONFIRM", - "name":"https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61@%3Cdev.tika.apache.org%3E", - "url":"https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61@%3Cdev.tika.apache.org%3E" + "refsource": "CONFIRM", + "name": "https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61@%3Cdev.tika.apache.org%3E", + "url": "https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61@%3Cdev.tika.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url":"https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E" + "refsource": "MLIST", + "name": "[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url": "https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url":"https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E" + "refsource": "MLIST", + "name": "[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url": "https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url":"https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E" + "refsource": "MLIST", + "name": "[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url": "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description":{ - "description_data":[ + "description": { + "description_data": [ { - "lang":"eng", - "value":"A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later." + "lang": "eng", + "value": "A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later." } ] } diff --git a/2019/10xxx/CVE-2019-10098.json b/2019/10xxx/CVE-2019-10098.json index 195bf77e75f..e87ccdc5748 100644 --- a/2019/10xxx/CVE-2019-10098.json +++ b/2019/10xxx/CVE-2019-10098.json @@ -1,26 +1,25 @@ - { - "data_type":"CVE", - "data_format":"MITRE", - "data_version":"4.0", - "CVE_data_meta":{ - "ID":"CVE-2019-10098", - "ASSIGNER":"security@apache.org", - "STATE":"PUBLIC" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10098", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "vendor_name":"n/a", - "product":{ - "product_data":[ + "vendor_name": "n/a", + "product": { + "product_data": [ { - "product_name":"Apache HTTP Server", - "version":{ - "version_data":[ + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ { - "version_value":"2.4.0 to 2.4.39" + "version_value": "2.4.0 to 2.4.39" } ] } @@ -31,40 +30,42 @@ ] } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"mod_rewrite CWE-601 open redirect" + "lang": "eng", + "value": "mod_rewrite CWE-601 open redirect" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"MISC", - "name":"https://httpd.apache.org/security/vulnerabilities_24.html", - "url":"https://httpd.apache.org/security/vulnerabilities_24.html" + "refsource": "MISC", + "name": "https://httpd.apache.org/security/vulnerabilities_24.html", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description":{ - "description_data":[ + "description": { + "description_data": [ { - "lang":"eng", - "value":"In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL." + "lang": "eng", + "value": "In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL." } ] } diff --git a/2019/10xxx/CVE-2019-10246.json b/2019/10xxx/CVE-2019-10246.json index 53eaace3264..5eb7fc6421b 100644 --- a/2019/10xxx/CVE-2019-10246.json +++ b/2019/10xxx/CVE-2019-10246.json @@ -1,89 +1,90 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"security@eclipse.org", - "ID":"CVE-2019-10246", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "security@eclipse.org", + "ID": "CVE-2019-10246", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"Eclipse Jetty", - "version":{ - "version_data":[ + "product_name": "Eclipse Jetty", + "version": { + "version_data": [ { - "version_affected":"=", - "version_value":"9.2.27" + "version_affected": "=", + "version_value": "9.2.27" }, { - "version_affected":"=", - "version_value":"9.3.26" + "version_affected": "=", + "version_value": "9.3.26" }, { - "version_affected":"=", - "version_value":"9.4.16" + "version_affected": "=", + "version_value": "9.4.16" } ] } } ] }, - "vendor_name":"The Eclipse Foundation" + "vendor_name": "The Eclipse Foundation" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories." + "lang": "eng", + "value": "In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"CWE-213: Intentional Information Exposure" + "lang": "eng", + "value": "CWE-213: Intentional Information Exposure" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576", - "refsource":"CONFIRM", - "url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576" + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576", + "refsource": "CONFIRM", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190509-0003/", - "url":"https://security.netapp.com/advisory/ntap-20190509-0003/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190509-0003/", + "url": "https://security.netapp.com/advisory/ntap-20190509-0003/" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"MLIST", - "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource": "MLIST", + "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/10xxx/CVE-2019-10247.json b/2019/10xxx/CVE-2019-10247.json index b90e5d6447d..0a6dea2036f 100644 --- a/2019/10xxx/CVE-2019-10247.json +++ b/2019/10xxx/CVE-2019-10247.json @@ -1,117 +1,118 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"security@eclipse.org", - "ID":"CVE-2019-10247", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "security@eclipse.org", + "ID": "CVE-2019-10247", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"Eclipse Jetty", - "version":{ - "version_data":[ + "product_name": "Eclipse Jetty", + "version": { + "version_data": [ { - "version_affected":"=", - "version_value":"7.x" + "version_affected": "=", + "version_value": "7.x" }, { - "version_affected":"=", - "version_value":"8.x" + "version_affected": "=", + "version_value": "8.x" }, { - "version_affected":"<=", - "version_value":"9.2.27" + "version_affected": "<=", + "version_value": "9.2.27" }, { - "version_affected":"<=", - "version_value":"9.3.26" + "version_affected": "<=", + "version_value": "9.3.26" }, { - "version_affected":"<=", - "version_value":"9.4.16" + "version_affected": "<=", + "version_value": "9.4.16" } ] } } ] }, - "vendor_name":"The Eclipse Foundation" + "vendor_name": "The Eclipse Foundation" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context." + "lang": "eng", + "value": "In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"CWE-213: Intentional Information Exposure" + "lang": "eng", + "value": "CWE-213: Intentional Information Exposure" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577", - "refsource":"CONFIRM", - "url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577" + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577", + "refsource": "CONFIRM", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190509-0003/", - "url":"https://security.netapp.com/advisory/ntap-20190509-0003/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190509-0003/", + "url": "https://security.netapp.com/advisory/ntap-20190509-0003/" }, { - "refsource":"MLIST", - "name":"[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.", - "url":"https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E" + "refsource": "MLIST", + "name": "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.", + "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", - "url":"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E" + "refsource": "MLIST", + "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", + "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource": "MLIST", + "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/11xxx/CVE-2019-11358.json b/2019/11xxx/CVE-2019-11358.json index cad2d750cd7..7c1fc4e431f 100644 --- a/2019/11xxx/CVE-2019-11358.json +++ b/2019/11xxx/CVE-2019-11358.json @@ -1,305 +1,306 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-11358", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-11358", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype." + "lang": "eng", + "value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"CONFIRM", - "name":"https://www.synology.com/security/advisory/Synology_SA_19_19", - "url":"https://www.synology.com/security/advisory/Synology_SA_19_19" + "refsource": "CONFIRM", + "name": "https://www.synology.com/security/advisory/Synology_SA_19_19", + "url": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { - "url":"https://backdropcms.org/security/backdrop-sa-core-2019-009", - "refsource":"MISC", - "name":"https://backdropcms.org/security/backdrop-sa-core-2019-009" + "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009", + "refsource": "MISC", + "name": "https://backdropcms.org/security/backdrop-sa-core-2019-009" }, { - "url":"https://www.drupal.org/sa-core-2019-006", - "refsource":"MISC", - "name":"https://www.drupal.org/sa-core-2019-006" + "url": "https://www.drupal.org/sa-core-2019-006", + "refsource": "MISC", + "name": "https://www.drupal.org/sa-core-2019-006" }, { - "url":"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", - "refsource":"MISC", - "name":"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" + "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", + "refsource": "MISC", + "name": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { - "url":"https://snyk.io/vuln/SNYK-JS-JQUERY-174006", - "refsource":"MISC", - "name":"https://snyk.io/vuln/SNYK-JS-JQUERY-174006" + "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006" }, { - "url":"https://github.com/jquery/jquery/pull/4333", - "refsource":"MISC", - "name":"https://github.com/jquery/jquery/pull/4333" + "url": "https://github.com/jquery/jquery/pull/4333", + "refsource": "MISC", + "name": "https://github.com/jquery/jquery/pull/4333" }, { - "url":"https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", - "refsource":"MISC", - "name":"https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" + "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", + "refsource": "MISC", + "name": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" }, { - "refsource":"DEBIAN", - "name":"DSA-4434", - "url":"https://www.debian.org/security/2019/dsa-4434" + "refsource": "DEBIAN", + "name": "DSA-4434", + "url": "https://www.debian.org/security/2019/dsa-4434" }, { - "refsource":"BUGTRAQ", - "name":"20190421 [SECURITY] [DSA 4434-1] drupal7 security update", - "url":"https://seclists.org/bugtraq/2019/Apr/32" + "refsource": "BUGTRAQ", + "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update", + "url": "https://seclists.org/bugtraq/2019/Apr/32" }, { - "refsource":"BID", - "name":"108023", - "url":"http://www.securityfocus.com/bid/108023" + "refsource": "BID", + "name": "108023", + "url": "http://www.securityfocus.com/bid/108023" }, { - "refsource":"MLIST", - "name":"[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", - "url":"https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E" + "refsource": "MLIST", + "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", + "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", - "url":"https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E" + "refsource": "MLIST", + "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", + "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", - "url":"https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E" + "refsource": "MLIST", + "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", + "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", - "url":"https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E" + "refsource": "MLIST", + "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", + "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", - "url":"https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E" + "refsource": "MLIST", + "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", + "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-eba8e44ee6", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/" + "refsource": "FEDORA", + "name": "FEDORA-2019-eba8e44ee6", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-1a3edd7e8a", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/" + "refsource": "FEDORA", + "name": "FEDORA-2019-1a3edd7e8a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-7eaf0bbe7c", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/" + "refsource": "FEDORA", + "name": "FEDORA-2019-7eaf0bbe7c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-2a0ce0c58c", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/" + "refsource": "FEDORA", + "name": "FEDORA-2019-2a0ce0c58c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-a06dffab1c", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/" + "refsource": "FEDORA", + "name": "FEDORA-2019-a06dffab1c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-f563e66380", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/" + "refsource": "FEDORA", + "name": "FEDORA-2019-f563e66380", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/" }, { - "refsource":"BUGTRAQ", - "name":"20190509 dotCMS v5.1.1 Vulnerabilities", - "url":"https://seclists.org/bugtraq/2019/May/18" + "refsource": "BUGTRAQ", + "name": "20190509 dotCMS v5.1.1 Vulnerabilities", + "url": "https://seclists.org/bugtraq/2019/May/18" }, { - "refsource":"MISC", - "name":"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", - "url":"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", + "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { - "refsource":"FULLDISC", - "name":"20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", - "url":"http://seclists.org/fulldisclosure/2019/May/11" + "refsource": "FULLDISC", + "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", + "url": "http://seclists.org/fulldisclosure/2019/May/11" }, { - "refsource":"FULLDISC", - "name":"20190510 dotCMS v5.1.1 Vulnerabilities", - "url":"http://seclists.org/fulldisclosure/2019/May/10" + "refsource": "FULLDISC", + "name": "20190510 dotCMS v5.1.1 Vulnerabilities", + "url": "http://seclists.org/fulldisclosure/2019/May/10" }, { - "refsource":"FULLDISC", - "name":"20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", - "url":"http://seclists.org/fulldisclosure/2019/May/13" + "refsource": "FULLDISC", + "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", + "url": "http://seclists.org/fulldisclosure/2019/May/13" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html" }, { - "refsource":"MLIST", - "name":"[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)", - "url":"http://www.openwall.com/lists/oss-security/2019/06/03/2" + "refsource": "MLIST", + "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)", + "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2" }, { - "refsource":"MISC", - "name":"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", - "url":"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", + "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1456", - "url":"https://access.redhat.com/errata/RHSA-2019:1456" + "refsource": "REDHAT", + "name": "RHSA-2019:1456", + "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { - "refsource":"DEBIAN", - "name":"DSA-4460", - "url":"https://www.debian.org/security/2019/dsa-4460" + "refsource": "DEBIAN", + "name": "DSA-4460", + "url": "https://www.debian.org/security/2019/dsa-4460" }, { - "refsource":"BUGTRAQ", - "name":"20190612 [SECURITY] [DSA 4460-1] mediawiki security update", - "url":"https://seclists.org/bugtraq/2019/Jun/12" + "refsource": "BUGTRAQ", + "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update", + "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource":"MISC", - "name":"https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", - "url":"https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/" + "refsource": "MISC", + "name": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", + "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1839", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1839", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" }, { - "refsource":"REDHAT", - "name":"RHBA-2019:1570", - "url":"https://access.redhat.com/errata/RHBA-2019:1570" + "refsource": "REDHAT", + "name": "RHBA-2019:1570", + "url": "https://access.redhat.com/errata/RHBA-2019:1570" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1872", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1872", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" }, { - "refsource":"MLIST", - "name":"[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", - "url":"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E" + "refsource": "MLIST", + "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", + "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2587", - "url":"https://access.redhat.com/errata/RHSA-2019:2587" + "refsource": "REDHAT", + "name": "RHSA-2019:2587", + "url": "https://access.redhat.com/errata/RHSA-2019:2587" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190919-0001/", - "url":"https://security.netapp.com/advisory/ntap-20190919-0001/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190919-0001/", + "url": "https://security.netapp.com/advisory/ntap-20190919-0001/" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3023", - "url":"https://access.redhat.com/errata/RHSA-2019:3023" + "refsource": "REDHAT", + "name": "RHSA-2019:3023", + "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3024", - "url":"https://access.redhat.com/errata/RHSA-2019:3024" + "refsource": "REDHAT", + "name": "RHSA-2019:3024", + "url": "https://access.redhat.com/errata/RHSA-2019:3024" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource": "MLIST", + "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { - "refsource":"CONFIRM", - "name":"https://www.tenable.com/security/tns-2019-08", - "url":"https://www.tenable.com/security/tns-2019-08" + "refsource": "CONFIRM", + "name": "https://www.tenable.com/security/tns-2019-08", + "url": "https://www.tenable.com/security/tns-2019-08" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/11xxx/CVE-2019-11477.json b/2019/11xxx/CVE-2019-11477.json index 58384f03d5a..b9753d54cd4 100644 --- a/2019/11xxx/CVE-2019-11477.json +++ b/2019/11xxx/CVE-2019-11477.json @@ -1,248 +1,249 @@ - { - "CVE_data_meta":{ - "AKA":"SACK Panic", - "ASSIGNER":"security@ubuntu.com", - "DATE_PUBLIC":"2019-06-17T00:00:00.000Z", - "ID":"CVE-2019-11477", - "STATE":"PUBLIC", - "TITLE":"Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs" + "CVE_data_meta": { + "AKA": "SACK Panic", + "ASSIGNER": "security@ubuntu.com", + "DATE_PUBLIC": "2019-06-17T00:00:00.000Z", + "ID": "CVE-2019-11477", + "STATE": "PUBLIC", + "TITLE": "Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"Linux kernel", - "version":{ - "version_data":[ + "product_name": "Linux kernel", + "version": { + "version_data": [ { - "version_affected":"<", - "version_name":"4.4", - "version_value":"4.4.182" + "version_affected": "<", + "version_name": "4.4", + "version_value": "4.4.182" }, { - "version_affected":"<", - "version_name":"4.9", - "version_value":"4.9.182" + "version_affected": "<", + "version_name": "4.9", + "version_value": "4.9.182" }, { - "version_affected":"<", - "version_name":"4.14", - "version_value":"4.14.127" + "version_affected": "<", + "version_name": "4.14", + "version_value": "4.14.127" }, { - "version_affected":"<", - "version_name":"4.19", - "version_value":"4.19.52" + "version_affected": "<", + "version_name": "4.19", + "version_value": "4.19.52" }, { - "version_affected":"<", - "version_name":"5.1", - "version_value":"5.1.11" + "version_affected": "<", + "version_name": "5.1", + "version_value": "5.1.11" } ] } } ] }, - "vendor_name":"Linux" + "vendor_name": "Linux" } ] } }, - "credit":[ + "credit": [ { - "lang":"eng", - "value":"Jonathan Looney from Netflix" + "lang": "eng", + "value": "Jonathan Looney from Netflix" } ], - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff." + "lang": "eng", + "value": "Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff." } ] }, - "generator":{ - "engine":"Vulnogram 0.0.7" + "generator": { + "engine": "Vulnogram 0.0.7" }, - "impact":{ - "cvss":{ - "attackComplexity":"LOW", - "attackVector":"NETWORK", - "availabilityImpact":"HIGH", - "baseScore":7.5, - "baseSeverity":"HIGH", - "confidentialityImpact":"NONE", - "integrityImpact":"NONE", - "privilegesRequired":"NONE", - "scope":"UNCHANGED", - "userInteraction":"NONE", - "vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version":"3.0" + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"CWE-190 Integer Overflow or Wraparound" + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"MISC", - "url":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff", - "name":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff" + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff" }, { - "refsource":"MISC", - "url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", - "name":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" + "refsource": "MISC", + "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", + "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { - "refsource":"MISC", - "url":"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", - "name":"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" + "refsource": "MISC", + "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", + "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { - "refsource":"MISC", - "url":"https://access.redhat.com/security/vulnerabilities/tcpsack", - "name":"https://access.redhat.com/security/vulnerabilities/tcpsack" + "refsource": "MISC", + "url": "https://access.redhat.com/security/vulnerabilities/tcpsack", + "name": "https://access.redhat.com/security/vulnerabilities/tcpsack" }, { - "refsource":"CONFIRM", - "name":"https://support.f5.com/csp/article/K78234183", - "url":"https://support.f5.com/csp/article/K78234183" + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K78234183", + "url": "https://support.f5.com/csp/article/K78234183" }, { - "refsource":"MISC", - "name":"http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", - "url":"http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html" + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", + "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html" }, { - "refsource":"CONFIRM", - "name":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", - "url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" + "refsource": "CONFIRM", + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { - "refsource":"CERT-VN", - "name":"VU#905115", - "url":"https://www.kb.cert.org/vuls/id/905115" + "refsource": "CERT-VN", + "name": "VU#905115", + "url": "https://www.kb.cert.org/vuls/id/905115" }, { - "refsource":"MLIST", - "name":"[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues", - "url":"http://www.openwall.com/lists/oss-security/2019/06/20/3" + "refsource": "MLIST", + "name": "[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues", + "url": "http://www.openwall.com/lists/oss-security/2019/06/20/3" }, { - "refsource":"CONFIRM", - "name":"https://www.synology.com/security/advisory/Synology_SA_19_28", - "url":"https://www.synology.com/security/advisory/Synology_SA_19_28" + "refsource": "CONFIRM", + "name": "https://www.synology.com/security/advisory/Synology_SA_19_28", + "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190625-0001/", - "url":"https://security.netapp.com/advisory/ntap-20190625-0001/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190625-0001/", + "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1594", - "url":"https://access.redhat.com/errata/RHSA-2019:1594" + "refsource": "REDHAT", + "name": "RHSA-2019:1594", + "url": "https://access.redhat.com/errata/RHSA-2019:1594" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1602", - "url":"https://access.redhat.com/errata/RHSA-2019:1602" + "refsource": "REDHAT", + "name": "RHSA-2019:1602", + "url": "https://access.redhat.com/errata/RHSA-2019:1602" }, { - "refsource":"CONFIRM", - "name":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006", - "url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006" + "refsource": "CONFIRM", + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006" }, { - "refsource":"CONFIRM", - "name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10287", - "url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10287" + "refsource": "CONFIRM", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287" }, { - "refsource":"MLIST", - "name":"[oss-security] 20190628 Re: linux-distros membership application - Microsoft", - "url":"http://www.openwall.com/lists/oss-security/2019/06/28/2" + "refsource": "MLIST", + "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", + "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { - "refsource":"CONFIRM", - "name":"http://www.vmware.com/security/advisories/VMSA-2019-0010.html", - "url":"http://www.vmware.com/security/advisories/VMSA-2019-0010.html" + "refsource": "CONFIRM", + "name": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", + "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html" }, { - "refsource":"MLIST", - "name":"[oss-security] 20190706 Re: linux-distros membership application - Microsoft", - "url":"http://www.openwall.com/lists/oss-security/2019/07/06/3" + "refsource": "MLIST", + "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", + "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { - "refsource":"MLIST", - "name":"[oss-security] 20190706 Re: linux-distros membership application - Microsoft", - "url":"http://www.openwall.com/lists/oss-security/2019/07/06/4" + "refsource": "MLIST", + "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", + "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1699", - "url":"https://access.redhat.com/errata/RHSA-2019:1699" + "refsource": "REDHAT", + "name": "RHSA-2019:1699", + "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { - "refsource":"CONFIRM", - "name":"https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", - "url":"https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { - "refsource":"MISC", - "name":"https://www.us-cert.gov/ics/advisories/icsa-19-253-03", - "url":"https://www.us-cert.gov/ics/advisories/icsa-19-253-03" + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { - "refsource":"MISC", - "name":"http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", - "url":"http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", + "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" }, { - "refsource":"MLIST", - "name":"[oss-security] 20191023 Membership application for linux-distros - VMware", - "url":"http://www.openwall.com/lists/oss-security/2019/10/24/1" + "refsource": "MLIST", + "name": "[oss-security] 20191023 Membership application for linux-distros - VMware", + "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1" }, { - "refsource":"MLIST", - "name":"[oss-security] 20191029 Re: Membership application for linux-distros - VMware", - "url":"http://www.openwall.com/lists/oss-security/2019/10/29/3" + "refsource": "MLIST", + "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", + "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" }, { - "refsource":"CONFIRM", - "name":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en", - "url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en" + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source":{ - "advisory":"https://usn.ubuntu.com/4017-1", - "defect":[ + "source": { + "advisory": "https://usn.ubuntu.com/4017-1", + "defect": [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831637" ], - "discovery":"UNKNOWN" + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11478.json b/2019/11xxx/CVE-2019-11478.json index fc83e8bbeab..ce80e5601df 100644 --- a/2019/11xxx/CVE-2019-11478.json +++ b/2019/11xxx/CVE-2019-11478.json @@ -1,247 +1,248 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"security@ubuntu.com", - "DATE_PUBLIC":"2019-06-17T00:00:00.000Z", - "ID":"CVE-2019-11478", - "STATE":"PUBLIC", - "TITLE":"SACK can cause extensive memory use via fragmented resend queue" + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "DATE_PUBLIC": "2019-06-17T00:00:00.000Z", + "ID": "CVE-2019-11478", + "STATE": "PUBLIC", + "TITLE": "SACK can cause extensive memory use via fragmented resend queue" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"Linux kernel", - "version":{ - "version_data":[ + "product_name": "Linux kernel", + "version": { + "version_data": [ { - "version_affected":"<", - "version_name":"4.4", - "version_value":"4.4.182" + "version_affected": "<", + "version_name": "4.4", + "version_value": "4.4.182" }, { - "version_affected":"<", - "version_name":"4.9", - "version_value":"4.9.182" + "version_affected": "<", + "version_name": "4.9", + "version_value": "4.9.182" }, { - "version_affected":"<", - "version_name":"4.14", - "version_value":"4.14.127" + "version_affected": "<", + "version_name": "4.14", + "version_value": "4.14.127" }, { - "version_affected":"<", - "version_name":"4.19", - "version_value":"4.19.52" + "version_affected": "<", + "version_name": "4.19", + "version_value": "4.19.52" }, { - "version_affected":"<", - "version_name":"5.1", - "version_value":"5.1.11" + "version_affected": "<", + "version_name": "5.1", + "version_value": "5.1.11" } ] } } ] }, - "vendor_name":"Linux" + "vendor_name": "Linux" } ] } }, - "credit":[ + "credit": [ { - "lang":"eng", - "value":"Jonathan Looney from Netflix" + "lang": "eng", + "value": "Jonathan Looney from Netflix" } ], - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e." + "lang": "eng", + "value": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e." } ] }, - "generator":{ - "engine":"Vulnogram 0.0.7" + "generator": { + "engine": "Vulnogram 0.0.7" }, - "impact":{ - "cvss":{ - "attackComplexity":"LOW", - "attackVector":"NETWORK", - "availabilityImpact":"LOW", - "baseScore":5.3, - "baseSeverity":"MEDIUM", - "confidentialityImpact":"NONE", - "integrityImpact":"NONE", - "privilegesRequired":"NONE", - "scope":"UNCHANGED", - "userInteraction":"NONE", - "vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "version":"3.0" + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"CWE-770 Allocation of Resources Without Limits or Throttling" + "lang": "eng", + "value": "CWE-770 Allocation of Resources Without Limits or Throttling" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"MISC", - "url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", - "name":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" + "refsource": "MISC", + "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", + "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { - "refsource":"MISC", - "url":"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", - "name":"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" + "refsource": "MISC", + "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", + "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { - "refsource":"MISC", - "url":"https://access.redhat.com/security/vulnerabilities/tcpsack", - "name":"https://access.redhat.com/security/vulnerabilities/tcpsack" + "refsource": "MISC", + "url": "https://access.redhat.com/security/vulnerabilities/tcpsack", + "name": "https://access.redhat.com/security/vulnerabilities/tcpsack" }, { - "refsource":"MISC", - "url":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e", - "name":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e" + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e" }, { - "refsource":"CONFIRM", - "name":"https://support.f5.com/csp/article/K26618426", - "url":"https://support.f5.com/csp/article/K26618426" + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K26618426", + "url": "https://support.f5.com/csp/article/K26618426" }, { - "refsource":"MISC", - "name":"http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", - "url":"http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html" + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", + "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html" }, { - "refsource":"CONFIRM", - "name":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", - "url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" + "refsource": "CONFIRM", + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { - "refsource":"CERT-VN", - "name":"VU#905115", - "url":"https://www.kb.cert.org/vuls/id/905115" + "refsource": "CERT-VN", + "name": "VU#905115", + "url": "https://www.kb.cert.org/vuls/id/905115" }, { - "refsource":"CONFIRM", - "name":"https://www.synology.com/security/advisory/Synology_SA_19_28", - "url":"https://www.synology.com/security/advisory/Synology_SA_19_28" + "refsource": "CONFIRM", + "name": "https://www.synology.com/security/advisory/Synology_SA_19_28", + "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190625-0001/", - "url":"https://security.netapp.com/advisory/ntap-20190625-0001/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190625-0001/", + "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1594", - "url":"https://access.redhat.com/errata/RHSA-2019:1594" + "refsource": "REDHAT", + "name": "RHSA-2019:1594", + "url": "https://access.redhat.com/errata/RHSA-2019:1594" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1602", - "url":"https://access.redhat.com/errata/RHSA-2019:1602" + "refsource": "REDHAT", + "name": "RHSA-2019:1602", + "url": "https://access.redhat.com/errata/RHSA-2019:1602" }, { - "refsource":"CONFIRM", - "name":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007", - "url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007" + "refsource": "CONFIRM", + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007" }, { - "refsource":"CONFIRM", - "name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10287", - "url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10287" + "refsource": "CONFIRM", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287" }, { - "refsource":"MLIST", - "name":"[oss-security] 20190628 Re: linux-distros membership application - Microsoft", - "url":"http://www.openwall.com/lists/oss-security/2019/06/28/2" + "refsource": "MLIST", + "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", + "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { - "refsource":"CONFIRM", - "name":"http://www.vmware.com/security/advisories/VMSA-2019-0010.html", - "url":"http://www.vmware.com/security/advisories/VMSA-2019-0010.html" + "refsource": "CONFIRM", + "name": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", + "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html" }, { - "refsource":"MLIST", - "name":"[oss-security] 20190706 Re: linux-distros membership application - Microsoft", - "url":"http://www.openwall.com/lists/oss-security/2019/07/06/3" + "refsource": "MLIST", + "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", + "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { - "refsource":"MLIST", - "name":"[oss-security] 20190706 Re: linux-distros membership application - Microsoft", - "url":"http://www.openwall.com/lists/oss-security/2019/07/06/4" + "refsource": "MLIST", + "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", + "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1699", - "url":"https://access.redhat.com/errata/RHSA-2019:1699" + "refsource": "REDHAT", + "name": "RHSA-2019:1699", + "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { - "refsource":"BUGTRAQ", - "name":"20190722 [SECURITY] [DSA 4484-1] linux security update", - "url":"https://seclists.org/bugtraq/2019/Jul/30" + "refsource": "BUGTRAQ", + "name": "20190722 [SECURITY] [DSA 4484-1] linux security update", + "url": "https://seclists.org/bugtraq/2019/Jul/30" }, { - "refsource":"MISC", - "name":"http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html", - "url":"http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html" + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html", + "url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html" }, { - "refsource":"CONFIRM", - "name":"https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", - "url":"https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { - "refsource":"MISC", - "name":"https://www.us-cert.gov/ics/advisories/icsa-19-253-03", - "url":"https://www.us-cert.gov/ics/advisories/icsa-19-253-03" + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { - "refsource":"MISC", - "name":"http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", - "url":"http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", + "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" }, { - "refsource":"MLIST", - "name":"[oss-security] 20191023 Membership application for linux-distros - VMware", - "url":"http://www.openwall.com/lists/oss-security/2019/10/24/1" + "refsource": "MLIST", + "name": "[oss-security] 20191023 Membership application for linux-distros - VMware", + "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1" }, { - "refsource":"MLIST", - "name":"[oss-security] 20191029 Re: Membership application for linux-distros - VMware", - "url":"http://www.openwall.com/lists/oss-security/2019/10/29/3" + "refsource": "MLIST", + "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", + "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source":{ - "advisory":"https://usn.ubuntu.com/4017-1", - "defect":[ + "source": { + "advisory": "https://usn.ubuntu.com/4017-1", + "defect": [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831638" ], - "discovery":"UNKNOWN" + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11479.json b/2019/11xxx/CVE-2019-11479.json index 3e0a7414856..2f03e023d9f 100644 --- a/2019/11xxx/CVE-2019-11479.json +++ b/2019/11xxx/CVE-2019-11479.json @@ -1,235 +1,236 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"security@ubuntu.com", - "DATE_PUBLIC":"2019-06-17T00:00:00.000Z", - "ID":"CVE-2019-11479", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "DATE_PUBLIC": "2019-06-17T00:00:00.000Z", + "ID": "CVE-2019-11479", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"Linux kernel", - "version":{ - "version_data":[ + "product_name": "Linux kernel", + "version": { + "version_data": [ { - "version_affected":"<", - "version_name":"4.4", - "version_value":"4.4.182" + "version_affected": "<", + "version_name": "4.4", + "version_value": "4.4.182" }, { - "version_affected":"<", - "version_name":"4.9", - "version_value":"4.9.182" + "version_affected": "<", + "version_name": "4.9", + "version_value": "4.9.182" }, { - "version_affected":"<", - "version_name":"4.14", - "version_value":"4.14.127" + "version_affected": "<", + "version_name": "4.14", + "version_value": "4.14.127" }, { - "version_affected":"<", - "version_name":"4.19", - "version_value":"4.19.52" + "version_affected": "<", + "version_name": "4.19", + "version_value": "4.19.52" }, { - "version_affected":"<", - "version_name":"5.1", - "version_value":"5.1.11" + "version_affected": "<", + "version_name": "5.1", + "version_value": "5.1.11" } ] } } ] }, - "vendor_name":"Linux" + "vendor_name": "Linux" } ] } }, - "credit":[ + "credit": [ { - "lang":"eng", - "value":"Jonathan Looney from Netflix" + "lang": "eng", + "value": "Jonathan Looney from Netflix" } ], - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363." + "lang": "eng", + "value": "Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363." } ] }, - "generator":{ - "engine":"Vulnogram 0.0.7" + "generator": { + "engine": "Vulnogram 0.0.7" }, - "impact":{ - "cvss":{ - "attackComplexity":"LOW", - "attackVector":"NETWORK", - "availabilityImpact":"LOW", - "baseScore":5.3, - "baseSeverity":"MEDIUM", - "confidentialityImpact":"NONE", - "integrityImpact":"NONE", - "privilegesRequired":"NONE", - "scope":"UNCHANGED", - "userInteraction":"NONE", - "vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "version":"3.0" + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"CWE-405 Asymmetric Resource Consumption (Amplification)" + "lang": "eng", + "value": "CWE-405 Asymmetric Resource Consumption (Amplification)" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"MISC", - "url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", - "name":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" + "refsource": "MISC", + "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", + "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { - "refsource":"MISC", - "url":"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", - "name":"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" + "refsource": "MISC", + "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", + "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { - "refsource":"MISC", - "url":"https://access.redhat.com/security/vulnerabilities/tcpsack", - "name":"https://access.redhat.com/security/vulnerabilities/tcpsack" + "refsource": "MISC", + "url": "https://access.redhat.com/security/vulnerabilities/tcpsack", + "name": "https://access.redhat.com/security/vulnerabilities/tcpsack" }, { - "refsource":"MISC", - "url":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363", - "name":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363" + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363" }, { - "refsource":"MISC", - "url":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6", - "name":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6" + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6" }, { - "refsource":"CONFIRM", - "name":"https://support.f5.com/csp/article/K35421172", - "url":"https://support.f5.com/csp/article/K35421172" + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K35421172", + "url": "https://support.f5.com/csp/article/K35421172" }, { - "refsource":"BID", - "name":"108818", - "url":"http://www.securityfocus.com/bid/108818" + "refsource": "BID", + "name": "108818", + "url": "http://www.securityfocus.com/bid/108818" }, { - "refsource":"CONFIRM", - "name":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", - "url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" + "refsource": "CONFIRM", + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { - "refsource":"CERT-VN", - "name":"VU#905115", - "url":"https://www.kb.cert.org/vuls/id/905115" + "refsource": "CERT-VN", + "name": "VU#905115", + "url": "https://www.kb.cert.org/vuls/id/905115" }, { - "refsource":"CONFIRM", - "name":"https://www.synology.com/security/advisory/Synology_SA_19_28", - "url":"https://www.synology.com/security/advisory/Synology_SA_19_28" + "refsource": "CONFIRM", + "name": "https://www.synology.com/security/advisory/Synology_SA_19_28", + "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190625-0001/", - "url":"https://security.netapp.com/advisory/ntap-20190625-0001/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190625-0001/", + "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1594", - "url":"https://access.redhat.com/errata/RHSA-2019:1594" + "refsource": "REDHAT", + "name": "RHSA-2019:1594", + "url": "https://access.redhat.com/errata/RHSA-2019:1594" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1602", - "url":"https://access.redhat.com/errata/RHSA-2019:1602" + "refsource": "REDHAT", + "name": "RHSA-2019:1602", + "url": "https://access.redhat.com/errata/RHSA-2019:1602" }, { - "refsource":"CONFIRM", - "name":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008", - "url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008" + "refsource": "CONFIRM", + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008" }, { - "refsource":"CONFIRM", - "name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10287", - "url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10287" + "refsource": "CONFIRM", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287" }, { - "refsource":"MLIST", - "name":"[oss-security] 20190628 Re: linux-distros membership application - Microsoft", - "url":"http://www.openwall.com/lists/oss-security/2019/06/28/2" + "refsource": "MLIST", + "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", + "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { - "refsource":"UBUNTU", - "name":"USN-4041-2", - "url":"https://usn.ubuntu.com/4041-2/" + "refsource": "UBUNTU", + "name": "USN-4041-2", + "url": "https://usn.ubuntu.com/4041-2/" }, { - "refsource":"MLIST", - "name":"[oss-security] 20190706 Re: linux-distros membership application - Microsoft", - "url":"http://www.openwall.com/lists/oss-security/2019/07/06/3" + "refsource": "MLIST", + "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", + "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { - "refsource":"MLIST", - "name":"[oss-security] 20190706 Re: linux-distros membership application - Microsoft", - "url":"http://www.openwall.com/lists/oss-security/2019/07/06/4" + "refsource": "MLIST", + "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", + "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1699", - "url":"https://access.redhat.com/errata/RHSA-2019:1699" + "refsource": "REDHAT", + "name": "RHSA-2019:1699", + "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { - "refsource":"UBUNTU", - "name":"USN-4041-1", - "url":"https://usn.ubuntu.com/4041-1/" + "refsource": "UBUNTU", + "name": "USN-4041-1", + "url": "https://usn.ubuntu.com/4041-1/" }, { - "refsource":"CONFIRM", - "name":"https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", - "url":"https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { - "refsource":"MISC", - "name":"https://www.us-cert.gov/ics/advisories/icsa-19-253-03", - "url":"https://www.us-cert.gov/ics/advisories/icsa-19-253-03" + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { - "refsource":"CONFIRM", - "name":"https://support.f5.com/csp/article/K35421172?utm_source=f5support&utm_medium=RSS", - "url":"https://support.f5.com/csp/article/K35421172?utm_source=f5support&utm_medium=RSS" + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K35421172?utm_source=f5support&utm_medium=RSS", + "url": "https://support.f5.com/csp/article/K35421172?utm_source=f5support&utm_medium=RSS" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source":{ - "defect":[ + "source": { + "defect": [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1832286" ], - "discovery":"UNKNOWN" + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12086.json b/2019/12xxx/CVE-2019-12086.json index 6d7301e47ed..3541af51ac5 100644 --- a/2019/12xxx/CVE-2019-12086.json +++ b/2019/12xxx/CVE-2019-12086.json @@ -1,220 +1,221 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-12086", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12086", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation." + "lang": "eng", + "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", - "refsource":"MISC", - "name":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" + "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "refsource": "MISC", + "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { - "url":"http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/", - "refsource":"MISC", - "name":"http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/" + "url": "http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/", + "refsource": "MISC", + "name": "http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/" }, { - "url":"https://github.com/FasterXML/jackson-databind/issues/2326", - "refsource":"MISC", - "name":"https://github.com/FasterXML/jackson-databind/issues/2326" + "url": "https://github.com/FasterXML/jackson-databind/issues/2326", + "refsource": "MISC", + "name": "https://github.com/FasterXML/jackson-databind/issues/2326" }, { - "refsource":"CONFIRM", - "name":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9", - "url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9" + "refsource": "CONFIRM", + "name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9", + "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9" }, { - "refsource":"MLIST", - "name":"[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757", - "url":"https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E" + "refsource": "MLIST", + "name": "[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757", + "url": "https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html" }, { - "refsource":"DEBIAN", - "name":"DSA-4452", - "url":"https://www.debian.org/security/2019/dsa-4452" + "refsource": "DEBIAN", + "name": "DSA-4452", + "url": "https://www.debian.org/security/2019/dsa-4452" }, { - "refsource":"BUGTRAQ", - "name":"20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", - "url":"https://seclists.org/bugtraq/2019/May/68" + "refsource": "BUGTRAQ", + "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", + "url": "https://seclists.org/bugtraq/2019/May/68" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190530-0003/", - "url":"https://security.netapp.com/advisory/ntap-20190530-0003/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190530-0003/", + "url": "https://security.netapp.com/advisory/ntap-20190530-0003/" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource":"BID", - "name":"109227", - "url":"http://www.securityfocus.com/bid/109227" + "refsource": "BID", + "name": "109227", + "url": "http://www.securityfocus.com/bid/109227" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-99ff6aa32c", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" + "refsource": "FEDORA", + "name": "FEDORA-2019-99ff6aa32c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" }, { - "refsource":"MLIST", - "name":"[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", - "url":"https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" + "refsource": "MLIST", + "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", + "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-ae6a703b8f", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" + "refsource": "FEDORA", + "name": "FEDORA-2019-ae6a703b8f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-fb23eccc03", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" + "refsource": "FEDORA", + "name": "FEDORA-2019-fb23eccc03", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2858", - "url":"https://access.redhat.com/errata/RHSA-2019:2858" + "refsource": "REDHAT", + "name": "RHSA-2019:2858", + "url": "https://access.redhat.com/errata/RHSA-2019:2858" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2937", - "url":"https://access.redhat.com/errata/RHSA-2019:2937" + "refsource": "REDHAT", + "name": "RHSA-2019:2937", + "url": "https://access.redhat.com/errata/RHSA-2019:2937" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2935", - "url":"https://access.redhat.com/errata/RHSA-2019:2935" + "refsource": "REDHAT", + "name": "RHSA-2019:2935", + "url": "https://access.redhat.com/errata/RHSA-2019:2935" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2936", - "url":"https://access.redhat.com/errata/RHSA-2019:2936" + "refsource": "REDHAT", + "name": "RHSA-2019:2936", + "url": "https://access.redhat.com/errata/RHSA-2019:2936" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2938", - "url":"https://access.redhat.com/errata/RHSA-2019:2938" + "refsource": "REDHAT", + "name": "RHSA-2019:2938", + "url": "https://access.redhat.com/errata/RHSA-2019:2938" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2998", - "url":"https://access.redhat.com/errata/RHSA-2019:2998" + "refsource": "REDHAT", + "name": "RHSA-2019:2998", + "url": "https://access.redhat.com/errata/RHSA-2019:2998" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3044", - "url":"https://access.redhat.com/errata/RHSA-2019:3044" + "refsource": "REDHAT", + "name": "RHSA-2019:3044", + "url": "https://access.redhat.com/errata/RHSA-2019:3044" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3045", - "url":"https://access.redhat.com/errata/RHSA-2019:3045" + "refsource": "REDHAT", + "name": "RHSA-2019:3045", + "url": "https://access.redhat.com/errata/RHSA-2019:3045" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3050", - "url":"https://access.redhat.com/errata/RHSA-2019:3050" + "refsource": "REDHAT", + "name": "RHSA-2019:3050", + "url": "https://access.redhat.com/errata/RHSA-2019:3050" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3046", - "url":"https://access.redhat.com/errata/RHSA-2019:3046" + "refsource": "REDHAT", + "name": "RHSA-2019:3046", + "url": "https://access.redhat.com/errata/RHSA-2019:3046" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3149", - "url":"https://access.redhat.com/errata/RHSA-2019:3149" + "refsource": "REDHAT", + "name": "RHSA-2019:3149", + "url": "https://access.redhat.com/errata/RHSA-2019:3149" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3200", - "url":"https://access.redhat.com/errata/RHSA-2019:3200" + "refsource": "REDHAT", + "name": "RHSA-2019:3200", + "url": "https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource":"MLIST", - "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource": "MLIST", + "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/12xxx/CVE-2019-12384.json b/2019/12xxx/CVE-2019-12384.json index 73c8ac98112..dea2dfbbfc1 100644 --- a/2019/12xxx/CVE-2019-12384.json +++ b/2019/12xxx/CVE-2019-12384.json @@ -1,265 +1,266 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-12384", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12384", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible." + "lang": "eng", + "value": "FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"https://doyensec.com/research.html", - "refsource":"MISC", - "name":"https://doyensec.com/research.html" + "url": "https://doyensec.com/research.html", + "refsource": "MISC", + "name": "https://doyensec.com/research.html" }, { - "url":"https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad", - "refsource":"MISC", - "name":"https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad" + "url": "https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad", + "refsource": "MISC", + "name": "https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html" }, { - "refsource":"CONFIRM", - "name":"https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html", - "url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html" + "refsource": "CONFIRM", + "name": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html", + "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190703-0002/", - "url":"https://security.netapp.com/advisory/ntap-20190703-0002/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190703-0002/", + "url": "https://security.netapp.com/advisory/ntap-20190703-0002/" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1820", - "url":"https://access.redhat.com/errata/RHSA-2019:1820" + "refsource": "REDHAT", + "name": "RHSA-2019:1820", + "url": "https://access.redhat.com/errata/RHSA-2019:1820" }, { - "refsource":"MISC", - "name":"https://blog.doyensec.com/2019/07/22/jackson-gadgets.html", - "url":"https://blog.doyensec.com/2019/07/22/jackson-gadgets.html" + "refsource": "MISC", + "name": "https://blog.doyensec.com/2019/07/22/jackson-gadgets.html", + "url": "https://blog.doyensec.com/2019/07/22/jackson-gadgets.html" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", - "url":"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" + "refsource": "MLIST", + "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", + "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2720", - "url":"https://access.redhat.com/errata/RHSA-2019:2720" + "refsource": "REDHAT", + "name": "RHSA-2019:2720", + "url": "https://access.redhat.com/errata/RHSA-2019:2720" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-99ff6aa32c", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" + "refsource": "FEDORA", + "name": "FEDORA-2019-99ff6aa32c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" }, { - "refsource":"MLIST", - "name":"[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", - "url":"https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" + "refsource": "MLIST", + "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", + "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-ae6a703b8f", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" + "refsource": "FEDORA", + "name": "FEDORA-2019-ae6a703b8f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-fb23eccc03", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" + "refsource": "FEDORA", + "name": "FEDORA-2019-fb23eccc03", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2858", - "url":"https://access.redhat.com/errata/RHSA-2019:2858" + "refsource": "REDHAT", + "name": "RHSA-2019:2858", + "url": "https://access.redhat.com/errata/RHSA-2019:2858" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2937", - "url":"https://access.redhat.com/errata/RHSA-2019:2937" + "refsource": "REDHAT", + "name": "RHSA-2019:2937", + "url": "https://access.redhat.com/errata/RHSA-2019:2937" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2935", - "url":"https://access.redhat.com/errata/RHSA-2019:2935" + "refsource": "REDHAT", + "name": "RHSA-2019:2935", + "url": "https://access.redhat.com/errata/RHSA-2019:2935" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2936", - "url":"https://access.redhat.com/errata/RHSA-2019:2936" + "refsource": "REDHAT", + "name": "RHSA-2019:2936", + "url": "https://access.redhat.com/errata/RHSA-2019:2936" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2938", - "url":"https://access.redhat.com/errata/RHSA-2019:2938" + "refsource": "REDHAT", + "name": "RHSA-2019:2938", + "url": "https://access.redhat.com/errata/RHSA-2019:2938" }, { - "refsource":"DEBIAN", - "name":"DSA-4542", - "url":"https://www.debian.org/security/2019/dsa-4542" + "refsource": "DEBIAN", + "name": "DSA-4542", + "url": "https://www.debian.org/security/2019/dsa-4542" }, { - "refsource":"BUGTRAQ", - "name":"20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", - "url":"https://seclists.org/bugtraq/2019/Oct/6" + "refsource": "BUGTRAQ", + "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", + "url": "https://seclists.org/bugtraq/2019/Oct/6" }, { - "refsource":"MLIST", - "name":"[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix", - "url":"https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E" + "refsource": "MLIST", + "name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix", + "url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2998", - "url":"https://access.redhat.com/errata/RHSA-2019:2998" + "refsource": "REDHAT", + "name": "RHSA-2019:2998", + "url": "https://access.redhat.com/errata/RHSA-2019:2998" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3149", - "url":"https://access.redhat.com/errata/RHSA-2019:3149" + "refsource": "REDHAT", + "name": "RHSA-2019:3149", + "url": "https://access.redhat.com/errata/RHSA-2019:3149" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3200", - "url":"https://access.redhat.com/errata/RHSA-2019:3200" + "refsource": "REDHAT", + "name": "RHSA-2019:3200", + "url": "https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3292", - "url":"https://access.redhat.com/errata/RHSA-2019:3292" + "refsource": "REDHAT", + "name": "RHSA-2019:3292", + "url": "https://access.redhat.com/errata/RHSA-2019:3292" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3297", - "url":"https://access.redhat.com/errata/RHSA-2019:3297" + "refsource": "REDHAT", + "name": "RHSA-2019:3297", + "url": "https://access.redhat.com/errata/RHSA-2019:3297" }, { - "refsource":"MLIST", - "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource": "MLIST", + "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3901", - "url":"https://access.redhat.com/errata/RHSA-2019:3901" + "refsource": "REDHAT", + "name": "RHSA-2019:3901", + "url": "https://access.redhat.com/errata/RHSA-2019:3901" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:4352", - "url":"https://access.redhat.com/errata/RHSA-2019:4352" + "refsource": "REDHAT", + "name": "RHSA-2019:4352", + "url": "https://access.redhat.com/errata/RHSA-2019:4352" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/12xxx/CVE-2019-12406.json b/2019/12xxx/CVE-2019-12406.json index 54352da2e7d..2591325af53 100644 --- a/2019/12xxx/CVE-2019-12406.json +++ b/2019/12xxx/CVE-2019-12406.json @@ -1,26 +1,25 @@ - { - "data_type":"CVE", - "data_format":"MITRE", - "data_version":"4.0", - "CVE_data_meta":{ - "ID":"CVE-2019-12406", - "ASSIGNER":"security@apache.org", - "STATE":"PUBLIC" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12406", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "vendor_name":"n/a", - "product":{ - "product_data":[ + "vendor_name": "n/a", + "product": { + "product_data": [ { - "product_name":"Apache CXF", - "version":{ - "version_data":[ + "product_name": "Apache CXF", + "version": { + "version_data": [ { - "version_value":"Apache CXF versions before 3.3.4 and 3.2.11" + "version_value": "Apache CXF versions before 3.3.4 and 3.2.11" } ] } @@ -31,35 +30,37 @@ ] } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Denial of Service" + "lang": "eng", + "value": "Denial of Service" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"CONFIRM", - "name":"http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.asc", - "url":"http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.asc" + "refsource": "CONFIRM", + "name": "http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.asc", + "url": "http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.asc" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description":{ - "description_data":[ + "description": { + "description_data": [ { - "lang":"eng", - "value":"Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property \"attachment-max-count\"." + "lang": "eng", + "value": "Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property \"attachment-max-count\"." } ] } diff --git a/2019/12xxx/CVE-2019-12415.json b/2019/12xxx/CVE-2019-12415.json index f9bcfd5d065..338c209a3a2 100644 --- a/2019/12xxx/CVE-2019-12415.json +++ b/2019/12xxx/CVE-2019-12415.json @@ -1,26 +1,25 @@ - { - "data_type":"CVE", - "data_format":"MITRE", - "data_version":"4.0", - "CVE_data_meta":{ - "ID":"CVE-2019-12415", - "ASSIGNER":"security@apache.org", - "STATE":"PUBLIC" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12415", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "vendor_name":"n/a", - "product":{ - "product_data":[ + "vendor_name": "n/a", + "product": { + "product_data": [ { - "product_name":"Apache POI", - "version":{ - "version_data":[ + "product_name": "Apache POI", + "version": { + "version_data": [ { - "version_value":"Apache POI up to 4.1.0" + "version_value": "Apache POI up to 4.1.0" } ] } @@ -31,50 +30,52 @@ ] } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Information Disclosure" + "lang": "eng", + "value": "Information Disclosure" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"MISC", - "name":"https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@%3Cannounce.apache.org%3E", - "url":"https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@%3Cannounce.apache.org%3E" + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@%3Cannounce.apache.org%3E", + "url": "https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@%3Cannounce.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tika-user] 20191105 Is tika-parsers exposed to CVE-2019-12415", - "url":"https://lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c@%3Cuser.tika.apache.org%3E" + "refsource": "MLIST", + "name": "[tika-user] 20191105 Is tika-parsers exposed to CVE-2019-12415", + "url": "https://lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c@%3Cuser.tika.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tika-user] 20191105 Re: Is tika-parsers exposed to CVE-2019-12415", - "url":"https://lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007@%3Cuser.tika.apache.org%3E" + "refsource": "MLIST", + "name": "[tika-user] 20191105 Re: Is tika-parsers exposed to CVE-2019-12415", + "url": "https://lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007@%3Cuser.tika.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tika-user] 20191106 Re: Is tika-parsers exposed to CVE-2019-12415", - "url":"https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c@%3Cuser.tika.apache.org%3E" + "refsource": "MLIST", + "name": "[tika-user] 20191106 Re: Is tika-parsers exposed to CVE-2019-12415", + "url": "https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c@%3Cuser.tika.apache.org%3E" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description":{ - "description_data":[ + "description": { + "description_data": [ { - "lang":"eng", - "value":"In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing." + "lang": "eng", + "value": "In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing." } ] } diff --git a/2019/12xxx/CVE-2019-12419.json b/2019/12xxx/CVE-2019-12419.json index 83539ad99e0..63677dd2ab5 100644 --- a/2019/12xxx/CVE-2019-12419.json +++ b/2019/12xxx/CVE-2019-12419.json @@ -1,26 +1,25 @@ - { - "data_type":"CVE", - "data_format":"MITRE", - "data_version":"4.0", - "CVE_data_meta":{ - "ID":"CVE-2019-12419", - "ASSIGNER":"security@apache.org", - "STATE":"PUBLIC" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12419", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "vendor_name":"Apache", - "product":{ - "product_data":[ + "vendor_name": "Apache", + "product": { + "product_data": [ { - "product_name":"Apache CXF", - "version":{ - "version_data":[ + "product_name": "Apache CXF", + "version": { + "version_data": [ { - "version_value":"versions before 3.3.4 and 3.2.11" + "version_value": "versions before 3.3.4 and 3.2.11" } ] } @@ -31,35 +30,37 @@ ] } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Apache CXF OpenId Connect token service does not properly validate the clientId" + "lang": "eng", + "value": "Apache CXF OpenId Connect token service does not properly validate the clientId" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"CONFIRM", - "name":"http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc", - "url":"http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc" + "refsource": "CONFIRM", + "name": "http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc", + "url": "http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description":{ - "description_data":[ + "description": { + "description_data": [ { - "lang":"eng", - "value":"Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client." + "lang": "eng", + "value": "Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client." } ] } diff --git a/2019/12xxx/CVE-2019-12814.json b/2019/12xxx/CVE-2019-12814.json index f8615ae7a61..329eef4869d 100644 --- a/2019/12xxx/CVE-2019-12814.json +++ b/2019/12xxx/CVE-2019-12814.json @@ -1,315 +1,316 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-12814", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12814", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server." + "lang": "eng", + "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"CONFIRM", - "name":"https://github.com/FasterXML/jackson-databind/issues/2341", - "url":"https://github.com/FasterXML/jackson-databind/issues/2341" + "refsource": "CONFIRM", + "name": "https://github.com/FasterXML/jackson-databind/issues/2341", + "url": "https://github.com/FasterXML/jackson-databind/issues/2341" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html" }, { - "refsource":"MLIST", - "name":"[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url":"https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0@%3Cnotifications.zookeeper.apache.org%3E" + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0@%3Cnotifications.zookeeper.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url":"https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957@%3Cissues.zookeeper.apache.org%3E" + "refsource": "MLIST", + "name": "[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957@%3Cissues.zookeeper.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url":"https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1@%3Cissues.zookeeper.apache.org%3E" + "refsource": "MLIST", + "name": "[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1@%3Cissues.zookeeper.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url":"https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731@%3Cdev.zookeeper.apache.org%3E" + "refsource": "MLIST", + "name": "[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731@%3Cdev.zookeeper.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url":"https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324@%3Cnotifications.zookeeper.apache.org%3E" + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324@%3Cnotifications.zookeeper.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url":"https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682@%3Cnotifications.zookeeper.apache.org%3E" + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682@%3Cnotifications.zookeeper.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url":"https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4@%3Cnotifications.zookeeper.apache.org%3E" + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4@%3Cnotifications.zookeeper.apache.org%3E" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190625-0006/", - "url":"https://security.netapp.com/advisory/ntap-20190625-0006/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190625-0006/", + "url": "https://security.netapp.com/advisory/ntap-20190625-0006/" }, { - "refsource":"MLIST", - "name":"[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url":"https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f@%3Cissues.zookeeper.apache.org%3E" + "refsource": "MLIST", + "name": "[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f@%3Cissues.zookeeper.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url":"https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2@%3Cnotifications.zookeeper.apache.org%3E" + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2@%3Cnotifications.zookeeper.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url":"https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E" + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url":"https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3@%3Cissues.zookeeper.apache.org%3E" + "refsource": "MLIST", + "name": "[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3@%3Cissues.zookeeper.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url":"https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c@%3Cissues.zookeeper.apache.org%3E" + "refsource": "MLIST", + "name": "[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c@%3Cissues.zookeeper.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url":"https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560@%3Cissues.zookeeper.apache.org%3E" + "refsource": "MLIST", + "name": "[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560@%3Cissues.zookeeper.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url":"https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209@%3Cissues.zookeeper.apache.org%3E" + "refsource": "MLIST", + "name": "[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209@%3Cissues.zookeeper.apache.org%3E" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource":"MLIST", - "name":"[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1", - "url":"https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd@%3Ccommits.accumulo.apache.org%3E" + "refsource": "MLIST", + "name": "[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1", + "url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd@%3Ccommits.accumulo.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", - "url":"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" + "refsource": "MLIST", + "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", + "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-99ff6aa32c", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" + "refsource": "FEDORA", + "name": "FEDORA-2019-99ff6aa32c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" }, { - "refsource":"MLIST", - "name":"[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", - "url":"https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" + "refsource": "MLIST", + "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", + "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-ae6a703b8f", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" + "refsource": "FEDORA", + "name": "FEDORA-2019-ae6a703b8f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-fb23eccc03", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" + "refsource": "FEDORA", + "name": "FEDORA-2019-fb23eccc03", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2858", - "url":"https://access.redhat.com/errata/RHSA-2019:2858" + "refsource": "REDHAT", + "name": "RHSA-2019:2858", + "url": "https://access.redhat.com/errata/RHSA-2019:2858" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2937", - "url":"https://access.redhat.com/errata/RHSA-2019:2937" + "refsource": "REDHAT", + "name": "RHSA-2019:2937", + "url": "https://access.redhat.com/errata/RHSA-2019:2937" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2935", - "url":"https://access.redhat.com/errata/RHSA-2019:2935" + "refsource": "REDHAT", + "name": "RHSA-2019:2935", + "url": "https://access.redhat.com/errata/RHSA-2019:2935" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2936", - "url":"https://access.redhat.com/errata/RHSA-2019:2936" + "refsource": "REDHAT", + "name": "RHSA-2019:2936", + "url": "https://access.redhat.com/errata/RHSA-2019:2936" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2938", - "url":"https://access.redhat.com/errata/RHSA-2019:2938" + "refsource": "REDHAT", + "name": "RHSA-2019:2938", + "url": "https://access.redhat.com/errata/RHSA-2019:2938" }, { - "refsource":"MLIST", - "name":"[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix", - "url":"https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E" + "refsource": "MLIST", + "name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix", + "url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3044", - "url":"https://access.redhat.com/errata/RHSA-2019:3044" + "refsource": "REDHAT", + "name": "RHSA-2019:3044", + "url": "https://access.redhat.com/errata/RHSA-2019:3044" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3045", - "url":"https://access.redhat.com/errata/RHSA-2019:3045" + "refsource": "REDHAT", + "name": "RHSA-2019:3045", + "url": "https://access.redhat.com/errata/RHSA-2019:3045" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3050", - "url":"https://access.redhat.com/errata/RHSA-2019:3050" + "refsource": "REDHAT", + "name": "RHSA-2019:3050", + "url": "https://access.redhat.com/errata/RHSA-2019:3050" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3046", - "url":"https://access.redhat.com/errata/RHSA-2019:3046" + "refsource": "REDHAT", + "name": "RHSA-2019:3046", + "url": "https://access.redhat.com/errata/RHSA-2019:3046" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3149", - "url":"https://access.redhat.com/errata/RHSA-2019:3149" + "refsource": "REDHAT", + "name": "RHSA-2019:3149", + "url": "https://access.redhat.com/errata/RHSA-2019:3149" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3200", - "url":"https://access.redhat.com/errata/RHSA-2019:3200" + "refsource": "REDHAT", + "name": "RHSA-2019:3200", + "url": "https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3292", - "url":"https://access.redhat.com/errata/RHSA-2019:3292" + "refsource": "REDHAT", + "name": "RHSA-2019:3292", + "url": "https://access.redhat.com/errata/RHSA-2019:3292" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3297", - "url":"https://access.redhat.com/errata/RHSA-2019:3297" + "refsource": "REDHAT", + "name": "RHSA-2019:3297", + "url": "https://access.redhat.com/errata/RHSA-2019:3297" }, { - "refsource":"MLIST", - "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource": "MLIST", + "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/13xxx/CVE-2019-13117.json b/2019/13xxx/CVE-2019-13117.json index 811b5747507..a384ae250ef 100644 --- a/2019/13xxx/CVE-2019-13117.json +++ b/2019/13xxx/CVE-2019-13117.json @@ -1,100 +1,101 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-13117", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13117", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character." + "lang": "eng", + "value": "In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1", - "refsource":"MISC", - "name":"https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1" + "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1", + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1" }, { - "url":"https://oss-fuzz.com/testcase-detail/5631739747106816", - "refsource":"MISC", - "name":"https://oss-fuzz.com/testcase-detail/5631739747106816" + "url": "https://oss-fuzz.com/testcase-detail/5631739747106816", + "refsource": "MISC", + "name": "https://oss-fuzz.com/testcase-detail/5631739747106816" }, { - "url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471", - "refsource":"MISC", - "name":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471" + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471", + "refsource": "MISC", + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190806-0004/", - "url":"https://security.netapp.com/advisory/ntap-20190806-0004/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190806-0004/", + "url": "https://security.netapp.com/advisory/ntap-20190806-0004/" }, { - "refsource":"UBUNTU", - "name":"USN-4164-1", - "url":"https://usn.ubuntu.com/4164-1/" + "refsource": "UBUNTU", + "name": "USN-4164-1", + "url": "https://usn.ubuntu.com/4164-1/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-fdf6ec39b4", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/" + "refsource": "FEDORA", + "name": "FEDORA-2019-fdf6ec39b4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/" }, { - "refsource":"MLIST", - "name":"[oss-security] 20191117 Nokogiri security update v1.10.5", - "url":"http://www.openwall.com/lists/oss-security/2019/11/17/2" + "refsource": "MLIST", + "name": "[oss-security] 20191117 Nokogiri security update v1.10.5", + "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/13xxx/CVE-2019-13118.json b/2019/13xxx/CVE-2019-13118.json index b7899589470..dc0e75a7493 100644 --- a/2019/13xxx/CVE-2019-13118.json +++ b/2019/13xxx/CVE-2019-13118.json @@ -1,240 +1,241 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-13118", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13118", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data." + "lang": "eng", + "value": "In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b", - "refsource":"MISC", - "name":"https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b" + "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b", + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b" }, { - "url":"https://oss-fuzz.com/testcase-detail/5197371471822848", - "refsource":"MISC", - "name":"https://oss-fuzz.com/testcase-detail/5197371471822848" + "url": "https://oss-fuzz.com/testcase-detail/5197371471822848", + "refsource": "MISC", + "name": "https://oss-fuzz.com/testcase-detail/5197371471822848" }, { - "url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069", - "refsource":"MISC", - "name":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069" + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069", + "refsource": "MISC", + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069" }, { - "refsource":"CONFIRM", - "name":"https://support.apple.com/kb/HT210348", - "url":"https://support.apple.com/kb/HT210348" + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT210348", + "url": "https://support.apple.com/kb/HT210348" }, { - "refsource":"CONFIRM", - "name":"https://support.apple.com/kb/HT210353", - "url":"https://support.apple.com/kb/HT210353" + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT210353", + "url": "https://support.apple.com/kb/HT210353" }, { - "refsource":"CONFIRM", - "name":"https://support.apple.com/kb/HT210351", - "url":"https://support.apple.com/kb/HT210351" + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT210351", + "url": "https://support.apple.com/kb/HT210351" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html" }, { - "refsource":"CONFIRM", - "name":"https://support.apple.com/kb/HT210346", - "url":"https://support.apple.com/kb/HT210346" + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT210346", + "url": "https://support.apple.com/kb/HT210346" }, { - "refsource":"BUGTRAQ", - "name":"20190723 APPLE-SA-2019-7-22-1 iOS 12.4", - "url":"https://seclists.org/bugtraq/2019/Jul/35" + "refsource": "BUGTRAQ", + "name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4", + "url": "https://seclists.org/bugtraq/2019/Jul/35" }, { - "refsource":"BUGTRAQ", - "name":"20190723 APPLE-SA-2019-7-22-5 tvOS 12.4", - "url":"https://seclists.org/bugtraq/2019/Jul/37" + "refsource": "BUGTRAQ", + "name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4", + "url": "https://seclists.org/bugtraq/2019/Jul/37" }, { - "refsource":"BUGTRAQ", - "name":"20190723 APPLE-SA-2019-7-22-4 watchOS 5.3", - "url":"https://seclists.org/bugtraq/2019/Jul/36" + "refsource": "BUGTRAQ", + "name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3", + "url": "https://seclists.org/bugtraq/2019/Jul/36" }, { - "refsource":"FULLDISC", - "name":"20190723 APPLE-SA-2019-7-22-4 watchOS 5.3", - "url":"http://seclists.org/fulldisclosure/2019/Jul/24" + "refsource": "FULLDISC", + "name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3", + "url": "http://seclists.org/fulldisclosure/2019/Jul/24" }, { - "refsource":"FULLDISC", - "name":"20190723 APPLE-SA-2019-7-22-1 iOS 12.4", - "url":"http://seclists.org/fulldisclosure/2019/Jul/23" + "refsource": "FULLDISC", + "name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4", + "url": "http://seclists.org/fulldisclosure/2019/Jul/23" }, { - "refsource":"FULLDISC", - "name":"20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", - "url":"http://seclists.org/fulldisclosure/2019/Jul/22" + "refsource": "FULLDISC", + "name": "20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", + "url": "http://seclists.org/fulldisclosure/2019/Jul/22" }, { - "refsource":"FULLDISC", - "name":"20190723 APPLE-SA-2019-7-22-5 tvOS 12.4", - "url":"http://seclists.org/fulldisclosure/2019/Jul/26" + "refsource": "FULLDISC", + "name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4", + "url": "http://seclists.org/fulldisclosure/2019/Jul/26" }, { - "refsource":"CONFIRM", - "name":"https://support.apple.com/kb/HT210356", - "url":"https://support.apple.com/kb/HT210356" + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT210356", + "url": "https://support.apple.com/kb/HT210356" }, { - "refsource":"CONFIRM", - "name":"https://support.apple.com/kb/HT210357", - "url":"https://support.apple.com/kb/HT210357" + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT210357", + "url": "https://support.apple.com/kb/HT210357" }, { - "refsource":"CONFIRM", - "name":"https://support.apple.com/kb/HT210358", - "url":"https://support.apple.com/kb/HT210358" + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT210358", + "url": "https://support.apple.com/kb/HT210358" }, { - "refsource":"BUGTRAQ", - "name":"20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6", - "url":"https://seclists.org/bugtraq/2019/Jul/42" + "refsource": "BUGTRAQ", + "name": "20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6", + "url": "https://seclists.org/bugtraq/2019/Jul/42" }, { - "refsource":"BUGTRAQ", - "name":"20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6", - "url":"https://seclists.org/bugtraq/2019/Jul/40" + "refsource": "BUGTRAQ", + "name": "20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6", + "url": "https://seclists.org/bugtraq/2019/Jul/40" }, { - "refsource":"BUGTRAQ", - "name":"20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13", - "url":"https://seclists.org/bugtraq/2019/Jul/41" + "refsource": "BUGTRAQ", + "name": "20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13", + "url": "https://seclists.org/bugtraq/2019/Jul/41" }, { - "refsource":"FULLDISC", - "name":"20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6", - "url":"http://seclists.org/fulldisclosure/2019/Jul/31" + "refsource": "FULLDISC", + "name": "20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6", + "url": "http://seclists.org/fulldisclosure/2019/Jul/31" }, { - "refsource":"FULLDISC", - "name":"20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13", - "url":"http://seclists.org/fulldisclosure/2019/Jul/37" + "refsource": "FULLDISC", + "name": "20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13", + "url": "http://seclists.org/fulldisclosure/2019/Jul/37" }, { - "refsource":"FULLDISC", - "name":"20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6", - "url":"http://seclists.org/fulldisclosure/2019/Jul/38" + "refsource": "FULLDISC", + "name": "20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6", + "url": "http://seclists.org/fulldisclosure/2019/Jul/38" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190806-0004/", - "url":"https://security.netapp.com/advisory/ntap-20190806-0004/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190806-0004/", + "url": "https://security.netapp.com/advisory/ntap-20190806-0004/" }, { - "refsource":"BUGTRAQ", - "name":"20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4", - "url":"https://seclists.org/bugtraq/2019/Aug/25" + "refsource": "BUGTRAQ", + "name": "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4", + "url": "https://seclists.org/bugtraq/2019/Aug/25" }, { - "refsource":"BUGTRAQ", - "name":"20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3", - "url":"https://seclists.org/bugtraq/2019/Aug/22" + "refsource": "BUGTRAQ", + "name": "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3", + "url": "https://seclists.org/bugtraq/2019/Aug/22" }, { - "refsource":"BUGTRAQ", - "name":"20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4", - "url":"https://seclists.org/bugtraq/2019/Aug/23" + "refsource": "BUGTRAQ", + "name": "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4", + "url": "https://seclists.org/bugtraq/2019/Aug/23" }, { - "refsource":"BUGTRAQ", - "name":"20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", - "url":"https://seclists.org/bugtraq/2019/Aug/21" + "refsource": "BUGTRAQ", + "name": "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", + "url": "https://seclists.org/bugtraq/2019/Aug/21" }, { - "refsource":"FULLDISC", - "name":"20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3", - "url":"http://seclists.org/fulldisclosure/2019/Aug/14" + "refsource": "FULLDISC", + "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3", + "url": "http://seclists.org/fulldisclosure/2019/Aug/14" }, { - "refsource":"FULLDISC", - "name":"20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", - "url":"http://seclists.org/fulldisclosure/2019/Aug/11" + "refsource": "FULLDISC", + "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", + "url": "http://seclists.org/fulldisclosure/2019/Aug/11" }, { - "refsource":"FULLDISC", - "name":"20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4", - "url":"http://seclists.org/fulldisclosure/2019/Aug/13" + "refsource": "FULLDISC", + "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4", + "url": "http://seclists.org/fulldisclosure/2019/Aug/13" }, { - "refsource":"FULLDISC", - "name":"20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4", - "url":"http://seclists.org/fulldisclosure/2019/Aug/15" + "refsource": "FULLDISC", + "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4", + "url": "http://seclists.org/fulldisclosure/2019/Aug/15" }, { - "refsource":"UBUNTU", - "name":"USN-4164-1", - "url":"https://usn.ubuntu.com/4164-1/" + "refsource": "UBUNTU", + "name": "USN-4164-1", + "url": "https://usn.ubuntu.com/4164-1/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-fdf6ec39b4", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/" + "refsource": "FEDORA", + "name": "FEDORA-2019-fdf6ec39b4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/" }, { - "refsource":"MLIST", - "name":"[oss-security] 20191117 Nokogiri security update v1.10.5", - "url":"http://www.openwall.com/lists/oss-security/2019/11/17/2" + "refsource": "MLIST", + "name": "[oss-security] 20191117 Nokogiri security update v1.10.5", + "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/14xxx/CVE-2019-14379.json b/2019/14xxx/CVE-2019-14379.json index ddf0e5ed88c..de864261744 100644 --- a/2019/14xxx/CVE-2019-14379.json +++ b/2019/14xxx/CVE-2019-14379.json @@ -1,305 +1,306 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-14379", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14379", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution." + "lang": "eng", + "value": "SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"https://github.com/FasterXML/jackson-databind/issues/2387", - "refsource":"MISC", - "name":"https://github.com/FasterXML/jackson-databind/issues/2387" + "url": "https://github.com/FasterXML/jackson-databind/issues/2387", + "refsource": "MISC", + "name": "https://github.com/FasterXML/jackson-databind/issues/2387" }, { - "url":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2", - "refsource":"MISC", - "name":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2" + "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2", + "refsource": "MISC", + "name": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html" }, { - "refsource":"MLIST", - "name":"[ambari-commits] 20190813 [ambari] branch branch-2.7 updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379 (#3066)", - "url":"https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f@%3Ccommits.ambari.apache.org%3E" + "refsource": "MLIST", + "name": "[ambari-commits] 20190813 [ambari] branch branch-2.7 updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379 (#3066)", + "url": "https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f@%3Ccommits.ambari.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[ambari-commits] 20190813 [ambari] branch trunk updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379(trunk) (#3067)", - "url":"https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a@%3Ccommits.ambari.apache.org%3E" + "refsource": "MLIST", + "name": "[ambari-commits] 20190813 [ambari] branch trunk updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379(trunk) (#3067)", + "url": "https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a@%3Ccommits.ambari.apache.org%3E" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190814-0001/", - "url":"https://security.netapp.com/advisory/ntap-20190814-0001/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190814-0001/", + "url": "https://security.netapp.com/advisory/ntap-20190814-0001/" }, { - "refsource":"MLIST", - "name":"[pulsar-commits] 20190822 [GitHub] [pulsar] massakam opened a new pull request #5011: [security] Upgrade jackson-databind", - "url":"https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb@%3Ccommits.pulsar.apache.org%3E" + "refsource": "MLIST", + "name": "[pulsar-commits] 20190822 [GitHub] [pulsar] massakam opened a new pull request #5011: [security] Upgrade jackson-databind", + "url": "https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb@%3Ccommits.pulsar.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", - "url":"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" + "refsource": "MLIST", + "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", + "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2743", - "url":"https://access.redhat.com/errata/RHSA-2019:2743" + "refsource": "REDHAT", + "name": "RHSA-2019:2743", + "url": "https://access.redhat.com/errata/RHSA-2019:2743" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-99ff6aa32c", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" + "refsource": "FEDORA", + "name": "FEDORA-2019-99ff6aa32c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-ae6a703b8f", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" + "refsource": "FEDORA", + "name": "FEDORA-2019-ae6a703b8f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-fb23eccc03", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" + "refsource": "FEDORA", + "name": "FEDORA-2019-fb23eccc03", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" }, { - "refsource":"MLIST", - "name":"[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues", - "url":"https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E" + "refsource": "MLIST", + "name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues", + "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2858", - "url":"https://access.redhat.com/errata/RHSA-2019:2858" + "refsource": "REDHAT", + "name": "RHSA-2019:2858", + "url": "https://access.redhat.com/errata/RHSA-2019:2858" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2937", - "url":"https://access.redhat.com/errata/RHSA-2019:2937" + "refsource": "REDHAT", + "name": "RHSA-2019:2937", + "url": "https://access.redhat.com/errata/RHSA-2019:2937" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2935", - "url":"https://access.redhat.com/errata/RHSA-2019:2935" + "refsource": "REDHAT", + "name": "RHSA-2019:2935", + "url": "https://access.redhat.com/errata/RHSA-2019:2935" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2936", - "url":"https://access.redhat.com/errata/RHSA-2019:2936" + "refsource": "REDHAT", + "name": "RHSA-2019:2936", + "url": "https://access.redhat.com/errata/RHSA-2019:2936" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2938", - "url":"https://access.redhat.com/errata/RHSA-2019:2938" + "refsource": "REDHAT", + "name": "RHSA-2019:2938", + "url": "https://access.redhat.com/errata/RHSA-2019:2938" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2998", - "url":"https://access.redhat.com/errata/RHSA-2019:2998" + "refsource": "REDHAT", + "name": "RHSA-2019:2998", + "url": "https://access.redhat.com/errata/RHSA-2019:2998" }, { - "refsource":"MLIST", - "name":"[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue opened a new pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379", - "url":"https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f@%3Cissues.iceberg.apache.org%3E" + "refsource": "MLIST", + "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue opened a new pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379", + "url": "https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f@%3Cissues.iceberg.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah opened a new pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379", - "url":"https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d@%3Cissues.iceberg.apache.org%3E" + "refsource": "MLIST", + "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah opened a new pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379", + "url": "https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d@%3Cissues.iceberg.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", - "url":"https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815@%3Cissues.iceberg.apache.org%3E" + "refsource": "MLIST", + "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", + "url": "https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815@%3Cissues.iceberg.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", - "url":"https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf@%3Cissues.iceberg.apache.org%3E" + "refsource": "MLIST", + "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", + "url": "https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf@%3Cissues.iceberg.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue closed pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379", - "url":"https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17@%3Cissues.iceberg.apache.org%3E" + "refsource": "MLIST", + "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue closed pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379", + "url": "https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17@%3Cissues.iceberg.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue merged pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379", - "url":"https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54@%3Cissues.iceberg.apache.org%3E" + "refsource": "MLIST", + "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue merged pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379", + "url": "https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54@%3Cissues.iceberg.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #533: Update Jackson to 2.9.10 for CVE-2019-14379", - "url":"https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d@%3Cissues.iceberg.apache.org%3E" + "refsource": "MLIST", + "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #533: Update Jackson to 2.9.10 for CVE-2019-14379", + "url": "https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d@%3Cissues.iceberg.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHBA-2019:2824", - "url":"https://access.redhat.com/errata/RHBA-2019:2824" + "refsource": "REDHAT", + "name": "RHBA-2019:2824", + "url": "https://access.redhat.com/errata/RHBA-2019:2824" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3044", - "url":"https://access.redhat.com/errata/RHSA-2019:3044" + "refsource": "REDHAT", + "name": "RHSA-2019:3044", + "url": "https://access.redhat.com/errata/RHSA-2019:3044" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3045", - "url":"https://access.redhat.com/errata/RHSA-2019:3045" + "refsource": "REDHAT", + "name": "RHSA-2019:3045", + "url": "https://access.redhat.com/errata/RHSA-2019:3045" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3050", - "url":"https://access.redhat.com/errata/RHSA-2019:3050" + "refsource": "REDHAT", + "name": "RHSA-2019:3050", + "url": "https://access.redhat.com/errata/RHSA-2019:3050" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3046", - "url":"https://access.redhat.com/errata/RHSA-2019:3046" + "refsource": "REDHAT", + "name": "RHSA-2019:3046", + "url": "https://access.redhat.com/errata/RHSA-2019:3046" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3149", - "url":"https://access.redhat.com/errata/RHSA-2019:3149" + "refsource": "REDHAT", + "name": "RHSA-2019:3149", + "url": "https://access.redhat.com/errata/RHSA-2019:3149" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3200", - "url":"https://access.redhat.com/errata/RHSA-2019:3200" + "refsource": "REDHAT", + "name": "RHSA-2019:3200", + "url": "https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource":"MLIST", - "name":"[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", - "url":"https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E" + "refsource": "MLIST", + "name": "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", + "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3292", - "url":"https://access.redhat.com/errata/RHSA-2019:3292" + "refsource": "REDHAT", + "name": "RHSA-2019:3292", + "url": "https://access.redhat.com/errata/RHSA-2019:3292" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3297", - "url":"https://access.redhat.com/errata/RHSA-2019:3297" + "refsource": "REDHAT", + "name": "RHSA-2019:3297", + "url": "https://access.redhat.com/errata/RHSA-2019:3297" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3901", - "url":"https://access.redhat.com/errata/RHSA-2019:3901" + "refsource": "REDHAT", + "name": "RHSA-2019:3901", + "url": "https://access.redhat.com/errata/RHSA-2019:3901" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/14xxx/CVE-2019-14439.json b/2019/14xxx/CVE-2019-14439.json index 5e18ba0583f..e9aeac4d840 100644 --- a/2019/14xxx/CVE-2019-14439.json +++ b/2019/14xxx/CVE-2019-14439.json @@ -1,185 +1,186 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-14439", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14439", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath." + "lang": "eng", + "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2", - "refsource":"MISC", - "name":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2" + "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2", + "refsource": "MISC", + "name": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2" }, { - "url":"https://github.com/FasterXML/jackson-databind/issues/2389", - "refsource":"MISC", - "name":"https://github.com/FasterXML/jackson-databind/issues/2389" + "url": "https://github.com/FasterXML/jackson-databind/issues/2389", + "refsource": "MISC", + "name": "https://github.com/FasterXML/jackson-databind/issues/2389" }, { - "url":"https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b", - "refsource":"MISC", - "name":"https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b" + "url": "https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b", + "refsource": "MISC", + "name": "https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190814-0001/", - "url":"https://security.netapp.com/advisory/ntap-20190814-0001/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190814-0001/", + "url": "https://security.netapp.com/advisory/ntap-20190814-0001/" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", - "url":"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" + "refsource": "MLIST", + "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", + "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url":"https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" + "refsource": "MLIST", + "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", - "url":"https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" + "refsource": "MLIST", + "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", + "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-ae6a703b8f", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" + "refsource": "FEDORA", + "name": "FEDORA-2019-ae6a703b8f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-fb23eccc03", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" + "refsource": "FEDORA", + "name": "FEDORA-2019-fb23eccc03", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" }, { - "refsource":"DEBIAN", - "name":"DSA-4542", - "url":"https://www.debian.org/security/2019/dsa-4542" + "refsource": "DEBIAN", + "name": "DSA-4542", + "url": "https://www.debian.org/security/2019/dsa-4542" }, { - "refsource":"BUGTRAQ", - "name":"20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", - "url":"https://seclists.org/bugtraq/2019/Oct/6" + "refsource": "BUGTRAQ", + "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", + "url": "https://seclists.org/bugtraq/2019/Oct/6" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3200", - "url":"https://access.redhat.com/errata/RHSA-2019:3200" + "refsource": "REDHAT", + "name": "RHSA-2019:3200", + "url": "https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource":"MLIST", - "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource": "MLIST", + "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/14xxx/CVE-2019-14540.json b/2019/14xxx/CVE-2019-14540.json index 9787fd0af6a..c94708b43ab 100644 --- a/2019/14xxx/CVE-2019-14540.json +++ b/2019/14xxx/CVE-2019-14540.json @@ -1,170 +1,171 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-14540", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14540", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig." + "lang": "eng", + "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"MISC", - "name":"https://github.com/FasterXML/jackson-databind/issues/2449", - "url":"https://github.com/FasterXML/jackson-databind/issues/2449" + "refsource": "MISC", + "name": "https://github.com/FasterXML/jackson-databind/issues/2449", + "url": "https://github.com/FasterXML/jackson-databind/issues/2449" }, { - "refsource":"CONFIRM", - "name":"https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x", - "url":"https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x" + "refsource": "CONFIRM", + "name": "https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x", + "url": "https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x" }, { - "refsource":"MISC", - "name":"https://github.com/FasterXML/jackson-databind/issues/2410", - "url":"https://github.com/FasterXML/jackson-databind/issues/2410" + "refsource": "MISC", + "name": "https://github.com/FasterXML/jackson-databind/issues/2410", + "url": "https://github.com/FasterXML/jackson-databind/issues/2410" }, { - "refsource":"MLIST", - "name":"[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues", - "url":"https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E" + "refsource": "MLIST", + "name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues", + "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version", - "url":"https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E" + "refsource": "MLIST", + "name": "[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version", + "url": "https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[zookeeper-notifications] 20190925 [GitHub] [zookeeper] maoling commented on issue #1097: ZOOKEEPER-3559 - Update Jackson to 2.9.10", - "url":"https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6@%3Cnotifications.zookeeper.apache.org%3E" + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20190925 [GitHub] [zookeeper] maoling commented on issue #1097: ZOOKEEPER-3559 - Update Jackson to 2.9.10", + "url": "https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6@%3Cnotifications.zookeeper.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version", - "url":"https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E" + "refsource": "MLIST", + "name": "[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version", + "url": "https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", - "url":"https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E" + "refsource": "MLIST", + "name": "[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", + "url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", - "url":"https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E" + "refsource": "MLIST", + "name": "[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", + "url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", - "url":"https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E" + "refsource": "MLIST", + "name": "[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", + "url": "https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20191004-0002/", - "url":"https://security.netapp.com/advisory/ntap-20191004-0002/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20191004-0002/", + "url": "https://security.netapp.com/advisory/ntap-20191004-0002/" }, { - "refsource":"DEBIAN", - "name":"DSA-4542", - "url":"https://www.debian.org/security/2019/dsa-4542" + "refsource": "DEBIAN", + "name": "DSA-4542", + "url": "https://www.debian.org/security/2019/dsa-4542" }, { - "refsource":"BUGTRAQ", - "name":"20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", - "url":"https://seclists.org/bugtraq/2019/Oct/6" + "refsource": "BUGTRAQ", + "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", + "url": "https://seclists.org/bugtraq/2019/Oct/6" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-b171554877", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" + "refsource": "FEDORA", + "name": "FEDORA-2019-b171554877", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3200", - "url":"https://access.redhat.com/errata/RHSA-2019:3200" + "refsource": "REDHAT", + "name": "RHSA-2019:3200", + "url": "https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-cf87377f5f", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" + "refsource": "FEDORA", + "name": "FEDORA-2019-cf87377f5f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" }, { - "refsource":"MLIST", - "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource": "MLIST", + "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/15xxx/CVE-2019-15845.json b/2019/15xxx/CVE-2019-15845.json index 6432cbe6195..b2a00f8c337 100644 --- a/2019/15xxx/CVE-2019-15845.json +++ b/2019/15xxx/CVE-2019-15845.json @@ -1,90 +1,91 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-15845", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15845", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions." + "lang": "eng", + "value": "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"https://hackerone.com/reports/449617", - "refsource":"MISC", - "name":"https://hackerone.com/reports/449617" + "url": "https://hackerone.com/reports/449617", + "refsource": "MISC", + "name": "https://hackerone.com/reports/449617" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20191125 [SECURITY] [DLA 2007-1] ruby2.1 security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191125 [SECURITY] [DLA 2007-1] ruby2.1 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" }, { - "refsource":"UBUNTU", - "name":"USN-4201-1", - "url":"https://usn.ubuntu.com/4201-1/" + "refsource": "UBUNTU", + "name": "USN-4201-1", + "url": "https://usn.ubuntu.com/4201-1/" }, { - "refsource":"BUGTRAQ", - "name":"20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", - "url":"https://seclists.org/bugtraq/2019/Dec/31" + "refsource": "BUGTRAQ", + "name": "20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", + "url": "https://seclists.org/bugtraq/2019/Dec/31" }, { - "refsource":"BUGTRAQ", - "name":"20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", - "url":"https://seclists.org/bugtraq/2019/Dec/32" + "refsource": "BUGTRAQ", + "name": "20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", + "url": "https://seclists.org/bugtraq/2019/Dec/32" }, { - "refsource":"DEBIAN", - "name":"DSA-4587", - "url":"https://www.debian.org/security/2019/dsa-4587" + "refsource": "DEBIAN", + "name": "DSA-4587", + "url": "https://www.debian.org/security/2019/dsa-4587" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/15xxx/CVE-2019-15961.json b/2019/15xxx/CVE-2019-15961.json index 0cbc1a79426..3d3cf1b3e1b 100644 --- a/2019/15xxx/CVE-2019-15961.json +++ b/2019/15xxx/CVE-2019-15961.json @@ -40,7 +40,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.\n\nThe vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.\n" + "value": "A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition." } ] }, @@ -96,4 +96,4 @@ ], "discovery": "USER" } -} +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16168.json b/2019/16xxx/CVE-2019-16168.json index 29c2a098f8c..006b4f02c16 100644 --- a/2019/16xxx/CVE-2019-16168.json +++ b/2019/16xxx/CVE-2019-16168.json @@ -1,100 +1,101 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-16168", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16168", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a \"severe division by zero in the query planner.\"" + "lang": "eng", + "value": "In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a \"severe division by zero in the query planner.\"" } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html", - "refsource":"MISC", - "name":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html" + "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html", + "refsource": "MISC", + "name": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html" }, { - "url":"https://www.sqlite.org/src/timeline?c=98357d8c1263920b", - "refsource":"MISC", - "name":"https://www.sqlite.org/src/timeline?c=98357d8c1263920b" + "url": "https://www.sqlite.org/src/timeline?c=98357d8c1263920b", + "refsource": "MISC", + "name": "https://www.sqlite.org/src/timeline?c=98357d8c1263920b" }, { - "url":"https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62", - "refsource":"MISC", - "name":"https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62" + "url": "https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62", + "refsource": "MISC", + "name": "https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190926-0003/", - "url":"https://security.netapp.com/advisory/ntap-20190926-0003/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190926-0003/", + "url": "https://security.netapp.com/advisory/ntap-20190926-0003/" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:2300", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2300", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:2298", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2298", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html" }, { - "refsource":"UBUNTU", - "name":"USN-4205-1", - "url":"https://usn.ubuntu.com/4205-1/" + "refsource": "UBUNTU", + "name": "USN-4205-1", + "url": "https://usn.ubuntu.com/4205-1/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-b1636e0b70", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/" + "refsource": "FEDORA", + "name": "FEDORA-2019-b1636e0b70", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16201.json b/2019/16xxx/CVE-2019-16201.json index a250b6c81bb..5528e29383d 100644 --- a/2019/16xxx/CVE-2019-16201.json +++ b/2019/16xxx/CVE-2019-16201.json @@ -1,90 +1,91 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-16201", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16201", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network." + "lang": "eng", + "value": "WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"https://hackerone.com/reports/661722", - "refsource":"MISC", - "name":"https://hackerone.com/reports/661722" + "url": "https://hackerone.com/reports/661722", + "refsource": "MISC", + "name": "https://hackerone.com/reports/661722" }, { - "refsource":"MISC", - "name":"https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", - "url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", + "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html" }, { - "refsource":"BUGTRAQ", - "name":"20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", - "url":"https://seclists.org/bugtraq/2019/Dec/31" + "refsource": "BUGTRAQ", + "name": "20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", + "url": "https://seclists.org/bugtraq/2019/Dec/31" }, { - "refsource":"BUGTRAQ", - "name":"20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", - "url":"https://seclists.org/bugtraq/2019/Dec/32" + "refsource": "BUGTRAQ", + "name": "20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", + "url": "https://seclists.org/bugtraq/2019/Dec/32" }, { - "refsource":"DEBIAN", - "name":"DSA-4587", - "url":"https://www.debian.org/security/2019/dsa-4587" + "refsource": "DEBIAN", + "name": "DSA-4587", + "url": "https://www.debian.org/security/2019/dsa-4587" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16254.json b/2019/16xxx/CVE-2019-16254.json index 3f71d365a5f..74bf79fe754 100644 --- a/2019/16xxx/CVE-2019-16254.json +++ b/2019/16xxx/CVE-2019-16254.json @@ -1,115 +1,116 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-16254", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16254", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF." + "lang": "eng", + "value": "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"https://hackerone.com/reports/331984", - "refsource":"MISC", - "name":"https://hackerone.com/reports/331984" + "url": "https://hackerone.com/reports/331984", + "refsource": "MISC", + "name": "https://hackerone.com/reports/331984" }, { - "refsource":"MISC", - "name":"https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", - "url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", + "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" }, { - "refsource":"CONFIRM", - "name":"https://www.ruby-lang.org/ja/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/", - "url":"https://www.ruby-lang.org/ja/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/" + "refsource": "CONFIRM", + "name": "https://www.ruby-lang.org/ja/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/", + "url": "https://www.ruby-lang.org/ja/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/" }, { - "refsource":"CONFIRM", - "name":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/", - "url":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/" + "refsource": "CONFIRM", + "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/", + "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/" }, { - "refsource":"CONFIRM", - "name":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/", - "url":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/" + "refsource": "CONFIRM", + "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/", + "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/" }, { - "refsource":"CONFIRM", - "name":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", - "url":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/" + "refsource": "CONFIRM", + "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", + "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html" }, { - "refsource":"BUGTRAQ", - "name":"20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", - "url":"https://seclists.org/bugtraq/2019/Dec/31" + "refsource": "BUGTRAQ", + "name": "20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", + "url": "https://seclists.org/bugtraq/2019/Dec/31" }, { - "refsource":"BUGTRAQ", - "name":"20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", - "url":"https://seclists.org/bugtraq/2019/Dec/32" + "refsource": "BUGTRAQ", + "name": "20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", + "url": "https://seclists.org/bugtraq/2019/Dec/32" }, { - "refsource":"DEBIAN", - "name":"DSA-4587", - "url":"https://www.debian.org/security/2019/dsa-4587" + "refsource": "DEBIAN", + "name": "DSA-4587", + "url": "https://www.debian.org/security/2019/dsa-4587" }, { - "refsource":"DEBIAN", - "name":"DSA-4586", - "url":"https://www.debian.org/security/2019/dsa-4586" + "refsource": "DEBIAN", + "name": "DSA-4586", + "url": "https://www.debian.org/security/2019/dsa-4586" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16255.json b/2019/16xxx/CVE-2019-16255.json index d168a35bbf3..ae805c090f7 100644 --- a/2019/16xxx/CVE-2019-16255.json +++ b/2019/16xxx/CVE-2019-16255.json @@ -1,110 +1,111 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-16255", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16255", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the \"command\" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method." + "lang": "eng", + "value": "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the \"command\" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"https://hackerone.com/reports/327512", - "refsource":"MISC", - "name":"https://hackerone.com/reports/327512" + "url": "https://hackerone.com/reports/327512", + "refsource": "MISC", + "name": "https://hackerone.com/reports/327512" }, { - "refsource":"MISC", - "name":"https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", - "url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", + "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" }, { - "refsource":"CONFIRM", - "name":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/", - "url":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/" + "refsource": "CONFIRM", + "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/", + "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/" }, { - "refsource":"CONFIRM", - "name":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/", - "url":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/" + "refsource": "CONFIRM", + "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/", + "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/" }, { - "refsource":"CONFIRM", - "name":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", - "url":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/" + "refsource": "CONFIRM", + "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", + "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/" }, { - "refsource":"CONFIRM", - "name":"https://www.ruby-lang.org/ja/news/2019/10/01/code-injection-shell-test-cve-2019-16255/", - "url":"https://www.ruby-lang.org/ja/news/2019/10/01/code-injection-shell-test-cve-2019-16255/" + "refsource": "CONFIRM", + "name": "https://www.ruby-lang.org/ja/news/2019/10/01/code-injection-shell-test-cve-2019-16255/", + "url": "https://www.ruby-lang.org/ja/news/2019/10/01/code-injection-shell-test-cve-2019-16255/" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html" }, { - "refsource":"BUGTRAQ", - "name":"20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", - "url":"https://seclists.org/bugtraq/2019/Dec/31" + "refsource": "BUGTRAQ", + "name": "20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", + "url": "https://seclists.org/bugtraq/2019/Dec/31" }, { - "refsource":"BUGTRAQ", - "name":"20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", - "url":"https://seclists.org/bugtraq/2019/Dec/32" + "refsource": "BUGTRAQ", + "name": "20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", + "url": "https://seclists.org/bugtraq/2019/Dec/32" }, { - "refsource":"DEBIAN", - "name":"DSA-4587", - "url":"https://www.debian.org/security/2019/dsa-4587" + "refsource": "DEBIAN", + "name": "DSA-4587", + "url": "https://www.debian.org/security/2019/dsa-4587" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16335.json b/2019/16xxx/CVE-2019-16335.json index a77d1546052..80d2b3819cf 100644 --- a/2019/16xxx/CVE-2019-16335.json +++ b/2019/16xxx/CVE-2019-16335.json @@ -1,155 +1,156 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-16335", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16335", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540." + "lang": "eng", + "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"https://github.com/FasterXML/jackson-databind/issues/2449", - "refsource":"MISC", - "name":"https://github.com/FasterXML/jackson-databind/issues/2449" + "url": "https://github.com/FasterXML/jackson-databind/issues/2449", + "refsource": "MISC", + "name": "https://github.com/FasterXML/jackson-databind/issues/2449" }, { - "refsource":"MLIST", - "name":"[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues", - "url":"https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E" + "refsource": "MLIST", + "name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues", + "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version", - "url":"https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E" + "refsource": "MLIST", + "name": "[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version", + "url": "https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version", - "url":"https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E" + "refsource": "MLIST", + "name": "[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version", + "url": "https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", - "url":"https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E" + "refsource": "MLIST", + "name": "[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", + "url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", - "url":"https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E" + "refsource": "MLIST", + "name": "[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", + "url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", - "url":"https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E" + "refsource": "MLIST", + "name": "[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", + "url": "https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20191004-0002/", - "url":"https://security.netapp.com/advisory/ntap-20191004-0002/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20191004-0002/", + "url": "https://security.netapp.com/advisory/ntap-20191004-0002/" }, { - "refsource":"DEBIAN", - "name":"DSA-4542", - "url":"https://www.debian.org/security/2019/dsa-4542" + "refsource": "DEBIAN", + "name": "DSA-4542", + "url": "https://www.debian.org/security/2019/dsa-4542" }, { - "refsource":"BUGTRAQ", - "name":"20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", - "url":"https://seclists.org/bugtraq/2019/Oct/6" + "refsource": "BUGTRAQ", + "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", + "url": "https://seclists.org/bugtraq/2019/Oct/6" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-b171554877", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" + "refsource": "FEDORA", + "name": "FEDORA-2019-b171554877", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3200", - "url":"https://access.redhat.com/errata/RHSA-2019:3200" + "refsource": "REDHAT", + "name": "RHSA-2019:3200", + "url": "https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-cf87377f5f", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" + "refsource": "FEDORA", + "name": "FEDORA-2019-cf87377f5f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" }, { - "refsource":"MLIST", - "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource": "MLIST", + "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16775.json b/2019/16xxx/CVE-2019-16775.json index 915a6ea929d..e05261b6bd5 100644 --- a/2019/16xxx/CVE-2019-16775.json +++ b/2019/16xxx/CVE-2019-16775.json @@ -1,99 +1,100 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"security-advisories@github.com", - "ID":"CVE-2019-16775", - "STATE":"PUBLIC", - "TITLE":"Unauthorized File Access in npm CLI before before version 6.13.3" + "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", + "ID": "CVE-2019-16775", + "STATE": "PUBLIC", + "TITLE": "Unauthorized File Access in npm CLI before before version 6.13.3" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"cli", - "version":{ - "version_data":[ + "product_name": "cli", + "version": { + "version_data": [ { - "version_affected":"<", - "version_name":"< 6.13.3", - "version_value":"6.13.3" + "version_affected": "<", + "version_name": "< 6.13.3", + "version_value": "6.13.3" } ] } } ] }, - "vendor_name":"npm" + "vendor_name": "npm" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user\u2019s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." + "lang": "eng", + "value": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user\u2019s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." } ] }, - "impact":{ - "cvss":{ - "attackComplexity":"HIGH", - "attackVector":"NETWORK", - "availabilityImpact":"NONE", - "baseScore":7.7, - "baseSeverity":"HIGH", - "confidentialityImpact":"HIGH", - "integrityImpact":"HIGH", - "privilegesRequired":"LOW", - "scope":"CHANGED", - "userInteraction":"REQUIRED", - "vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", - "version":"3.1" + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"CWE-61: UNIX Symbolic Link (Symlink) Following" + "lang": "eng", + "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx", - "refsource":"CONFIRM", - "url":"https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx" + "name": "https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx", + "refsource": "CONFIRM", + "url": "https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx" }, { "name": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", "refsource": "MISC", "url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, { "refsource": "SUSE", "name": "openSUSE-SU-2020:0059", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" - }, - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" - } + } ] }, - "source":{ - "advisory":"GHSA-m6cx-g6qm-p2cx", - "discovery":"UNKNOWN" + "source": { + "advisory": "GHSA-m6cx-g6qm-p2cx", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16776.json b/2019/16xxx/CVE-2019-16776.json index d5ba80144d8..9bcda391a45 100644 --- a/2019/16xxx/CVE-2019-16776.json +++ b/2019/16xxx/CVE-2019-16776.json @@ -1,99 +1,100 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"security-advisories@github.com", - "ID":"CVE-2019-16776", - "STATE":"PUBLIC", - "TITLE":"Unauthorized File Access in npm CLI before before version 6.13.3" + "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", + "ID": "CVE-2019-16776", + "STATE": "PUBLIC", + "TITLE": "Unauthorized File Access in npm CLI before before version 6.13.3" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"cli", - "version":{ - "version_data":[ + "product_name": "cli", + "version": { + "version_data": [ { - "version_affected":"<", - "version_name":"< 6.13.3", - "version_value":"6.13.3" + "version_affected": "<", + "version_name": "< 6.13.3", + "version_value": "6.13.3" } ] } } ] }, - "vendor_name":"npm" + "vendor_name": "npm" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user\u2019s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." + "lang": "eng", + "value": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user\u2019s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." } ] }, - "impact":{ - "cvss":{ - "attackComplexity":"HIGH", - "attackVector":"NETWORK", - "availabilityImpact":"NONE", - "baseScore":7.7, - "baseSeverity":"HIGH", - "confidentialityImpact":"HIGH", - "integrityImpact":"HIGH", - "privilegesRequired":"LOW", - "scope":"CHANGED", - "userInteraction":"REQUIRED", - "vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", - "version":"3.1" + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", - "refsource":"MISC", - "url":"https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" + "name": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", + "refsource": "MISC", + "url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" }, { "name": "https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46", "refsource": "CONFIRM", "url": "https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46" }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, { "refsource": "SUSE", "name": "openSUSE-SU-2020:0059", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" - }, - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" - } + } ] }, - "source":{ - "advisory":"GHSA-x8qc-rrcw-4r46", - "discovery":"UNKNOWN" + "source": { + "advisory": "GHSA-x8qc-rrcw-4r46", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16777.json b/2019/16xxx/CVE-2019-16777.json index 99d99ec1b57..cfafc9a844b 100644 --- a/2019/16xxx/CVE-2019-16777.json +++ b/2019/16xxx/CVE-2019-16777.json @@ -1,99 +1,100 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"security-advisories@github.com", - "ID":"CVE-2019-16777", - "STATE":"PUBLIC", - "TITLE":"Arbitrary File Overwrite in npm CLI" + "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", + "ID": "CVE-2019-16777", + "STATE": "PUBLIC", + "TITLE": "Arbitrary File Overwrite in npm CLI" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"cli", - "version":{ - "version_data":[ + "product_name": "cli", + "version": { + "version_data": [ { - "version_affected":"<", - "version_name":"< 6.13.4", - "version_value":"6.13.4" + "version_affected": "<", + "version_name": "< 6.13.4", + "version_value": "6.13.4" } ] } } ] }, - "vendor_name":"npm" + "vendor_name": "npm" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." + "lang": "eng", + "value": "Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." } ] }, - "impact":{ - "cvss":{ - "attackComplexity":"HIGH", - "attackVector":"NETWORK", - "availabilityImpact":"NONE", - "baseScore":7.7, - "baseSeverity":"HIGH", - "confidentialityImpact":"HIGH", - "integrityImpact":"HIGH", - "privilegesRequired":"LOW", - "scope":"CHANGED", - "userInteraction":"REQUIRED", - "vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", - "version":"3.1" + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", - "refsource":"MISC", - "url":"https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" + "name": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", + "refsource": "MISC", + "url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" }, { "name": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr", "refsource": "CONFIRM", "url": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr" }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, { "refsource": "SUSE", "name": "openSUSE-SU-2020:0059", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" - }, - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" - } + } ] }, - "source":{ - "advisory":"GHSA-4328-8hgf-7wjr", - "discovery":"UNKNOWN" + "source": { + "advisory": "GHSA-4328-8hgf-7wjr", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16942.json b/2019/16xxx/CVE-2019-16942.json index 6af8876352e..5d0691bf3be 100644 --- a/2019/16xxx/CVE-2019-16942.json +++ b/2019/16xxx/CVE-2019-16942.json @@ -1,140 +1,141 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-16942", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16942", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling." + "lang": "eng", + "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", - "refsource":"MISC", - "name":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" + "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "refsource": "MISC", + "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { - "url":"https://github.com/FasterXML/jackson-databind/issues/2478", - "refsource":"MISC", - "name":"https://github.com/FasterXML/jackson-databind/issues/2478" + "url": "https://github.com/FasterXML/jackson-databind/issues/2478", + "refsource": "MISC", + "name": "https://github.com/FasterXML/jackson-databind/issues/2478" }, { - "refsource":"MISC", - "name":"https://issues.apache.org/jira/browse/GEODE-7255", - "url":"https://issues.apache.org/jira/browse/GEODE-7255" + "refsource": "MISC", + "name": "https://issues.apache.org/jira/browse/GEODE-7255", + "url": "https://issues.apache.org/jira/browse/GEODE-7255" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" }, { - "refsource":"DEBIAN", - "name":"DSA-4542", - "url":"https://www.debian.org/security/2019/dsa-4542" + "refsource": "DEBIAN", + "name": "DSA-4542", + "url": "https://www.debian.org/security/2019/dsa-4542" }, { - "refsource":"BUGTRAQ", - "name":"20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", - "url":"https://seclists.org/bugtraq/2019/Oct/6" + "refsource": "BUGTRAQ", + "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", + "url": "https://seclists.org/bugtraq/2019/Oct/6" }, { - "refsource":"MLIST", - "name":"[geode-issues] 20191008 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942", - "url":"https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370@%3Cissues.geode.apache.org%3E" + "refsource": "MLIST", + "name": "[geode-issues] 20191008 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942", + "url": "https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370@%3Cissues.geode.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[geode-issues] 20191011 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942", - "url":"https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5@%3Cissues.geode.apache.org%3E" + "refsource": "MLIST", + "name": "[geode-issues] 20191011 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942", + "url": "https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5@%3Cissues.geode.apache.org%3E" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-b171554877", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" + "refsource": "FEDORA", + "name": "FEDORA-2019-b171554877", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20191017-0006/", - "url":"https://security.netapp.com/advisory/ntap-20191017-0006/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20191017-0006/", + "url": "https://security.netapp.com/advisory/ntap-20191017-0006/" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-cf87377f5f", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" + "refsource": "FEDORA", + "name": "FEDORA-2019-cf87377f5f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3901", - "url":"https://access.redhat.com/errata/RHSA-2019:3901" + "refsource": "REDHAT", + "name": "RHSA-2019:3901", + "url": "https://access.redhat.com/errata/RHSA-2019:3901" }, { - "refsource":"MLIST", - "name":"[geode-issues] 20191230 [jira] [Closed] (GEODE-7255) Need to pick up CVE-2019-16942", - "url":"https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954@%3Cissues.geode.apache.org%3E" + "refsource": "MLIST", + "name": "[geode-issues] 20191230 [jira] [Closed] (GEODE-7255) Need to pick up CVE-2019-16942", + "url": "https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954@%3Cissues.geode.apache.org%3E" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16943.json b/2019/16xxx/CVE-2019-16943.json index faec37dd145..e6bbda5371e 100644 --- a/2019/16xxx/CVE-2019-16943.json +++ b/2019/16xxx/CVE-2019-16943.json @@ -1,122 +1,116 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-16943", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16943", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling." + "lang": "eng", + "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", - "refsource":"MISC", - "name":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" + "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "refsource": "MISC", + "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { - "url":"https://github.com/FasterXML/jackson-databind/issues/2478", - "refsource":"MISC", - "name":"https://github.com/FasterXML/jackson-databind/issues/2478" + "url": "https://github.com/FasterXML/jackson-databind/issues/2478", + "refsource": "MISC", + "name": "https://github.com/FasterXML/jackson-databind/issues/2478" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" }, { - "refsource":"DEBIAN", - "name":"DSA-4542", - "url":"https://www.debian.org/security/2019/dsa-4542" + "refsource": "DEBIAN", + "name": "DSA-4542", + "url": "https://www.debian.org/security/2019/dsa-4542" }, { - "refsource":"BUGTRAQ", - "name":"20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", - "url":"https://seclists.org/bugtraq/2019/Oct/6" + "refsource": "BUGTRAQ", + "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", + "url": "https://seclists.org/bugtraq/2019/Oct/6" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-b171554877", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" + "refsource": "FEDORA", + "name": "FEDORA-2019-b171554877", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20191017-0006/", - "url":"https://security.netapp.com/advisory/ntap-20191017-0006/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20191017-0006/", + "url": "https://security.netapp.com/advisory/ntap-20191017-0006/" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-cf87377f5f", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" + "refsource": "FEDORA", + "name": "FEDORA-2019-cf87377f5f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" }, { - "refsource":"MLIST", - "name":"[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", - "url":"https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E" - }, - { - "refsource":"MLIST", - "name":"[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)", - "url":"https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E" + "refsource": "MLIST", + "name": "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", + "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E" }, { "refsource": "MLIST", @@ -125,12 +119,19 @@ }, { "refsource": "MLIST", - "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", - "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" + "name": "[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)", + "url": "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" - } + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", + "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" + } ] } } \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17091.json b/2019/17xxx/CVE-2019-17091.json index 987f2c94f58..670d1f27fcb 100644 --- a/2019/17xxx/CVE-2019-17091.json +++ b/2019/17xxx/CVE-2019-17091.json @@ -1,115 +1,116 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-17091", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17091", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled." + "lang": "eng", + "value": "faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244", - "refsource":"MISC", - "name":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244" + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244", + "refsource": "MISC", + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244" }, { - "url":"https://github.com/eclipse-ee4j/mojarra/pull/4567", - "refsource":"MISC", - "name":"https://github.com/eclipse-ee4j/mojarra/pull/4567" + "url": "https://github.com/eclipse-ee4j/mojarra/pull/4567", + "refsource": "MISC", + "name": "https://github.com/eclipse-ee4j/mojarra/pull/4567" }, { - "url":"https://github.com/eclipse-ee4j/mojarra/issues/4556", - "refsource":"MISC", - "name":"https://github.com/eclipse-ee4j/mojarra/issues/4556" + "url": "https://github.com/eclipse-ee4j/mojarra/issues/4556", + "refsource": "MISC", + "name": "https://github.com/eclipse-ee4j/mojarra/issues/4556" }, { - "url":"https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txt", - "refsource":"MISC", - "name":"https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txt" + "url": "https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txt", + "refsource": "MISC", + "name": "https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txt" }, { - "url":"https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASE", - "refsource":"MISC", - "name":"https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASE" + "url": "https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASE", + "refsource": "MISC", + "name": "https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASE" }, { - "url":"https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dcee", - "refsource":"MISC", - "name":"https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dcee" + "url": "https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dcee", + "refsource": "MISC", + "name": "https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dcee" }, { - "url":"https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81f", - "refsource":"MISC", - "name":"https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81f" + "url": "https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81f", + "refsource": "MISC", + "name": "https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81f" }, { - "url":"https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20", - "refsource":"MISC", - "name":"https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20" + "url": "https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20", + "refsource": "MISC", + "name": "https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20" }, { - "url":"https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fe", - "refsource":"MISC", - "name":"https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fe" + "url": "https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fe", + "refsource": "MISC", + "name": "https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fe" }, { - "url":"https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4", - "refsource":"MISC", - "name":"https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4" + "url": "https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4", + "refsource": "MISC", + "name": "https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/17xxx/CVE-2019-17267.json b/2019/17xxx/CVE-2019-17267.json index 59a926505ef..5d4039877cc 100644 --- a/2019/17xxx/CVE-2019-17267.json +++ b/2019/17xxx/CVE-2019-17267.json @@ -1,106 +1,107 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-17267", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17267", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup." + "lang": "eng", + "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"https://github.com/FasterXML/jackson-databind/issues/2460", - "refsource":"MISC", - "name":"https://github.com/FasterXML/jackson-databind/issues/2460" + "url": "https://github.com/FasterXML/jackson-databind/issues/2460", + "refsource": "MISC", + "name": "https://github.com/FasterXML/jackson-databind/issues/2460" }, { - "url":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10", - "refsource":"MISC", - "name":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10" + "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10", + "refsource": "MISC", + "name": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20191017-0006/", - "url":"https://security.netapp.com/advisory/ntap-20191017-0006/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20191017-0006/", + "url": "https://security.netapp.com/advisory/ntap-20191017-0006/" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource":"MLIST", - "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3200", - "url":"https://access.redhat.com/errata/RHSA-2019:3200" + "refsource": "REDHAT", + "name": "RHSA-2019:3200", + "url": "https://access.redhat.com/errata/RHSA-2019:3200" }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html" }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, { "refsource": "MLIST", "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" - }, - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" - } + } ] } } \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17359.json b/2019/17xxx/CVE-2019-17359.json index 7333c3d72f3..9f1beeaa90f 100644 --- a/2019/17xxx/CVE-2019-17359.json +++ b/2019/17xxx/CVE-2019-17359.json @@ -1,75 +1,76 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-17359", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17359", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64." + "lang": "eng", + "value": "The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"https://www.bouncycastle.org/releasenotes.html", - "refsource":"MISC", - "name":"https://www.bouncycastle.org/releasenotes.html" + "url": "https://www.bouncycastle.org/releasenotes.html", + "refsource": "MISC", + "name": "https://www.bouncycastle.org/releasenotes.html" }, { - "url":"https://www.bouncycastle.org/latest_releases.html", - "refsource":"MISC", - "name":"https://www.bouncycastle.org/latest_releases.html" + "url": "https://www.bouncycastle.org/latest_releases.html", + "refsource": "MISC", + "name": "https://www.bouncycastle.org/latest_releases.html" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20191024-0006/", - "url":"https://security.netapp.com/advisory/ntap-20191024-0006/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20191024-0006/", + "url": "https://security.netapp.com/advisory/ntap-20191024-0006/" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/17xxx/CVE-2019-17531.json b/2019/17xxx/CVE-2019-17531.json index ce0f9c4ea41..136db72193d 100644 --- a/2019/17xxx/CVE-2019-17531.json +++ b/2019/17xxx/CVE-2019-17531.json @@ -1,96 +1,97 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-17531", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17531", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload." + "lang": "eng", + "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", - "refsource":"MISC", - "name":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" + "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "refsource": "MISC", + "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { - "url":"https://github.com/FasterXML/jackson-databind/issues/2498", - "refsource":"MISC", - "name":"https://github.com/FasterXML/jackson-databind/issues/2498" + "url": "https://github.com/FasterXML/jackson-databind/issues/2498", + "refsource": "MISC", + "name": "https://github.com/FasterXML/jackson-databind/issues/2498" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20191024-0005/", - "url":"https://security.netapp.com/advisory/ntap-20191024-0005/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20191024-0005/", + "url": "https://security.netapp.com/advisory/ntap-20191024-0005/" }, { - "refsource":"MLIST", - "name":"[pulsar-commits] 20191127 [GitHub] [pulsar] massakam opened a new pull request #5758: Bump jackson libraries to 2.10.1", - "url":"https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5@%3Ccommits.pulsar.apache.org%3E" + "refsource": "MLIST", + "name": "[pulsar-commits] 20191127 [GitHub] [pulsar] massakam opened a new pull request #5758: Bump jackson libraries to 2.10.1", + "url": "https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5@%3Ccommits.pulsar.apache.org%3E" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:4192", - "url":"https://access.redhat.com/errata/RHSA-2019:4192" + "refsource": "REDHAT", + "name": "RHSA-2019:4192", + "url": "https://access.redhat.com/errata/RHSA-2019:4192" }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html" }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, { "refsource": "MLIST", "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" - }, - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" - } + } ] } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1547.json b/2019/1xxx/CVE-2019-1547.json index a0e16c19b79..de336fddf1c 100644 --- a/2019/1xxx/CVE-2019-1547.json +++ b/2019/1xxx/CVE-2019-1547.json @@ -1,201 +1,202 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"openssl-security@openssl.org", - "DATE_PUBLIC":"2019-09-10", - "ID":"CVE-2019-1547", - "STATE":"PUBLIC", - "TITLE":"ECDSA remote timing attack" + "CVE_data_meta": { + "ASSIGNER": "openssl-security@openssl.org", + "DATE_PUBLIC": "2019-09-10", + "ID": "CVE-2019-1547", + "STATE": "PUBLIC", + "TITLE": "ECDSA remote timing attack" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"OpenSSL", - "version":{ - "version_data":[ + "product_name": "OpenSSL", + "version": { + "version_data": [ { - "version_value":"Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" + "version_value": "Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" }, { - "version_value":"Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)" + "version_value": "Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)" }, { - "version_value":"Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)" + "version_value": "Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)" } ] } } ] }, - "vendor_name":"OpenSSL" + "vendor_name": "OpenSSL" } ] } }, - "credit":[ + "credit": [ { - "lang":"eng", - "value":"Cesar Pereida Garc\u00eda, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley" + "lang": "eng", + "value": "Cesar Pereida Garc\u00eda, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley" } ], - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)." + "lang": "eng", + "value": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)." } ] }, - "impact":[ + "impact": [ { - "lang":"eng", - "url":"https://www.openssl.org/policies/secpolicy.html#Low", - "value":"Low" + "lang": "eng", + "url": "https://www.openssl.org/policies/secpolicy.html#Low", + "value": "Low" } ], - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Timing side channel" + "lang": "eng", + "value": "Timing side channel" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://www.openssl.org/news/secadv/20190910.txt", - "refsource":"CONFIRM", - "url":"https://www.openssl.org/news/secadv/20190910.txt" + "name": "https://www.openssl.org/news/secadv/20190910.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20190910.txt" }, { - "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", - "refsource":"CONFIRM", - "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8" + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8" }, { - "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", - "refsource":"CONFIRM", - "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a" + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a" }, { - "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", - "refsource":"CONFIRM", - "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46" + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46" }, { - "refsource":"MISC", - "name":"https://arxiv.org/abs/1909.01785", - "url":"https://arxiv.org/abs/1909.01785" + "refsource": "MISC", + "name": "https://arxiv.org/abs/1909.01785", + "url": "https://arxiv.org/abs/1909.01785" }, { - "refsource":"BUGTRAQ", - "name":"20190912 [slackware-security] openssl (SSA:2019-254-03)", - "url":"https://seclists.org/bugtraq/2019/Sep/25" + "refsource": "BUGTRAQ", + "name": "20190912 [slackware-security] openssl (SSA:2019-254-03)", + "url": "https://seclists.org/bugtraq/2019/Sep/25" }, { - "refsource":"MISC", - "name":"http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "url":"http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html" + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "url": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190919-0002/", - "url":"https://security.netapp.com/advisory/ntap-20190919-0002/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190919-0002/", + "url": "https://security.netapp.com/advisory/ntap-20190919-0002/" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:2158", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2158", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-d15aac6c4e", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/" + "refsource": "FEDORA", + "name": "FEDORA-2019-d15aac6c4e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:2189", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2189", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-d51641f152", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/" + "refsource": "FEDORA", + "name": "FEDORA-2019-d51641f152", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/" }, { - "refsource":"BUGTRAQ", - "name":"20191001 [SECURITY] [DSA 4539-1] openssl security update", - "url":"https://seclists.org/bugtraq/2019/Oct/1" + "refsource": "BUGTRAQ", + "name": "20191001 [SECURITY] [DSA 4539-1] openssl security update", + "url": "https://seclists.org/bugtraq/2019/Oct/1" }, { - "refsource":"BUGTRAQ", - "name":"20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update", - "url":"https://seclists.org/bugtraq/2019/Oct/0" + "refsource": "BUGTRAQ", + "name": "20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update", + "url": "https://seclists.org/bugtraq/2019/Oct/0" }, { - "refsource":"DEBIAN", - "name":"DSA-4539", - "url":"https://www.debian.org/security/2019/dsa-4539" + "refsource": "DEBIAN", + "name": "DSA-4539", + "url": "https://www.debian.org/security/2019/dsa-4539" }, { - "refsource":"DEBIAN", - "name":"DSA-4540", - "url":"https://www.debian.org/security/2019/dsa-4540" + "refsource": "DEBIAN", + "name": "DSA-4540", + "url": "https://www.debian.org/security/2019/dsa-4540" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:2268", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2268", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:2269", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2269", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html" }, { - "refsource":"CONFIRM", - "name":"https://support.f5.com/csp/article/K73422160?utm_source=f5support&utm_medium=RSS", - "url":"https://support.f5.com/csp/article/K73422160?utm_source=f5support&utm_medium=RSS" + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K73422160?utm_source=f5support&utm_medium=RSS", + "url": "https://support.f5.com/csp/article/K73422160?utm_source=f5support&utm_medium=RSS" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"GENTOO", - "name":"GLSA-201911-04", - "url":"https://security.gentoo.org/glsa/201911-04" + "refsource": "GENTOO", + "name": "GLSA-201911-04", + "url": "https://security.gentoo.org/glsa/201911-04" }, { - "refsource":"CONFIRM", - "name":"https://www.tenable.com/security/tns-2019-08", - "url":"https://www.tenable.com/security/tns-2019-08" + "refsource": "CONFIRM", + "name": "https://www.tenable.com/security/tns-2019-08", + "url": "https://www.tenable.com/security/tns-2019-08" }, { - "refsource":"CONFIRM", - "name":"https://www.tenable.com/security/tns-2019-09", - "url":"https://www.tenable.com/security/tns-2019-09" + "refsource": "CONFIRM", + "name": "https://www.tenable.com/security/tns-2019-09", + "url": "https://www.tenable.com/security/tns-2019-09" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/1xxx/CVE-2019-1549.json b/2019/1xxx/CVE-2019-1549.json index cc04908f335..ed34f3e5bc3 100644 --- a/2019/1xxx/CVE-2019-1549.json +++ b/2019/1xxx/CVE-2019-1549.json @@ -1,125 +1,126 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"openssl-security@openssl.org", - "DATE_PUBLIC":"2019-09-10", - "ID":"CVE-2019-1549", - "STATE":"PUBLIC", - "TITLE":"Fork Protection" + "CVE_data_meta": { + "ASSIGNER": "openssl-security@openssl.org", + "DATE_PUBLIC": "2019-09-10", + "ID": "CVE-2019-1549", + "STATE": "PUBLIC", + "TITLE": "Fork Protection" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"OpenSSL", - "version":{ - "version_data":[ + "product_name": "OpenSSL", + "version": { + "version_data": [ { - "version_value":"Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" + "version_value": "Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" } ] } } ] }, - "vendor_name":"OpenSSL" + "vendor_name": "OpenSSL" } ] } }, - "credit":[ + "credit": [ { - "lang":"eng", - "value":"Matt Caswell" + "lang": "eng", + "value": "Matt Caswell" } ], - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)." + "lang": "eng", + "value": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)." } ] }, - "impact":[ + "impact": [ { - "lang":"eng", - "url":"https://www.openssl.org/policies/secpolicy.html#Low", - "value":"Low" + "lang": "eng", + "url": "https://www.openssl.org/policies/secpolicy.html#Low", + "value": "Low" } ], - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Random Number Generation" + "lang": "eng", + "value": "Random Number Generation" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://www.openssl.org/news/secadv/20190910.txt", - "refsource":"CONFIRM", - "url":"https://www.openssl.org/news/secadv/20190910.txt" + "name": "https://www.openssl.org/news/secadv/20190910.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20190910.txt" }, { - "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", - "refsource":"CONFIRM", - "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be" + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190919-0002/", - "url":"https://security.netapp.com/advisory/ntap-20190919-0002/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190919-0002/", + "url": "https://security.netapp.com/advisory/ntap-20190919-0002/" }, { - "refsource":"CONFIRM", - "name":"https://support.f5.com/csp/article/K44070243", - "url":"https://support.f5.com/csp/article/K44070243" + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K44070243", + "url": "https://support.f5.com/csp/article/K44070243" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-d15aac6c4e", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/" + "refsource": "FEDORA", + "name": "FEDORA-2019-d15aac6c4e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-d51641f152", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/" + "refsource": "FEDORA", + "name": "FEDORA-2019-d51641f152", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/" }, { - "refsource":"BUGTRAQ", - "name":"20191001 [SECURITY] [DSA 4539-1] openssl security update", - "url":"https://seclists.org/bugtraq/2019/Oct/1" + "refsource": "BUGTRAQ", + "name": "20191001 [SECURITY] [DSA 4539-1] openssl security update", + "url": "https://seclists.org/bugtraq/2019/Oct/1" }, { - "refsource":"DEBIAN", - "name":"DSA-4539", - "url":"https://www.debian.org/security/2019/dsa-4539" + "refsource": "DEBIAN", + "name": "DSA-4539", + "url": "https://www.debian.org/security/2019/dsa-4539" }, { - "refsource":"CONFIRM", - "name":"https://support.f5.com/csp/article/K44070243?utm_source=f5support&utm_medium=RSS", - "url":"https://support.f5.com/csp/article/K44070243?utm_source=f5support&utm_medium=RSS" + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K44070243?utm_source=f5support&utm_medium=RSS", + "url": "https://support.f5.com/csp/article/K44070243?utm_source=f5support&utm_medium=RSS" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/1xxx/CVE-2019-1552.json b/2019/1xxx/CVE-2019-1552.json index 1134643284e..991f4cc29c5 100644 --- a/2019/1xxx/CVE-2019-1552.json +++ b/2019/1xxx/CVE-2019-1552.json @@ -1,151 +1,152 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"openssl-security@openssl.org", - "DATE_PUBLIC":"2019-07-30", - "ID":"CVE-2019-1552", - "STATE":"PUBLIC", - "TITLE":"Windows builds with insecure path defaults" + "CVE_data_meta": { + "ASSIGNER": "openssl-security@openssl.org", + "DATE_PUBLIC": "2019-07-30", + "ID": "CVE-2019-1552", + "STATE": "PUBLIC", + "TITLE": "Windows builds with insecure path defaults" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"OpenSSL", - "version":{ - "version_data":[ + "product_name": "OpenSSL", + "version": { + "version_data": [ { - "version_value":"Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" + "version_value": "Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" }, { - "version_value":"Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)" + "version_value": "Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)" }, { - "version_value":"Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)" + "version_value": "Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)" } ] } } ] }, - "vendor_name":"OpenSSL" + "vendor_name": "OpenSSL" } ] } }, - "credit":[ + "credit": [ { - "lang":"eng", - "value":"Rich Mirch" + "lang": "eng", + "value": "Rich Mirch" } ], - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be '/usr/local'. However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of 'C:/usr/local', which may be world writable, which enables untrusted users to modify OpenSSL's default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc. For OpenSSL 1.0.2, '/usr/local/ssl' is used as default for OPENSSLDIR on all Unix and Windows targets, including Visual C builds. However, some build instructions for the diverse Windows targets on 1.0.2 encourage you to specify your own --prefix. OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)." + "lang": "eng", + "value": "OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be '/usr/local'. However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of 'C:/usr/local', which may be world writable, which enables untrusted users to modify OpenSSL's default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc. For OpenSSL 1.0.2, '/usr/local/ssl' is used as default for OPENSSLDIR on all Unix and Windows targets, including Visual C builds. However, some build instructions for the diverse Windows targets on 1.0.2 encourage you to specify your own --prefix. OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)." } ] }, - "impact":[ + "impact": [ { - "lang":"eng", - "url":"https://www.openssl.org/policies/secpolicy.html#Low", - "value":"Low" + "lang": "eng", + "url": "https://www.openssl.org/policies/secpolicy.html#Low", + "value": "Low" } ], - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Insecure defaults" + "lang": "eng", + "value": "Insecure defaults" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://www.openssl.org/news/secadv/20190730.txt", - "refsource":"CONFIRM", - "url":"https://www.openssl.org/news/secadv/20190730.txt" + "name": "https://www.openssl.org/news/secadv/20190730.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20190730.txt" }, { - "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=54aa9d51b09d67e90db443f682cface795f5af9e", - "refsource":"CONFIRM", - "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=54aa9d51b09d67e90db443f682cface795f5af9e" + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=54aa9d51b09d67e90db443f682cface795f5af9e", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=54aa9d51b09d67e90db443f682cface795f5af9e" }, { - "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e32bc855a81a2d48d215c506bdeb4f598045f7e9", - "refsource":"CONFIRM", - "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e32bc855a81a2d48d215c506bdeb4f598045f7e9" + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e32bc855a81a2d48d215c506bdeb4f598045f7e9", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e32bc855a81a2d48d215c506bdeb4f598045f7e9" }, { - "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b15a19c148384e73338aa7c5b12652138e35ed28", - "refsource":"CONFIRM", - "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b15a19c148384e73338aa7c5b12652138e35ed28" + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b15a19c148384e73338aa7c5b12652138e35ed28", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b15a19c148384e73338aa7c5b12652138e35ed28" }, { - "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d333ebaf9c77332754a9d5e111e2f53e1de54fdd", - "refsource":"CONFIRM", - "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d333ebaf9c77332754a9d5e111e2f53e1de54fdd" + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d333ebaf9c77332754a9d5e111e2f53e1de54fdd", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d333ebaf9c77332754a9d5e111e2f53e1de54fdd" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190823-0006/", - "url":"https://security.netapp.com/advisory/ntap-20190823-0006/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190823-0006/", + "url": "https://security.netapp.com/advisory/ntap-20190823-0006/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-db06efdea1", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" + "refsource": "FEDORA", + "name": "FEDORA-2019-db06efdea1", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-00c25b9379", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" + "refsource": "FEDORA", + "name": "FEDORA-2019-00c25b9379", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-9a0a7c0986", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" + "refsource": "FEDORA", + "name": "FEDORA-2019-9a0a7c0986", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" }, { - "refsource":"CONFIRM", - "name":"https://support.f5.com/csp/article/K94041354", - "url":"https://support.f5.com/csp/article/K94041354" + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K94041354", + "url": "https://support.f5.com/csp/article/K94041354" }, { - "refsource":"CONFIRM", - "name":"https://support.f5.com/csp/article/K94041354?utm_source=f5support&utm_medium=RSS", - "url":"https://support.f5.com/csp/article/K94041354?utm_source=f5support&utm_medium=RSS" + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K94041354?utm_source=f5support&utm_medium=RSS", + "url": "https://support.f5.com/csp/article/K94041354?utm_source=f5support&utm_medium=RSS" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"CONFIRM", - "name":"https://www.tenable.com/security/tns-2019-08", - "url":"https://www.tenable.com/security/tns-2019-08" + "refsource": "CONFIRM", + "name": "https://www.tenable.com/security/tns-2019-08", + "url": "https://www.tenable.com/security/tns-2019-08" }, { - "refsource":"CONFIRM", - "name":"https://www.tenable.com/security/tns-2019-09", - "url":"https://www.tenable.com/security/tns-2019-09" + "refsource": "CONFIRM", + "name": "https://www.tenable.com/security/tns-2019-09", + "url": "https://www.tenable.com/security/tns-2019-09" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/1xxx/CVE-2019-1559.json b/2019/1xxx/CVE-2019-1559.json index 582aff8b302..b2fe63e889c 100644 --- a/2019/1xxx/CVE-2019-1559.json +++ b/2019/1xxx/CVE-2019-1559.json @@ -1,240 +1,241 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"openssl-security@openssl.org", - "DATE_PUBLIC":"2019-02-26", - "ID":"CVE-2019-1559", - "STATE":"PUBLIC", - "TITLE":"0-byte record padding oracle" + "CVE_data_meta": { + "ASSIGNER": "openssl-security@openssl.org", + "DATE_PUBLIC": "2019-02-26", + "ID": "CVE-2019-1559", + "STATE": "PUBLIC", + "TITLE": "0-byte record padding oracle" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"OpenSSL", - "version":{ - "version_data":[ + "product_name": "OpenSSL", + "version": { + "version_data": [ { - "version_value":"Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)" + "version_value": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)" } ] } } ] }, - "vendor_name":"OpenSSL" + "vendor_name": "OpenSSL" } ] } }, - "credit":[ + "credit": [ { - "lang":"eng", - "value":"Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt" + "lang": "eng", + "value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt" } ], - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)." + "lang": "eng", + "value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)." } ] }, - "impact":[ + "impact": [ { - "lang":"eng", - "url":"https://www.openssl.org/policies/secpolicy.html#Moderate", - "value":"Moderate" + "lang": "eng", + "url": "https://www.openssl.org/policies/secpolicy.html#Moderate", + "value": "Moderate" } ], - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Padding Oracle" + "lang": "eng", + "value": "Padding Oracle" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://security.netapp.com/advisory/ntap-20190301-0001/", - "refsource":"CONFIRM", - "url":"https://security.netapp.com/advisory/ntap-20190301-0001/" + "name": "https://security.netapp.com/advisory/ntap-20190301-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190301-0001/" }, { - "name":"https://security.netapp.com/advisory/ntap-20190301-0002/", - "refsource":"CONFIRM", - "url":"https://security.netapp.com/advisory/ntap-20190301-0002/" + "name": "https://security.netapp.com/advisory/ntap-20190301-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190301-0002/" }, { - "name":"107174", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/107174" + "name": "107174", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107174" }, { - "name":"GLSA-201903-10", - "refsource":"GENTOO", - "url":"https://security.gentoo.org/glsa/201903-10" + "name": "GLSA-201903-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201903-10" }, { - "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", - "refsource":"CONFIRM", - "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e" + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e" }, { - "name":"USN-3899-1", - "refsource":"UBUNTU", - "url":"https://usn.ubuntu.com/3899-1/" + "name": "USN-3899-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3899-1/" }, { - "name":"[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update", - "refsource":"MLIST", - "url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html" + "name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html" }, { - "name":"https://www.openssl.org/news/secadv/20190226.txt", - "refsource":"CONFIRM", - "url":"https://www.openssl.org/news/secadv/20190226.txt" + "name": "https://www.openssl.org/news/secadv/20190226.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20190226.txt" }, { - "name":"DSA-4400", - "refsource":"DEBIAN", - "url":"https://www.debian.org/security/2019/dsa-4400" + "name": "DSA-4400", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4400" }, { - "refsource":"CONFIRM", - "name":"https://support.f5.com/csp/article/K18549143", - "url":"https://support.f5.com/csp/article/K18549143" + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K18549143", + "url": "https://support.f5.com/csp/article/K18549143" }, { - "refsource":"CONFIRM", - "name":"https://www.tenable.com/security/tns-2019-02", - "url":"https://www.tenable.com/security/tns-2019-02" + "refsource": "CONFIRM", + "name": "https://www.tenable.com/security/tns-2019-02", + "url": "https://www.tenable.com/security/tns-2019-02" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1076", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1076", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1105", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1105", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1173", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1173", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1175", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1175", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190423-0002/", - "url":"https://security.netapp.com/advisory/ntap-20190423-0002/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190423-0002/", + "url": "https://security.netapp.com/advisory/ntap-20190423-0002/" }, { - "refsource":"CONFIRM", - "name":"https://www.tenable.com/security/tns-2019-03", - "url":"https://www.tenable.com/security/tns-2019-03" + "refsource": "CONFIRM", + "name": "https://www.tenable.com/security/tns-2019-03", + "url": "https://www.tenable.com/security/tns-2019-03" }, { - "refsource":"CONFIRM", - "name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10282", - "url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10282" + "refsource": "CONFIRM", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10282", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10282" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1432", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1432", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1637", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1637", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2304", - "url":"https://access.redhat.com/errata/RHSA-2019:2304" + "refsource": "REDHAT", + "name": "RHSA-2019:2304", + "url": "https://access.redhat.com/errata/RHSA-2019:2304" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2439", - "url":"https://access.redhat.com/errata/RHSA-2019:2439" + "refsource": "REDHAT", + "name": "RHSA-2019:2439", + "url": "https://access.redhat.com/errata/RHSA-2019:2439" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2437", - "url":"https://access.redhat.com/errata/RHSA-2019:2437" + "refsource": "REDHAT", + "name": "RHSA-2019:2437", + "url": "https://access.redhat.com/errata/RHSA-2019:2437" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2471", - "url":"https://access.redhat.com/errata/RHSA-2019:2471" + "refsource": "REDHAT", + "name": "RHSA-2019:2471", + "url": "https://access.redhat.com/errata/RHSA-2019:2471" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-db06efdea1", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" + "refsource": "FEDORA", + "name": "FEDORA-2019-db06efdea1", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-00c25b9379", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" + "refsource": "FEDORA", + "name": "FEDORA-2019-00c25b9379", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-9a0a7c0986", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" + "refsource": "FEDORA", + "name": "FEDORA-2019-9a0a7c0986", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" }, { - "refsource":"CONFIRM", - "name":"https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS", - "url":"https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS" + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS", + "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3929", - "url":"https://access.redhat.com/errata/RHSA-2019:3929" + "refsource": "REDHAT", + "name": "RHSA-2019:3929", + "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3931", - "url":"https://access.redhat.com/errata/RHSA-2019:3931" + "refsource": "REDHAT", + "name": "RHSA-2019:3931", + "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/1xxx/CVE-2019-1563.json b/2019/1xxx/CVE-2019-1563.json index 97e85db00b9..1ffaa475d9a 100644 --- a/2019/1xxx/CVE-2019-1563.json +++ b/2019/1xxx/CVE-2019-1563.json @@ -1,191 +1,192 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"openssl-security@openssl.org", - "DATE_PUBLIC":"2019-09-10", - "ID":"CVE-2019-1563", - "STATE":"PUBLIC", - "TITLE":"Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey" + "CVE_data_meta": { + "ASSIGNER": "openssl-security@openssl.org", + "DATE_PUBLIC": "2019-09-10", + "ID": "CVE-2019-1563", + "STATE": "PUBLIC", + "TITLE": "Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"OpenSSL", - "version":{ - "version_data":[ + "product_name": "OpenSSL", + "version": { + "version_data": [ { - "version_value":"Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" + "version_value": "Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" }, { - "version_value":"Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)" + "version_value": "Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)" }, { - "version_value":"Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)" + "version_value": "Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)" } ] } } ] }, - "vendor_name":"OpenSSL" + "vendor_name": "OpenSSL" } ] } }, - "credit":[ + "credit": [ { - "lang":"eng", - "value":"Bernd Edlinger" + "lang": "eng", + "value": "Bernd Edlinger" } ], - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)." + "lang": "eng", + "value": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)." } ] }, - "impact":[ + "impact": [ { - "lang":"eng", - "url":"https://www.openssl.org/policies/secpolicy.html#Low", - "value":"Low" + "lang": "eng", + "url": "https://www.openssl.org/policies/secpolicy.html#Low", + "value": "Low" } ], - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Padding Oracle" + "lang": "eng", + "value": "Padding Oracle" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://www.openssl.org/news/secadv/20190910.txt", - "refsource":"CONFIRM", - "url":"https://www.openssl.org/news/secadv/20190910.txt" + "name": "https://www.openssl.org/news/secadv/20190910.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20190910.txt" }, { - "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "refsource":"CONFIRM", - "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64" + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64" }, { - "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "refsource":"CONFIRM", - "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97" + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97" }, { - "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "refsource":"CONFIRM", - "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f" + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f" }, { - "refsource":"BUGTRAQ", - "name":"20190912 [slackware-security] openssl (SSA:2019-254-03)", - "url":"https://seclists.org/bugtraq/2019/Sep/25" + "refsource": "BUGTRAQ", + "name": "20190912 [slackware-security] openssl (SSA:2019-254-03)", + "url": "https://seclists.org/bugtraq/2019/Sep/25" }, { - "refsource":"MISC", - "name":"http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "url":"http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html" + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "url": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190919-0002/", - "url":"https://security.netapp.com/advisory/ntap-20190919-0002/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190919-0002/", + "url": "https://security.netapp.com/advisory/ntap-20190919-0002/" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:2158", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2158", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-d15aac6c4e", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/" + "refsource": "FEDORA", + "name": "FEDORA-2019-d15aac6c4e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:2189", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2189", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-d51641f152", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/" + "refsource": "FEDORA", + "name": "FEDORA-2019-d51641f152", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/" }, { - "refsource":"BUGTRAQ", - "name":"20191001 [SECURITY] [DSA 4539-1] openssl security update", - "url":"https://seclists.org/bugtraq/2019/Oct/1" + "refsource": "BUGTRAQ", + "name": "20191001 [SECURITY] [DSA 4539-1] openssl security update", + "url": "https://seclists.org/bugtraq/2019/Oct/1" }, { - "refsource":"BUGTRAQ", - "name":"20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update", - "url":"https://seclists.org/bugtraq/2019/Oct/0" + "refsource": "BUGTRAQ", + "name": "20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update", + "url": "https://seclists.org/bugtraq/2019/Oct/0" }, { - "refsource":"DEBIAN", - "name":"DSA-4539", - "url":"https://www.debian.org/security/2019/dsa-4539" + "refsource": "DEBIAN", + "name": "DSA-4539", + "url": "https://www.debian.org/security/2019/dsa-4539" }, { - "refsource":"DEBIAN", - "name":"DSA-4540", - "url":"https://www.debian.org/security/2019/dsa-4540" + "refsource": "DEBIAN", + "name": "DSA-4540", + "url": "https://www.debian.org/security/2019/dsa-4540" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:2268", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2268", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:2269", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2269", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html" }, { - "refsource":"CONFIRM", - "name":"https://support.f5.com/csp/article/K97324400?utm_source=f5support&utm_medium=RSS", - "url":"https://support.f5.com/csp/article/K97324400?utm_source=f5support&utm_medium=RSS" + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K97324400?utm_source=f5support&utm_medium=RSS", + "url": "https://support.f5.com/csp/article/K97324400?utm_source=f5support&utm_medium=RSS" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"GENTOO", - "name":"GLSA-201911-04", - "url":"https://security.gentoo.org/glsa/201911-04" + "refsource": "GENTOO", + "name": "GLSA-201911-04", + "url": "https://security.gentoo.org/glsa/201911-04" }, { - "refsource":"CONFIRM", - "name":"https://www.tenable.com/security/tns-2019-09", - "url":"https://www.tenable.com/security/tns-2019-09" + "refsource": "CONFIRM", + "name": "https://www.tenable.com/security/tns-2019-09", + "url": "https://www.tenable.com/security/tns-2019-09" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/2xxx/CVE-2019-2904.json b/2019/2xxx/CVE-2019-2904.json index d13acdd70f0..5ccecad0162 100644 --- a/2019/2xxx/CVE-2019-2904.json +++ b/2019/2xxx/CVE-2019-2904.json @@ -1,22 +1,29 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2019-2904", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2904", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name": "Retail Sales Audit", + "product_name": "JDeveloper", "version": { "version_data": [ { - "version_value": "15.0.3. 16.0.2", + "version_value": "11.1.1.9.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", "version_affected": "=" } ] @@ -24,64 +31,40 @@ } ] }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"JDeveloper", - "version":{ - "version_data":[ - { - "version_value":"11.1.1.9.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation" + "vendor_name": "Oracle Corporation" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + "lang": "eng", + "value": "Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF." + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF." } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "refsource": "MISC", @@ -94,8 +77,10 @@ "name": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" - } + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3862.json b/2019/3xxx/CVE-2019-3862.json index c7dbf74ad86..a6f2bc0ecb9 100644 --- a/2019/3xxx/CVE-2019-3862.json +++ b/2019/3xxx/CVE-2019-3862.json @@ -1,26 +1,25 @@ - { - "data_type":"CVE", - "data_format":"MITRE", - "data_version":"4.0", - "CVE_data_meta":{ - "ID":"CVE-2019-3862", - "ASSIGNER":"secalert@redhat.com", - "STATE":"PUBLIC" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3862", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "vendor_name":"The libssh2 Project", - "product":{ - "product_data":[ + "vendor_name": "The libssh2 Project", + "product": { + "product_data": [ { - "product_name":"libssh2", - "version":{ - "version_data":[ + "product_name": "libssh2", + "version": { + "version_data": [ { - "version_value":"1.8.1" + "version_value": "1.8.1" } ] } @@ -31,124 +30,126 @@ ] } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"CWE-130" + "lang": "eng", + "value": "CWE-130" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"MLIST", - "name":"[oss-security] 20190318 [SECURITY ADVISORIES] libssh2", - "url":"http://www.openwall.com/lists/oss-security/2019/03/18/3" + "refsource": "MLIST", + "name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2", + "url": "http://www.openwall.com/lists/oss-security/2019/03/18/3" }, { - "refsource":"BUGTRAQ", - "name":"20190319 [slackware-security] libssh2 (SSA:2019-077-01)", - "url":"https://seclists.org/bugtraq/2019/Mar/25" + "refsource": "BUGTRAQ", + "name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)", + "url": "https://seclists.org/bugtraq/2019/Mar/25" }, { - "url":"https://www.libssh2.org/CVE-2019-3862.html", - "refsource":"MISC", - "name":"https://www.libssh2.org/CVE-2019-3862.html" + "url": "https://www.libssh2.org/CVE-2019-3862.html", + "refsource": "MISC", + "name": "https://www.libssh2.org/CVE-2019-3862.html" }, { - "url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", - "name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", - "refsource":"CONFIRM" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", + "refsource": "CONFIRM" }, { - "refsource":"MISC", - "name":"http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "url":"http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html" + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html" }, { - "refsource":"BID", - "name":"107485", - "url":"http://www.securityfocus.com/bid/107485" + "refsource": "BID", + "name": "107485", + "url": "http://www.securityfocus.com/bid/107485" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-f31c14682f", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/" + "refsource": "FEDORA", + "name": "FEDORA-2019-f31c14682f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/" }, { - "refsource":"CONFIRM", - "name":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767" + "refsource": "CONFIRM", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190327-0005/", - "url":"https://security.netapp.com/advisory/ntap-20190327-0005/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190327-0005/", + "url": "https://security.netapp.com/advisory/ntap-20190327-0005/" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1075", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1075", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1109", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1109", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-3348cb4934", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/" + "refsource": "FEDORA", + "name": "FEDORA-2019-3348cb4934", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/" }, { - "refsource":"DEBIAN", - "name":"DSA-4431", - "url":"https://www.debian.org/security/2019/dsa-4431" + "refsource": "DEBIAN", + "name": "DSA-4431", + "url": "https://www.debian.org/security/2019/dsa-4431" }, { - "refsource":"BUGTRAQ", - "name":"20190415 [SECURITY] [DSA 4431-1] libssh2 security update", - "url":"https://seclists.org/bugtraq/2019/Apr/25" + "refsource": "BUGTRAQ", + "name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update", + "url": "https://seclists.org/bugtraq/2019/Apr/25" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1884", - "url":"https://access.redhat.com/errata/RHSA-2019:1884" + "refsource": "REDHAT", + "name": "RHSA-2019:1884", + "url": "https://access.redhat.com/errata/RHSA-2019:1884" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description":{ - "description_data":[ + "description": { + "description_data": [ { - "lang":"eng", - "value":"An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory." + "lang": "eng", + "value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory." } ] }, - "impact":{ - "cvss":[ + "impact": { + "cvss": [ [ { - "vectorString":"7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "version":"3.0" + "vectorString": "7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" } ] ] diff --git a/2020/3xxx/CVE-2020-3941.json b/2020/3xxx/CVE-2020-3941.json index e74a8417199..8e6add8e52d 100644 --- a/2020/3xxx/CVE-2020-3941.json +++ b/2020/3xxx/CVE-2020-3941.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3941", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "VMware", + "product": { + "product_data": [ + { + "product_name": "VMware Tools for Windows (VMware Tools)", + "version": { + "version_data": [ + { + "version_value": "VMware Tools for Windows 10.x.y" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "VMware Tools privilege escalation vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.vmware.com/security/advisories/VMSA-2020-0002.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2020-0002.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11." } ] } From d68231080b5756bcee43eee70adeab1470a5de17 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 20:01:40 +0000 Subject: [PATCH 100/387] "-Synchronized-Data." --- 2019/5xxx/CVE-2019-5481.json | 103 +++++------ 2019/5xxx/CVE-2019-5482.json | 103 +++++------ 2019/5xxx/CVE-2019-5718.json | 97 +++++----- 2019/8xxx/CVE-2019-8457.json | 127 ++++++------- 2019/9xxx/CVE-2019-9208.json | 115 ++++++------ 2019/9xxx/CVE-2019-9636.json | 337 ++++++++++++++++++----------------- 2019/9xxx/CVE-2019-9936.json | 127 ++++++------- 2019/9xxx/CVE-2019-9937.json | 127 ++++++------- 8 files changed, 572 insertions(+), 564 deletions(-) diff --git a/2019/5xxx/CVE-2019-5481.json b/2019/5xxx/CVE-2019-5481.json index 71914cfe4e1..111fa9f03f0 100644 --- a/2019/5xxx/CVE-2019-5481.json +++ b/2019/5xxx/CVE-2019-5481.json @@ -1,26 +1,25 @@ - { - "data_type":"CVE", - "data_format":"MITRE", - "data_version":"4.0", - "CVE_data_meta":{ - "ID":"CVE-2019-5481", - "ASSIGNER":"support@hackerone.com", - "STATE":"PUBLIC" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5481", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "vendor_name":"n/a", - "product":{ - "product_data":[ + "vendor_name": "n/a", + "product": { + "product_data": [ { - "product_name":"curl", - "version":{ - "version_data":[ + "product_name": "curl", + "version": { + "version_data": [ { - "version_value":"7.52.0 to 7.65.3" + "version_value": "7.52.0 to 7.65.3" } ] } @@ -31,65 +30,67 @@ ] } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Double Free (CWE-415)" + "lang": "eng", + "value": "Double Free (CWE-415)" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"CONFIRM", - "name":"https://curl.haxx.se/docs/CVE-2019-5481.html", - "url":"https://curl.haxx.se/docs/CVE-2019-5481.html" + "refsource": "CONFIRM", + "name": "https://curl.haxx.se/docs/CVE-2019-5481.html", + "url": "https://curl.haxx.se/docs/CVE-2019-5481.html" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:2149", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2149", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-9e6357d82f", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/" + "refsource": "FEDORA", + "name": "FEDORA-2019-9e6357d82f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-6d7f6fa2c8", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/" + "refsource": "FEDORA", + "name": "FEDORA-2019-6d7f6fa2c8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:2169", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2169", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-f2a520135e", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/" + "refsource": "FEDORA", + "name": "FEDORA-2019-f2a520135e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20191004-0003/", - "url":"https://security.netapp.com/advisory/ntap-20191004-0003/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20191004-0003/", + "url": "https://security.netapp.com/advisory/ntap-20191004-0003/" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description":{ - "description_data":[ + "description": { + "description_data": [ { - "lang":"eng", - "value":"Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3." + "lang": "eng", + "value": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3." } ] } diff --git a/2019/5xxx/CVE-2019-5482.json b/2019/5xxx/CVE-2019-5482.json index 2a7ed5b7e21..ea2044226e8 100644 --- a/2019/5xxx/CVE-2019-5482.json +++ b/2019/5xxx/CVE-2019-5482.json @@ -1,26 +1,25 @@ - { - "data_type":"CVE", - "data_format":"MITRE", - "data_version":"4.0", - "CVE_data_meta":{ - "ID":"CVE-2019-5482", - "ASSIGNER":"support@hackerone.com", - "STATE":"PUBLIC" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5482", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "vendor_name":"n/a", - "product":{ - "product_data":[ + "vendor_name": "n/a", + "product": { + "product_data": [ { - "product_name":"curl", - "version":{ - "version_data":[ + "product_name": "curl", + "version": { + "version_data": [ { - "version_value":"7.19.4 to 7.65.3" + "version_value": "7.19.4 to 7.65.3" } ] } @@ -31,65 +30,67 @@ ] } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Heap Overflow (CWE-122)" + "lang": "eng", + "value": "Heap Overflow (CWE-122)" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"CONFIRM", - "name":"https://curl.haxx.se/docs/CVE-2019-5482.html", - "url":"https://curl.haxx.se/docs/CVE-2019-5482.html" + "refsource": "CONFIRM", + "name": "https://curl.haxx.se/docs/CVE-2019-5482.html", + "url": "https://curl.haxx.se/docs/CVE-2019-5482.html" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:2149", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2149", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-9e6357d82f", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/" + "refsource": "FEDORA", + "name": "FEDORA-2019-9e6357d82f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-6d7f6fa2c8", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/" + "refsource": "FEDORA", + "name": "FEDORA-2019-6d7f6fa2c8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:2169", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2169", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-f2a520135e", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/" + "refsource": "FEDORA", + "name": "FEDORA-2019-f2a520135e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20191004-0003/", - "url":"https://security.netapp.com/advisory/ntap-20191004-0003/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20191004-0003/", + "url": "https://security.netapp.com/advisory/ntap-20191004-0003/" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description":{ - "description_data":[ + "description": { + "description_data": [ { - "lang":"eng", - "value":"Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3." + "lang": "eng", + "value": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3." } ] } diff --git a/2019/5xxx/CVE-2019-5718.json b/2019/5xxx/CVE-2019-5718.json index d7ae996b2a0..b82ba7dca72 100644 --- a/2019/5xxx/CVE-2019-5718.json +++ b/2019/5xxx/CVE-2019-5718.json @@ -1,90 +1,91 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-5718", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5718", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check." + "lang": "eng", + "value": "In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373", - "refsource":"MISC", - "url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373" + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373" }, { - "name":"106482", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/106482" + "name": "106482", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106482" }, { - "name":"https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1", - "refsource":"MISC", - "url":"https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1" + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1", + "refsource": "MISC", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1" }, { - "name":"https://www.wireshark.org/security/wnpa-sec-2019-03.html", - "refsource":"MISC", - "url":"https://www.wireshark.org/security/wnpa-sec-2019-03.html" + "name": "https://www.wireshark.org/security/wnpa-sec-2019-03.html", + "refsource": "MISC", + "url": "https://www.wireshark.org/security/wnpa-sec-2019-03.html" }, { - "refsource":"DEBIAN", - "name":"DSA-4416", - "url":"https://www.debian.org/security/2019/dsa-4416" + "refsource": "DEBIAN", + "name": "DSA-4416", + "url": "https://www.debian.org/security/2019/dsa-4416" }, { - "refsource":"BUGTRAQ", - "name":"20190324 [SECURITY] [DSA 4416-1] wireshark security update", - "url":"https://seclists.org/bugtraq/2019/Mar/35" + "refsource": "BUGTRAQ", + "name": "20190324 [SECURITY] [DSA 4416-1] wireshark security update", + "url": "https://seclists.org/bugtraq/2019/Mar/35" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/8xxx/CVE-2019-8457.json b/2019/8xxx/CVE-2019-8457.json index d30ef48b5a5..8fc078c3119 100644 --- a/2019/8xxx/CVE-2019-8457.json +++ b/2019/8xxx/CVE-2019-8457.json @@ -1,26 +1,25 @@ - { - "data_type":"CVE", - "data_format":"MITRE", - "data_version":"4.0", - "CVE_data_meta":{ - "ID":"CVE-2019-8457", - "ASSIGNER":"cve@checkpoint.com", - "STATE":"PUBLIC" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8457", + "ASSIGNER": "cve@checkpoint.com", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "vendor_name":"n/a", - "product":{ - "product_data":[ + "vendor_name": "n/a", + "product": { + "product_data": [ { - "product_name":"SQLite", - "version":{ - "version_data":[ + "product_name": "SQLite", + "version": { + "version_data": [ { - "version_value":"From 3.6.0 to 3.27.2 including" + "version_value": "From 3.6.0 to 3.27.2 including" } ] } @@ -31,85 +30,87 @@ ] } }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"CWE-125: Out-of-bounds Read" + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "refsource":"MISC", - "name":"https://www.sqlite.org/src/info/90acdbfce9c08858", - "url":"https://www.sqlite.org/src/info/90acdbfce9c08858" + "refsource": "MISC", + "name": "https://www.sqlite.org/src/info/90acdbfce9c08858", + "url": "https://www.sqlite.org/src/info/90acdbfce9c08858" }, { - "refsource":"MISC", - "name":"https://www.sqlite.org/releaselog/3_28_0.html", - "url":"https://www.sqlite.org/releaselog/3_28_0.html" + "refsource": "MISC", + "name": "https://www.sqlite.org/releaselog/3_28_0.html", + "url": "https://www.sqlite.org/releaselog/3_28_0.html" }, { - "refsource":"UBUNTU", - "name":"USN-4004-1", - "url":"https://usn.ubuntu.com/4004-1/" + "refsource": "UBUNTU", + "name": "USN-4004-1", + "url": "https://usn.ubuntu.com/4004-1/" }, { - "refsource":"UBUNTU", - "name":"USN-4004-2", - "url":"https://usn.ubuntu.com/4004-2/" + "refsource": "UBUNTU", + "name": "USN-4004-2", + "url": "https://usn.ubuntu.com/4004-2/" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190606-0002/", - "url":"https://security.netapp.com/advisory/ntap-20190606-0002/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190606-0002/", + "url": "https://security.netapp.com/advisory/ntap-20190606-0002/" }, { - "refsource":"UBUNTU", - "name":"USN-4019-1", - "url":"https://usn.ubuntu.com/4019-1/" + "refsource": "UBUNTU", + "name": "USN-4019-1", + "url": "https://usn.ubuntu.com/4019-1/" }, { - "refsource":"UBUNTU", - "name":"USN-4019-2", - "url":"https://usn.ubuntu.com/4019-2/" + "refsource": "UBUNTU", + "name": "USN-4019-2", + "url": "https://usn.ubuntu.com/4019-2/" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1645", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1645", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-02b81266b7", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/" + "refsource": "FEDORA", + "name": "FEDORA-2019-02b81266b7", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-3377813d18", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/" + "refsource": "FEDORA", + "name": "FEDORA-2019-3377813d18", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description":{ - "description_data":[ + "description": { + "description_data": [ { - "lang":"eng", - "value":"SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables." + "lang": "eng", + "value": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables." } ] } diff --git a/2019/9xxx/CVE-2019-9208.json b/2019/9xxx/CVE-2019-9208.json index 8cd2cdd79eb..cabb410dc41 100644 --- a/2019/9xxx/CVE-2019-9208.json +++ b/2019/9xxx/CVE-2019-9208.json @@ -1,105 +1,106 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-9208", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9208", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences." + "lang": "eng", + "value": "In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"107203", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/107203" + "name": "107203", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107203" }, { - "name":"https://www.wireshark.org/security/wnpa-sec-2019-07.html", - "refsource":"MISC", - "url":"https://www.wireshark.org/security/wnpa-sec-2019-07.html" + "name": "https://www.wireshark.org/security/wnpa-sec-2019-07.html", + "refsource": "MISC", + "url": "https://www.wireshark.org/security/wnpa-sec-2019-07.html" }, { - "name":"https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2", - "refsource":"MISC", - "url":"https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2" + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2", + "refsource": "MISC", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2" }, { - "name":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464", - "refsource":"MISC", - "url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464" + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464" }, { - "refsource":"DEBIAN", - "name":"DSA-4416", - "url":"https://www.debian.org/security/2019/dsa-4416" + "refsource": "DEBIAN", + "name": "DSA-4416", + "url": "https://www.debian.org/security/2019/dsa-4416" }, { - "refsource":"BUGTRAQ", - "name":"20190324 [SECURITY] [DSA 4416-1] wireshark security update", - "url":"https://seclists.org/bugtraq/2019/Mar/35" + "refsource": "BUGTRAQ", + "name": "20190324 [SECURITY] [DSA 4416-1] wireshark security update", + "url": "https://seclists.org/bugtraq/2019/Mar/35" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1108", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00007.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1108", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00007.html" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1390", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1390", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html" }, { - "refsource":"UBUNTU", - "name":"USN-3986-1", - "url":"https://usn.ubuntu.com/3986-1/" + "refsource": "UBUNTU", + "name": "USN-3986-1", + "url": "https://usn.ubuntu.com/3986-1/" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/9xxx/CVE-2019-9636.json b/2019/9xxx/CVE-2019-9636.json index 6244c716c7a..cbe53b86e29 100644 --- a/2019/9xxx/CVE-2019-9636.json +++ b/2019/9xxx/CVE-2019-9636.json @@ -1,290 +1,291 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-9636", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9636", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly." + "lang": "eng", + "value": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"https://github.com/python/cpython/pull/12201", - "refsource":"MISC", - "url":"https://github.com/python/cpython/pull/12201" + "name": "https://github.com/python/cpython/pull/12201", + "refsource": "MISC", + "url": "https://github.com/python/cpython/pull/12201" }, { - "name":"https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "refsource":"MISC", - "url":"https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html" + "name": "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", + "refsource": "MISC", + "url": "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html" }, { - "name":"107400", - "refsource":"BID", - "url":"http://www.securityfocus.com/bid/107400" + "name": "107400", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107400" }, { - "name":"https://bugs.python.org/issue36216", - "refsource":"MISC", - "url":"https://bugs.python.org/issue36216" + "name": "https://bugs.python.org/issue36216", + "refsource": "MISC", + "url": "https://bugs.python.org/issue36216" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-243442e600", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/" + "refsource": "FEDORA", + "name": "FEDORA-2019-243442e600", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-6e1938a3c5", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/" + "refsource": "FEDORA", + "name": "FEDORA-2019-6e1938a3c5", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-6baeb15da3", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/" + "refsource": "FEDORA", + "name": "FEDORA-2019-6baeb15da3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-cf725dd20b", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/" + "refsource": "FEDORA", + "name": "FEDORA-2019-cf725dd20b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-6b02154aa0", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/" + "refsource": "FEDORA", + "name": "FEDORA-2019-6b02154aa0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-7d9f3cf3ce", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/" + "refsource": "FEDORA", + "name": "FEDORA-2019-7d9f3cf3ce", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-51f1e08207", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/" + "refsource": "FEDORA", + "name": "FEDORA-2019-51f1e08207", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-a122fe704d", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/" + "refsource": "FEDORA", + "name": "FEDORA-2019-a122fe704d", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-86f32cbab1", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/" + "refsource": "FEDORA", + "name": "FEDORA-2019-86f32cbab1", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:0710", - "url":"https://access.redhat.com/errata/RHSA-2019:0710" + "refsource": "REDHAT", + "name": "RHSA-2019:0710", + "url": "https://access.redhat.com/errata/RHSA-2019:0710" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:0765", - "url":"https://access.redhat.com/errata/RHSA-2019:0765" + "refsource": "REDHAT", + "name": "RHSA-2019:0765", + "url": "https://access.redhat.com/errata/RHSA-2019:0765" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:0806", - "url":"https://access.redhat.com/errata/RHSA-2019:0806" + "refsource": "REDHAT", + "name": "RHSA-2019:0806", + "url": "https://access.redhat.com/errata/RHSA-2019:0806" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1273", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1273", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1282", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1282", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:0902", - "url":"https://access.redhat.com/errata/RHSA-2019:0902" + "refsource": "REDHAT", + "name": "RHSA-2019:0902", + "url": "https://access.redhat.com/errata/RHSA-2019:0902" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:0981", - "url":"https://access.redhat.com/errata/RHSA-2019:0981" + "refsource": "REDHAT", + "name": "RHSA-2019:0981", + "url": "https://access.redhat.com/errata/RHSA-2019:0981" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:0997", - "url":"https://access.redhat.com/errata/RHSA-2019:0997" + "refsource": "REDHAT", + "name": "RHSA-2019:0997", + "url": "https://access.redhat.com/errata/RHSA-2019:0997" }, { - "refsource":"REDHAT", - "name":"RHBA-2019:0959", - "url":"https://access.redhat.com/errata/RHBA-2019:0959" + "refsource": "REDHAT", + "name": "RHBA-2019:0959", + "url": "https://access.redhat.com/errata/RHBA-2019:0959" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1371", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1371", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-1ffd6b6064", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/" + "refsource": "FEDORA", + "name": "FEDORA-2019-1ffd6b6064", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190517-0001/", - "url":"https://security.netapp.com/advisory/ntap-20190517-0001/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190517-0001/", + "url": "https://security.netapp.com/advisory/ntap-20190517-0001/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-ec26883852", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/" + "refsource": "FEDORA", + "name": "FEDORA-2019-ec26883852", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1467", - "url":"https://access.redhat.com/errata/RHSA-2019:1467" + "refsource": "REDHAT", + "name": "RHSA-2019:1467", + "url": "https://access.redhat.com/errata/RHSA-2019:1467" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1580", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1580", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20190625 [SECURITY] [DLA 1834-1] python2.7 security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190625 [SECURITY] [DLA 1834-1] python2.7 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html" }, { - "refsource":"MLIST", - "name":"[debian-lts-announce] 20190625 [SECURITY] [DLA 1835-1] python3.4 security update", - "url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html" + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190625 [SECURITY] [DLA 1835-1] python3.4 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html" }, { - "refsource":"REDHAT", - "name":"RHBA-2019:0764", - "url":"https://access.redhat.com/errata/RHBA-2019:0764" + "refsource": "REDHAT", + "name": "RHBA-2019:0764", + "url": "https://access.redhat.com/errata/RHBA-2019:0764" }, { - "refsource":"REDHAT", - "name":"RHBA-2019:0763", - "url":"https://access.redhat.com/errata/RHBA-2019:0763" + "refsource": "REDHAT", + "name": "RHBA-2019:0763", + "url": "https://access.redhat.com/errata/RHBA-2019:0763" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-7723d4774a", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/" + "refsource": "FEDORA", + "name": "FEDORA-2019-7723d4774a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-7df59302e0", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/" + "refsource": "FEDORA", + "name": "FEDORA-2019-7df59302e0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-9bfb4a3e4b", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/" + "refsource": "FEDORA", + "name": "FEDORA-2019-9bfb4a3e4b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-60a1defcd1", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/" + "refsource": "FEDORA", + "name": "FEDORA-2019-60a1defcd1", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1906", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1906", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html" }, { - "refsource":"UBUNTU", - "name":"USN-4127-2", - "url":"https://usn.ubuntu.com/4127-2/" + "refsource": "UBUNTU", + "name": "USN-4127-2", + "url": "https://usn.ubuntu.com/4127-2/" }, { - "refsource":"UBUNTU", - "name":"USN-4127-1", - "url":"https://usn.ubuntu.com/4127-1/" + "refsource": "UBUNTU", + "name": "USN-4127-1", + "url": "https://usn.ubuntu.com/4127-1/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-5dc275c9f2", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/" + "refsource": "FEDORA", + "name": "FEDORA-2019-5dc275c9f2", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-2b1f72899a", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/" + "refsource": "FEDORA", + "name": "FEDORA-2019-2b1f72899a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:2980", - "url":"https://access.redhat.com/errata/RHSA-2019:2980" + "refsource": "REDHAT", + "name": "RHSA-2019:2980", + "url": "https://access.redhat.com/errata/RHSA-2019:2980" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:3170", - "url":"https://access.redhat.com/errata/RHSA-2019:3170" + "refsource": "REDHAT", + "name": "RHSA-2019:3170", + "url": "https://access.redhat.com/errata/RHSA-2019:3170" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-b06ec6159b", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/" + "refsource": "FEDORA", + "name": "FEDORA-2019-b06ec6159b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-d202cda4f8", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/" + "refsource": "FEDORA", + "name": "FEDORA-2019-d202cda4f8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-57462fa10d", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/" + "refsource": "FEDORA", + "name": "FEDORA-2019-57462fa10d", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/9xxx/CVE-2019-9936.json b/2019/9xxx/CVE-2019-9936.json index 99529a5878c..e7d595c6223 100644 --- a/2019/9xxx/CVE-2019-9936.json +++ b/2019/9xxx/CVE-2019-9936.json @@ -1,115 +1,116 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-9936", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9936", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c." + "lang": "eng", + "value": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114382.html", - "refsource":"MISC", - "name":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114382.html" + "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114382.html", + "refsource": "MISC", + "name": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114382.html" }, { - "url":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114394.html", - "refsource":"MISC", - "name":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114394.html" + "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114394.html", + "refsource": "MISC", + "name": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114394.html" }, { - "url":"https://sqlite.org/src/info/b3fa58dd7403dbd4", - "refsource":"MISC", - "name":"https://sqlite.org/src/info/b3fa58dd7403dbd4" + "url": "https://sqlite.org/src/info/b3fa58dd7403dbd4", + "refsource": "MISC", + "name": "https://sqlite.org/src/info/b3fa58dd7403dbd4" }, { - "refsource":"BID", - "name":"107562", - "url":"http://www.securityfocus.com/bid/107562" + "refsource": "BID", + "name": "107562", + "url": "http://www.securityfocus.com/bid/107562" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190416-0005/", - "url":"https://security.netapp.com/advisory/ntap-20190416-0005/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190416-0005/", + "url": "https://security.netapp.com/advisory/ntap-20190416-0005/" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1372", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1372", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-8641591b3c", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/" + "refsource": "FEDORA", + "name": "FEDORA-2019-8641591b3c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-a01751837d", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/" + "refsource": "FEDORA", + "name": "FEDORA-2019-a01751837d", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/" }, { - "refsource":"UBUNTU", - "name":"USN-4019-1", - "url":"https://usn.ubuntu.com/4019-1/" + "refsource": "UBUNTU", + "name": "USN-4019-1", + "url": "https://usn.ubuntu.com/4019-1/" }, { - "refsource":"GENTOO", - "name":"GLSA-201908-09", - "url":"https://security.gentoo.org/glsa/201908-09" + "refsource": "GENTOO", + "name": "GLSA-201908-09", + "url": "https://security.gentoo.org/glsa/201908-09" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/9xxx/CVE-2019-9937.json b/2019/9xxx/CVE-2019-9937.json index 25e97f6b913..bed8956f000 100644 --- a/2019/9xxx/CVE-2019-9937.json +++ b/2019/9xxx/CVE-2019-9937.json @@ -1,115 +1,116 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"cve@mitre.org", - "ID":"CVE-2019-9937", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9937", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c." + "lang": "eng", + "value": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114383.html", - "refsource":"MISC", - "name":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114383.html" + "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114383.html", + "refsource": "MISC", + "name": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114383.html" }, { - "url":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114393.html", - "refsource":"MISC", - "name":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114393.html" + "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114393.html", + "refsource": "MISC", + "name": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114393.html" }, { - "url":"https://sqlite.org/src/info/45c73deb440496e8", - "refsource":"MISC", - "name":"https://sqlite.org/src/info/45c73deb440496e8" + "url": "https://sqlite.org/src/info/45c73deb440496e8", + "refsource": "MISC", + "name": "https://sqlite.org/src/info/45c73deb440496e8" }, { - "refsource":"BID", - "name":"107562", - "url":"http://www.securityfocus.com/bid/107562" + "refsource": "BID", + "name": "107562", + "url": "http://www.securityfocus.com/bid/107562" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190416-0005/", - "url":"https://security.netapp.com/advisory/ntap-20190416-0005/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190416-0005/", + "url": "https://security.netapp.com/advisory/ntap-20190416-0005/" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1372", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1372", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-8641591b3c", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/" + "refsource": "FEDORA", + "name": "FEDORA-2019-8641591b3c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-a01751837d", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/" + "refsource": "FEDORA", + "name": "FEDORA-2019-a01751837d", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/" }, { - "refsource":"UBUNTU", - "name":"USN-4019-1", - "url":"https://usn.ubuntu.com/4019-1/" + "refsource": "UBUNTU", + "name": "USN-4019-1", + "url": "https://usn.ubuntu.com/4019-1/" }, { - "refsource":"GENTOO", - "name":"GLSA-201908-09", - "url":"https://security.gentoo.org/glsa/201908-09" + "refsource": "GENTOO", + "name": "GLSA-201908-09", + "url": "https://security.gentoo.org/glsa/201908-09" }, { - "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } From 8bfbf97a2e4cf31d4f2699c910839924354bf0af Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 21:01:19 +0000 Subject: [PATCH 101/387] "-Synchronized-Data." --- 2009/3xxx/CVE-2009-3724.json | 55 +++- 2009/5xxx/CVE-2009-5025.json | 60 +++- 2009/5xxx/CVE-2009-5068.json | 50 ++- 2016/1000xxx/CVE-2016-1000022.json | 83 +---- 2019/15xxx/CVE-2019-15010.json | 480 +++++++++++++++-------------- 2019/15xxx/CVE-2019-15012.json | 480 +++++++++++++++-------------- 2019/20xxx/CVE-2019-20097.json | 480 +++++++++++++++-------------- 2019/20xxx/CVE-2019-20372.json | 5 + 8 files changed, 891 insertions(+), 802 deletions(-) diff --git a/2009/3xxx/CVE-2009-3724.json b/2009/3xxx/CVE-2009-3724.json index 5f2bf87c31f..7bb35155c46 100644 --- a/2009/3xxx/CVE-2009-3724.json +++ b/2009/3xxx/CVE-2009-3724.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-3724", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "python-markdown2", + "product": { + "product_data": [ + { + "product_name": "python-markdown2", + "version": { + "version_data": [ + { + "version_value": "before 1.0.1.14" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2009/10/29/5", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2009/10/29/5" + }, + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-PYTHON-PYRAD-40000", + "url": "https://snyk.io/vuln/SNYK-PYTHON-PYRAD-40000" } ] } diff --git a/2009/5xxx/CVE-2009-5025.json b/2009/5xxx/CVE-2009-5025.json index 879df95e7c0..b65a1aeb1e4 100644 --- a/2009/5xxx/CVE-2009-5025.json +++ b/2009/5xxx/CVE-2009-5025.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-5025", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PyForum", + "product": { + "product_data": [ + { + "product_name": "PyForum", + "version": { + "version_data": [ + { + "version_value": "v1.0.3" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A backdoor (aka BMSA-2009-07) was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://packetstormsecurity.com/files/cve/CVE-2009-5025", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2009-5025" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2011/07/26/7", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/07/26/7" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2009/Nov/353", + "url": "https://seclists.org/fulldisclosure/2009/Nov/353" } ] } diff --git a/2009/5xxx/CVE-2009-5068.json b/2009/5xxx/CVE-2009-5068.json index 9054c098fa6..8c549885d3a 100644 --- a/2009/5xxx/CVE-2009-5068.json +++ b/2009/5xxx/CVE-2009-5068.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-5068", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SMF", + "product": { + "product_data": [ + { + "product_name": "SMF", + "version": { + "version_data": [ + { + "version_value": "through 2.0.3" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several \"co-admins\" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "file disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2013/02/01/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/02/01/4" } ] } diff --git a/2016/1000xxx/CVE-2016-1000022.json b/2016/1000xxx/CVE-2016-1000022.json index 0bbac96a332..3abef6a4615 100644 --- a/2016/1000xxx/CVE-2016-1000022.json +++ b/2016/1000xxx/CVE-2016-1000022.json @@ -1,86 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2016-1000022", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-1000022", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "negotiator before 0.6.1 is vulnerable to a regular expression DoS" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "name": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000022.json", - "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000022.json" - }, - { - "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000022", - "refsource": "MISC", - "name": "https://security-tracker.debian.org/tracker/CVE-2016-1000022" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000022", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000022" - }, - { - "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000022", - "refsource": "MISC", - "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000022" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:1605", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:1605" - }, - { - "refsource": "MISC", - "name": "https://www.npmjs.com/advisories/106", - "url": "https://www.npmjs.com/advisories/106" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10539. Reason: This candidate is a duplicate of CVE-2016-10539. Notes: All CVE users should reference CVE-2016-10539 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2019/15xxx/CVE-2019-15010.json b/2019/15xxx/CVE-2019-15010.json index a4e8af3b27c..b2325248f9f 100644 --- a/2019/15xxx/CVE-2019-15010.json +++ b/2019/15xxx/CVE-2019-15010.json @@ -1,241 +1,243 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2020-01-15T10:00:00", - "ID": "CVE-2019-15010", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Bitbucket Server", - "version": { - "version_data": [ - { - "version_value": "3.0", - "version_affected": ">=" - }, - { - "version_value": "5.16.11", - "version_affected": "<" - }, - { - "version_value": "6.0", - "version_affected": ">=" - }, - { - "version_value": "6.0.11", - "version_affected": "<" - }, - { - "version_value": "6.1.0", - "version_affected": ">=" - }, - { - "version_value": "6.1.9", - "version_affected": "<" - }, - { - "version_value": "6.2.0", - "version_affected": ">=" - }, - { - "version_value": "6.2.7", - "version_affected": "<" - }, - { - "version_value": "6.3.0", - "version_affected": ">=" - }, - { - "version_value": "6.3.6", - "version_affected": "<" - }, - { - "version_value": "6.4.0", - "version_affected": ">=" - }, - { - "version_value": "6.4.4", - "version_affected": "<" - }, - { - "version_value": "6.5.0", - "version_affected": ">=" - }, - { - "version_value": "6.5.3", - "version_affected": "<" - }, - { - "version_value": "6.6.0", - "version_affected": ">=" - }, - { - "version_value": "6.6.3", - "version_affected": "<" - }, - { - "version_value": "6.7.0", - "version_affected": ">=" - }, - { - "version_value": "6.7.3", - "version_affected": "<" - }, - { - "version_value": "6.8.0", - "version_affected": ">=" - }, - { - "version_value": "6.8.2", - "version_affected": "<" - }, - { - "version_value": "6.9.0", - "version_affected": ">=" - }, - { - "version_value": "6.9.1", - "version_affected": "<" - } - ] - } - }, - { - "product_name": "Bitbucket Data Center", - "version": { - "version_data": [ - { - "version_value": "3.0", - "version_affected": ">=" - }, - { - "version_value": "5.16.11", - "version_affected": "<" - }, - { - "version_value": "6.0", - "version_affected": ">=" - }, - { - "version_value": "6.0.11", - "version_affected": "<" - }, - { - "version_value": "6.1.0", - "version_affected": ">=" - }, - { - "version_value": "6.1.9", - "version_affected": "<" - }, - { - "version_value": "6.2.0", - "version_affected": ">=" - }, - { - "version_value": "6.2.7", - "version_affected": "<" - }, - { - "version_value": "6.3.0", - "version_affected": ">=" - }, - { - "version_value": "6.3.6", - "version_affected": "<" - }, - { - "version_value": "6.4.0", - "version_affected": ">=" - }, - { - "version_value": "6.4.4", - "version_affected": "<" - }, - { - "version_value": "6.5.0", - "version_affected": ">=" - }, - { - "version_value": "6.5.3", - "version_affected": "<" - }, - { - "version_value": "6.6.0", - "version_affected": ">=" - }, - { - "version_value": "6.6.3", - "version_affected": "<" - }, - { - "version_value": "6.7.0", - "version_affected": ">=" - }, - { - "version_value": "6.7.3", - "version_affected": "<" - }, - { - "version_value": "6.8.0", - "version_affected": ">=" - }, - { - "version_value": "6.8.2", - "version_affected": "<" - }, - { - "version_value": "6.9.0", - "version_affected": ">=" - }, - { - "version_value": "6.9.1", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim's systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim's Bitbucket Server or Bitbucket Data Center instance." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Expression Language Injection" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-01-15T10:00:00", + "ID": "CVE-2019-15010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bitbucket Server", + "version": { + "version_data": [ + { + "version_value": "3.0", + "version_affected": ">=" + }, + { + "version_value": "5.16.11", + "version_affected": "<" + }, + { + "version_value": "6.0", + "version_affected": ">=" + }, + { + "version_value": "6.0.11", + "version_affected": "<" + }, + { + "version_value": "6.1.0", + "version_affected": ">=" + }, + { + "version_value": "6.1.9", + "version_affected": "<" + }, + { + "version_value": "6.2.0", + "version_affected": ">=" + }, + { + "version_value": "6.2.7", + "version_affected": "<" + }, + { + "version_value": "6.3.0", + "version_affected": ">=" + }, + { + "version_value": "6.3.6", + "version_affected": "<" + }, + { + "version_value": "6.4.0", + "version_affected": ">=" + }, + { + "version_value": "6.4.4", + "version_affected": "<" + }, + { + "version_value": "6.5.0", + "version_affected": ">=" + }, + { + "version_value": "6.5.3", + "version_affected": "<" + }, + { + "version_value": "6.6.0", + "version_affected": ">=" + }, + { + "version_value": "6.6.3", + "version_affected": "<" + }, + { + "version_value": "6.7.0", + "version_affected": ">=" + }, + { + "version_value": "6.7.3", + "version_affected": "<" + }, + { + "version_value": "6.8.0", + "version_affected": ">=" + }, + { + "version_value": "6.8.2", + "version_affected": "<" + }, + { + "version_value": "6.9.0", + "version_affected": ">=" + }, + { + "version_value": "6.9.1", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Bitbucket Data Center", + "version": { + "version_data": [ + { + "version_value": "3.0", + "version_affected": ">=" + }, + { + "version_value": "5.16.11", + "version_affected": "<" + }, + { + "version_value": "6.0", + "version_affected": ">=" + }, + { + "version_value": "6.0.11", + "version_affected": "<" + }, + { + "version_value": "6.1.0", + "version_affected": ">=" + }, + { + "version_value": "6.1.9", + "version_affected": "<" + }, + { + "version_value": "6.2.0", + "version_affected": ">=" + }, + { + "version_value": "6.2.7", + "version_affected": "<" + }, + { + "version_value": "6.3.0", + "version_affected": ">=" + }, + { + "version_value": "6.3.6", + "version_affected": "<" + }, + { + "version_value": "6.4.0", + "version_affected": ">=" + }, + { + "version_value": "6.4.4", + "version_affected": "<" + }, + { + "version_value": "6.5.0", + "version_affected": ">=" + }, + { + "version_value": "6.5.3", + "version_affected": "<" + }, + { + "version_value": "6.6.0", + "version_affected": ">=" + }, + { + "version_value": "6.6.3", + "version_affected": "<" + }, + { + "version_value": "6.7.0", + "version_affected": ">=" + }, + { + "version_value": "6.7.3", + "version_affected": "<" + }, + { + "version_value": "6.8.0", + "version_affected": ">=" + }, + { + "version_value": "6.8.2", + "version_affected": "<" + }, + { + "version_value": "6.9.0", + "version_affected": ">=" + }, + { + "version_value": "6.9.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/BSERV-12098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim's systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim's Bitbucket Server or Bitbucket Data Center instance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Expression Language Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/BSERV-12098", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/BSERV-12098" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15012.json b/2019/15xxx/CVE-2019-15012.json index d07e470c37a..0048f50cbb4 100644 --- a/2019/15xxx/CVE-2019-15012.json +++ b/2019/15xxx/CVE-2019-15012.json @@ -1,241 +1,243 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2020-01-15T10:00:00", - "ID": "CVE-2019-15012", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Bitbucket Server", - "version": { - "version_data": [ - { - "version_value": "4.13", - "version_affected": ">=" - }, - { - "version_value": "5.16.11", - "version_affected": "<" - }, - { - "version_value": "6.0", - "version_affected": ">=" - }, - { - "version_value": "6.0.11", - "version_affected": "<" - }, - { - "version_value": "6.1.0", - "version_affected": ">=" - }, - { - "version_value": "6.1.9", - "version_affected": "<" - }, - { - "version_value": "6.2.0", - "version_affected": ">=" - }, - { - "version_value": "6.2.7", - "version_affected": "<" - }, - { - "version_value": "6.3.0", - "version_affected": ">=" - }, - { - "version_value": "6.3.6", - "version_affected": "<" - }, - { - "version_value": "6.4.0", - "version_affected": ">=" - }, - { - "version_value": "6.4.4", - "version_affected": "<" - }, - { - "version_value": "6.5.0", - "version_affected": ">=" - }, - { - "version_value": "6.5.3", - "version_affected": "<" - }, - { - "version_value": "6.6.0", - "version_affected": ">=" - }, - { - "version_value": "6.6.3", - "version_affected": "<" - }, - { - "version_value": "6.7.0", - "version_affected": ">=" - }, - { - "version_value": "6.7.3", - "version_affected": "<" - }, - { - "version_value": "6.8.0", - "version_affected": ">=" - }, - { - "version_value": "6.8.2", - "version_affected": "<" - }, - { - "version_value": "6.9.0", - "version_affected": ">=" - }, - { - "version_value": "6.9.1", - "version_affected": "<" - } - ] - } - }, - { - "product_name": "Bitbucket Data Center", - "version": { - "version_data": [ - { - "version_value": "4.13", - "version_affected": ">=" - }, - { - "version_value": "5.16.11", - "version_affected": "<" - }, - { - "version_value": "6.0", - "version_affected": ">=" - }, - { - "version_value": "6.0.11", - "version_affected": "<" - }, - { - "version_value": "6.1.0", - "version_affected": ">=" - }, - { - "version_value": "6.1.9", - "version_affected": "<" - }, - { - "version_value": "6.2.0", - "version_affected": ">=" - }, - { - "version_value": "6.2.7", - "version_affected": "<" - }, - { - "version_value": "6.3.0", - "version_affected": ">=" - }, - { - "version_value": "6.3.6", - "version_affected": "<" - }, - { - "version_value": "6.4.0", - "version_affected": ">=" - }, - { - "version_value": "6.4.4", - "version_affected": "<" - }, - { - "version_value": "6.5.0", - "version_affected": ">=" - }, - { - "version_value": "6.5.3", - "version_affected": "<" - }, - { - "version_value": "6.6.0", - "version_affected": ">=" - }, - { - "version_value": "6.6.3", - "version_affected": "<" - }, - { - "version_value": "6.7.0", - "version_affected": ">=" - }, - { - "version_value": "6.7.3", - "version_affected": "<" - }, - { - "version_value": "6.8.0", - "version_affected": ">=" - }, - { - "version_value": "6.8.2", - "version_affected": "<" - }, - { - "version_value": "6.9.0", - "version_affected": ">=" - }, - { - "version_value": "6.9.1", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permission on a repository can write to any arbitrary file to the victims Bitbucket Server or Bitbucket Data Center instance using the edit-file endpoint, if the user has Bitbucket Server or Bitbucket Data Center running, and has the permission to write the file at that destination. In some cases, this can result in execution of arbitrary code by the victims Bitbucket Server or Bitbucket Data Center instance." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Path traversal" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-01-15T10:00:00", + "ID": "CVE-2019-15012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bitbucket Server", + "version": { + "version_data": [ + { + "version_value": "4.13", + "version_affected": ">=" + }, + { + "version_value": "5.16.11", + "version_affected": "<" + }, + { + "version_value": "6.0", + "version_affected": ">=" + }, + { + "version_value": "6.0.11", + "version_affected": "<" + }, + { + "version_value": "6.1.0", + "version_affected": ">=" + }, + { + "version_value": "6.1.9", + "version_affected": "<" + }, + { + "version_value": "6.2.0", + "version_affected": ">=" + }, + { + "version_value": "6.2.7", + "version_affected": "<" + }, + { + "version_value": "6.3.0", + "version_affected": ">=" + }, + { + "version_value": "6.3.6", + "version_affected": "<" + }, + { + "version_value": "6.4.0", + "version_affected": ">=" + }, + { + "version_value": "6.4.4", + "version_affected": "<" + }, + { + "version_value": "6.5.0", + "version_affected": ">=" + }, + { + "version_value": "6.5.3", + "version_affected": "<" + }, + { + "version_value": "6.6.0", + "version_affected": ">=" + }, + { + "version_value": "6.6.3", + "version_affected": "<" + }, + { + "version_value": "6.7.0", + "version_affected": ">=" + }, + { + "version_value": "6.7.3", + "version_affected": "<" + }, + { + "version_value": "6.8.0", + "version_affected": ">=" + }, + { + "version_value": "6.8.2", + "version_affected": "<" + }, + { + "version_value": "6.9.0", + "version_affected": ">=" + }, + { + "version_value": "6.9.1", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Bitbucket Data Center", + "version": { + "version_data": [ + { + "version_value": "4.13", + "version_affected": ">=" + }, + { + "version_value": "5.16.11", + "version_affected": "<" + }, + { + "version_value": "6.0", + "version_affected": ">=" + }, + { + "version_value": "6.0.11", + "version_affected": "<" + }, + { + "version_value": "6.1.0", + "version_affected": ">=" + }, + { + "version_value": "6.1.9", + "version_affected": "<" + }, + { + "version_value": "6.2.0", + "version_affected": ">=" + }, + { + "version_value": "6.2.7", + "version_affected": "<" + }, + { + "version_value": "6.3.0", + "version_affected": ">=" + }, + { + "version_value": "6.3.6", + "version_affected": "<" + }, + { + "version_value": "6.4.0", + "version_affected": ">=" + }, + { + "version_value": "6.4.4", + "version_affected": "<" + }, + { + "version_value": "6.5.0", + "version_affected": ">=" + }, + { + "version_value": "6.5.3", + "version_affected": "<" + }, + { + "version_value": "6.6.0", + "version_affected": ">=" + }, + { + "version_value": "6.6.3", + "version_affected": "<" + }, + { + "version_value": "6.7.0", + "version_affected": ">=" + }, + { + "version_value": "6.7.3", + "version_affected": "<" + }, + { + "version_value": "6.8.0", + "version_affected": ">=" + }, + { + "version_value": "6.8.2", + "version_affected": "<" + }, + { + "version_value": "6.9.0", + "version_affected": ">=" + }, + { + "version_value": "6.9.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/BSERV-12100" - } - ] - } - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permission on a repository can write to any arbitrary file to the victims Bitbucket Server or Bitbucket Data Center instance using the edit-file endpoint, if the user has Bitbucket Server or Bitbucket Data Center running, and has the permission to write the file at that destination. In some cases, this can result in execution of arbitrary code by the victims Bitbucket Server or Bitbucket Data Center instance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/BSERV-12100", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/BSERV-12100" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20097.json b/2019/20xxx/CVE-2019-20097.json index 460e5aec1ad..63ac9037ccc 100644 --- a/2019/20xxx/CVE-2019-20097.json +++ b/2019/20xxx/CVE-2019-20097.json @@ -1,241 +1,243 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2020-01-15T10:00:00", - "ID": "CVE-2019-20097", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Bitbucket Server", - "version": { - "version_data": [ - { - "version_value": "1.0", - "version_affected": ">=" - }, - { - "version_value": "5.16.11", - "version_affected": "<" - }, - { - "version_value": "6.0", - "version_affected": ">=" - }, - { - "version_value": "6.0.11", - "version_affected": "<" - }, - { - "version_value": "6.1.0", - "version_affected": ">=" - }, - { - "version_value": "6.1.9", - "version_affected": "<" - }, - { - "version_value": "6.2.0", - "version_affected": ">=" - }, - { - "version_value": "6.2.7", - "version_affected": "<" - }, - { - "version_value": "6.3.0", - "version_affected": ">=" - }, - { - "version_value": "6.3.6", - "version_affected": "<" - }, - { - "version_value": "6.4.0", - "version_affected": ">=" - }, - { - "version_value": "6.4.4", - "version_affected": "<" - }, - { - "version_value": "6.5.0", - "version_affected": ">=" - }, - { - "version_value": "6.5.3", - "version_affected": "<" - }, - { - "version_value": "6.6.0", - "version_affected": ">=" - }, - { - "version_value": "6.6.3", - "version_affected": "<" - }, - { - "version_value": "6.7.0", - "version_affected": ">=" - }, - { - "version_value": "6.7.3", - "version_affected": "<" - }, - { - "version_value": "6.8.0", - "version_affected": ">=" - }, - { - "version_value": "6.8.2", - "version_affected": "<" - }, - { - "version_value": "6.9.0", - "version_affected": ">=" - }, - { - "version_value": "6.9.1", - "version_affected": "<" - } - ] - } - }, - { - "product_name": "Bitbucket Data Center", - "version": { - "version_data": [ - { - "version_value": "1.0", - "version_affected": ">=" - }, - { - "version_value": "5.16.11", - "version_affected": "<" - }, - { - "version_value": "6.0", - "version_affected": ">=" - }, - { - "version_value": "6.0.11", - "version_affected": "<" - }, - { - "version_value": "6.1.0", - "version_affected": ">=" - }, - { - "version_value": "6.1.9", - "version_affected": "<" - }, - { - "version_value": "6.2.0", - "version_affected": ">=" - }, - { - "version_value": "6.2.7", - "version_affected": "<" - }, - { - "version_value": "6.3.0", - "version_affected": ">=" - }, - { - "version_value": "6.3.6", - "version_affected": "<" - }, - { - "version_value": "6.4.0", - "version_affected": ">=" - }, - { - "version_value": "6.4.4", - "version_affected": "<" - }, - { - "version_value": "6.5.0", - "version_affected": ">=" - }, - { - "version_value": "6.5.3", - "version_affected": "<" - }, - { - "version_value": "6.6.0", - "version_affected": ">=" - }, - { - "version_value": "6.6.3", - "version_affected": "<" - }, - { - "version_value": "6.7.0", - "version_affected": ">=" - }, - { - "version_value": "6.7.3", - "version_affected": "<" - }, - { - "version_value": "6.8.0", - "version_affected": ">=" - }, - { - "version_value": "6.8.2", - "version_affected": "<" - }, - { - "version_value": "6.9.0", - "version_affected": ">=" - }, - { - "version_value": "6.9.1", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. A remote attacker with permission to clone and push files to a repository on the victim's Bitbucket Server or Bitbucket Data Center instance, can exploit this vulnerability to execute arbitrary commands on the Bitbucket Server or Bitbucket Data Center systems, using a file with specially crafted content." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Argument Injection" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-01-15T10:00:00", + "ID": "CVE-2019-20097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bitbucket Server", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": ">=" + }, + { + "version_value": "5.16.11", + "version_affected": "<" + }, + { + "version_value": "6.0", + "version_affected": ">=" + }, + { + "version_value": "6.0.11", + "version_affected": "<" + }, + { + "version_value": "6.1.0", + "version_affected": ">=" + }, + { + "version_value": "6.1.9", + "version_affected": "<" + }, + { + "version_value": "6.2.0", + "version_affected": ">=" + }, + { + "version_value": "6.2.7", + "version_affected": "<" + }, + { + "version_value": "6.3.0", + "version_affected": ">=" + }, + { + "version_value": "6.3.6", + "version_affected": "<" + }, + { + "version_value": "6.4.0", + "version_affected": ">=" + }, + { + "version_value": "6.4.4", + "version_affected": "<" + }, + { + "version_value": "6.5.0", + "version_affected": ">=" + }, + { + "version_value": "6.5.3", + "version_affected": "<" + }, + { + "version_value": "6.6.0", + "version_affected": ">=" + }, + { + "version_value": "6.6.3", + "version_affected": "<" + }, + { + "version_value": "6.7.0", + "version_affected": ">=" + }, + { + "version_value": "6.7.3", + "version_affected": "<" + }, + { + "version_value": "6.8.0", + "version_affected": ">=" + }, + { + "version_value": "6.8.2", + "version_affected": "<" + }, + { + "version_value": "6.9.0", + "version_affected": ">=" + }, + { + "version_value": "6.9.1", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Bitbucket Data Center", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": ">=" + }, + { + "version_value": "5.16.11", + "version_affected": "<" + }, + { + "version_value": "6.0", + "version_affected": ">=" + }, + { + "version_value": "6.0.11", + "version_affected": "<" + }, + { + "version_value": "6.1.0", + "version_affected": ">=" + }, + { + "version_value": "6.1.9", + "version_affected": "<" + }, + { + "version_value": "6.2.0", + "version_affected": ">=" + }, + { + "version_value": "6.2.7", + "version_affected": "<" + }, + { + "version_value": "6.3.0", + "version_affected": ">=" + }, + { + "version_value": "6.3.6", + "version_affected": "<" + }, + { + "version_value": "6.4.0", + "version_affected": ">=" + }, + { + "version_value": "6.4.4", + "version_affected": "<" + }, + { + "version_value": "6.5.0", + "version_affected": ">=" + }, + { + "version_value": "6.5.3", + "version_affected": "<" + }, + { + "version_value": "6.6.0", + "version_affected": ">=" + }, + { + "version_value": "6.6.3", + "version_affected": "<" + }, + { + "version_value": "6.7.0", + "version_affected": ">=" + }, + { + "version_value": "6.7.3", + "version_affected": "<" + }, + { + "version_value": "6.8.0", + "version_affected": ">=" + }, + { + "version_value": "6.8.2", + "version_affected": "<" + }, + { + "version_value": "6.9.0", + "version_affected": ">=" + }, + { + "version_value": "6.9.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/BSERV-12099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. A remote attacker with permission to clone and push files to a repository on the victim's Bitbucket Server or Bitbucket Data Center instance, can exploit this vulnerability to execute arbitrary commands on the Bitbucket Server or Bitbucket Data Center systems, using a file with specially crafted content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Argument Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/BSERV-12099", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/BSERV-12099" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20372.json b/2019/20xxx/CVE-2019-20372.json index 62ac4724e61..9ff16bde2dd 100644 --- a/2019/20xxx/CVE-2019-20372.json +++ b/2019/20xxx/CVE-2019-20372.json @@ -81,6 +81,11 @@ "refsource": "UBUNTU", "name": "USN-4235-1", "url": "https://usn.ubuntu.com/4235-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4235-2", + "url": "https://usn.ubuntu.com/4235-2/" } ] } From 363b5cd00ba5c367c008c7b1ddef2ee1fb3c839d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 23:01:06 +0000 Subject: [PATCH 102/387] "-Synchronized-Data." --- 2019/19xxx/CVE-2019-19854.json | 56 +++++++++++++++++++++++++++---- 2019/19xxx/CVE-2019-19855.json | 61 ++++++++++++++++++++++++++++++---- 2019/19xxx/CVE-2019-19856.json | 61 ++++++++++++++++++++++++++++++---- 2019/19xxx/CVE-2019-19857.json | 56 +++++++++++++++++++++++++++---- 2019/19xxx/CVE-2019-19858.json | 61 ++++++++++++++++++++++++++++++---- 2019/19xxx/CVE-2019-19859.json | 56 +++++++++++++++++++++++++++---- 2019/3xxx/CVE-2019-3467.json | 5 +++ 2020/5xxx/CVE-2020-5504.json | 5 +++ 8 files changed, 325 insertions(+), 36 deletions(-) diff --git a/2019/19xxx/CVE-2019-19854.json b/2019/19xxx/CVE-2019-19854.json index 67cdfe2d11f..4e73e759616 100644 --- a/2019/19xxx/CVE-2019-19854.json +++ b/2019/19xxx/CVE-2019-19854.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19854", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19854", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. It does not use CSRF Tokens to mitigate against CSRF; it uses the Origin header (which must match the request origin). This is problematic in conjunction with XSS: one can escalate privileges from User level to Administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://websec.nl/news.php", + "url": "https://websec.nl/news.php" } ] } diff --git a/2019/19xxx/CVE-2019-19855.json b/2019/19xxx/CVE-2019-19855.json index 0af738af336..a34045454f0 100644 --- a/2019/19xxx/CVE-2019-19855.json +++ b/2019/19xxx/CVE-2019-19855.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19855", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19855", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/list_user allows stored XSS via the auth_type parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://websec.nl/news.php", + "url": "https://websec.nl/news.php" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61bf2aae182", + "url": "https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61bf2aae182" } ] } diff --git a/2019/19xxx/CVE-2019-19856.json b/2019/19xxx/CVE-2019-19856.json index ca118ab9f2d..fe633d55218 100644 --- a/2019/19xxx/CVE-2019-19856.json +++ b/2019/19xxx/CVE-2019-19856.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19856", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19856", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The User Type on the admin/list_user page allows stored XSS via the type parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://websec.nl/news.php", + "url": "https://websec.nl/news.php" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61bf2aae182", + "url": "https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61bf2aae182" } ] } diff --git a/2019/19xxx/CVE-2019-19857.json b/2019/19xxx/CVE-2019-19857.json index 6b96ff704c4..5ae6c805f4f 100644 --- a/2019/19xxx/CVE-2019-19857.json +++ b/2019/19xxx/CVE-2019-19857.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19857", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19857", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change Password screen does not enhance security. This is problematic in conjunction with XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://websec.nl/news.php", + "url": "https://websec.nl/news.php" } ] } diff --git a/2019/19xxx/CVE-2019-19858.json b/2019/19xxx/CVE-2019-19858.json index 718d4460c71..92b26e6521e 100644 --- a/2019/19xxx/CVE-2019-19858.json +++ b/2019/19xxx/CVE-2019-19858.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19858", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19858", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/add_user/UID allows stored XSS via the author parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://websec.nl/news.php", + "url": "https://websec.nl/news.php" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61bf2aae182", + "url": "https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61bf2aae182" } ] } diff --git a/2019/19xxx/CVE-2019-19859.json b/2019/19xxx/CVE-2019-19859.json index 37484f548e5..4263d0b55f0 100644 --- a/2019/19xxx/CVE-2019-19859.json +++ b/2019/19xxx/CVE-2019-19859.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19859", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19859", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The Add Collaborator allows unlimited data via the author parameter, even if the data does not match anything in the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.websec.nl/news.php", + "url": "https://www.websec.nl/news.php" } ] } diff --git a/2019/3xxx/CVE-2019-3467.json b/2019/3xxx/CVE-2019-3467.json index 67c245c4b68..ae3b2cfdb62 100644 --- a/2019/3xxx/CVE-2019-3467.json +++ b/2019/3xxx/CVE-2019-3467.json @@ -83,6 +83,11 @@ "refsource": "BUGTRAQ", "name": "20191229 [SECURITY] [DSA 4595-1] debian-lan-config security update", "url": "https://seclists.org/bugtraq/2019/Dec/44" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200115 [SECURITY] [DLA 2063-1] debian-lan-config security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00012.html" } ] }, diff --git a/2020/5xxx/CVE-2020-5504.json b/2020/5xxx/CVE-2020-5504.json index 904c4467cfa..f4a028a29d1 100644 --- a/2020/5xxx/CVE-2020-5504.json +++ b/2020/5xxx/CVE-2020-5504.json @@ -61,6 +61,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0056", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200115 [SECURITY] [DLA 2060-1] phpmyadmin security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html" } ] } From e78aac5e62f8e590712be945e1caa49fd74b7e72 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 16 Jan 2020 04:01:08 +0000 Subject: [PATCH 103/387] "-Synchronized-Data." --- 2018/12xxx/CVE-2018-12204.json | 5 +++ 2019/20xxx/CVE-2019-20380.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7044.json | 66 ++++++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7045.json | 66 ++++++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7104.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7105.json | 62 ++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7106.json | 62 ++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7107.json | 18 ++++++++++ 8 files changed, 303 insertions(+), 12 deletions(-) create mode 100644 2019/20xxx/CVE-2019-20380.json create mode 100644 2020/7xxx/CVE-2020-7104.json create mode 100644 2020/7xxx/CVE-2020-7105.json create mode 100644 2020/7xxx/CVE-2020-7106.json create mode 100644 2020/7xxx/CVE-2020-7107.json diff --git a/2018/12xxx/CVE-2018-12204.json b/2018/12xxx/CVE-2018-12204.json index 6685e794871..a10b12db47b 100644 --- a/2018/12xxx/CVE-2018-12204.json +++ b/2018/12xxx/CVE-2018-12204.json @@ -72,6 +72,11 @@ "refsource": "CONFIRM", "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03929en_us", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03929en_us" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03978en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03978en_us" } ] } diff --git a/2019/20xxx/CVE-2019-20380.json b/2019/20xxx/CVE-2019-20380.json new file mode 100644 index 00000000000..3c6ae57f954 --- /dev/null +++ b/2019/20xxx/CVE-2019-20380.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20380", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7044.json b/2020/7xxx/CVE-2020-7044.json index 5e0f3142964..38635ac7da8 100644 --- a/2020/7xxx/CVE-2020-7044.json +++ b/2020/7xxx/CVE-2020-7044.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7044", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7044", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16324", + "refsource": "MISC", + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16324" + }, + { + "url": "https://www.wireshark.org/security/wnpa-sec-2020-01.html", + "refsource": "MISC", + "name": "https://www.wireshark.org/security/wnpa-sec-2020-01.html" + }, + { + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f90a3720b73ca140403315126e2a478c4f70ca03", + "refsource": "MISC", + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f90a3720b73ca140403315126e2a478c4f70ca03" } ] } diff --git a/2020/7xxx/CVE-2020-7045.json b/2020/7xxx/CVE-2020-7045.json index f52e9cc605c..d8b32999f52 100644 --- a/2020/7xxx/CVE-2020-7045.json +++ b/2020/7xxx/CVE-2020-7045.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7045", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7045", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16258", + "refsource": "MISC", + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16258" + }, + { + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=01f261de41f4dd3233ef578e5c0ffb9c25c7d14d", + "refsource": "MISC", + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=01f261de41f4dd3233ef578e5c0ffb9c25c7d14d" + }, + { + "refsource": "MISC", + "name": "https://www.wireshark.org/security/wnpa-sec-2020-02.html", + "url": "https://www.wireshark.org/security/wnpa-sec-2020-02.html" } ] } diff --git a/2020/7xxx/CVE-2020-7104.json b/2020/7xxx/CVE-2020-7104.json new file mode 100644 index 00000000000..4d6e602aca0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7104.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7104", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7105.json b/2020/7xxx/CVE-2020-7105.json new file mode 100644 index 00000000000..af830ef8a63 --- /dev/null +++ b/2020/7xxx/CVE-2020-7105.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/redis/hiredis/issues/747", + "refsource": "MISC", + "name": "https://github.com/redis/hiredis/issues/747" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7106.json b/2020/7xxx/CVE-2020-7106.json new file mode 100644 index 00000000000..22abc15978c --- /dev/null +++ b/2020/7xxx/CVE-2020-7106.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Cacti/cacti/issues/3191", + "refsource": "MISC", + "name": "https://github.com/Cacti/cacti/issues/3191" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7107.json b/2020/7xxx/CVE-2020-7107.json new file mode 100644 index 00000000000..39bf9287cbb --- /dev/null +++ b/2020/7xxx/CVE-2020-7107.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7107", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From acc83cc4c6c3d77002af1c7f82296334f462ca24 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 16 Jan 2020 05:01:12 +0000 Subject: [PATCH 104/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7107.json | 61 +++++++++++++++++++++++++++--- 2020/7xxx/CVE-2020-7108.json | 72 ++++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7109.json | 18 +++++++++ 3 files changed, 145 insertions(+), 6 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7108.json create mode 100644 2020/7xxx/CVE-2020-7109.json diff --git a/2020/7xxx/CVE-2020-7107.json b/2020/7xxx/CVE-2020-7107.json index 39bf9287cbb..052f42dfaa3 100644 --- a/2020/7xxx/CVE-2020-7107.json +++ b/2020/7xxx/CVE-2020-7107.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7107", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7107", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/ultimate-faqs/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/ultimate-faqs/#developers" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/2222959/ultimate-faqs/tags/1.8.30/Shortcodes/DisplayFAQs.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/2222959/ultimate-faqs/tags/1.8.30/Shortcodes/DisplayFAQs.php" } ] } diff --git a/2020/7xxx/CVE-2020-7108.json b/2020/7xxx/CVE-2020-7108.json new file mode 100644 index 00000000000..07f69792258 --- /dev/null +++ b/2020/7xxx/CVE-2020-7108.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/10026", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10026" + }, + { + "url": "https://learndash.releasenotes.io/release/uCskc-version-312", + "refsource": "MISC", + "name": "https://learndash.releasenotes.io/release/uCskc-version-312" + }, + { + "url": "https://www.getastra.com/blog/911/plugin-exploit/reflected-xss-vulnerability-found-in-learndash-lms-plugin/", + "refsource": "MISC", + "name": "https://www.getastra.com/blog/911/plugin-exploit/reflected-xss-vulnerability-found-in-learndash-lms-plugin/" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7109.json b/2020/7xxx/CVE-2020-7109.json new file mode 100644 index 00000000000..d280ff03a4b --- /dev/null +++ b/2020/7xxx/CVE-2020-7109.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7109", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From c5e4c6e61f8ee862436e9753e77e17b3ea79c2eb Mon Sep 17 00:00:00 2001 From: Stanley S Huang Date: Thu, 16 Jan 2020 13:15:28 +0800 Subject: [PATCH 105/387] modify security advisory of NAS-201809-20 --- 2018/0xxx/CVE-2018-0719.json | 57 +++++++++++++++++++++++++++++++----- 2018/0xxx/CVE-2018-0721.json | 55 +++++++++++++++++++++++++++++----- 2 files changed, 97 insertions(+), 15 deletions(-) diff --git a/2018/0xxx/CVE-2018-0719.json b/2018/0xxx/CVE-2018-0719.json index 0e25145a4c8..1dafe47bbe1 100644 --- a/2018/0xxx/CVE-2018-0719.json +++ b/2018/0xxx/CVE-2018-0719.json @@ -1,9 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "security@qnap.com", - "DATE_PUBLIC": "2018-09-20T00:00:00", + "ASSIGNER": "psirt@qnap.com", + "DATE_PUBLIC": "2018-09-19T16:00:00.000Z", "ID": "CVE-2018-0719", - "STATE": "PUBLIC" + "STATE": "PUBLIC", + "TITLE": "Security Advisory for Vulnerabilities in QTS" }, "affects": { "vendor": { @@ -12,22 +13,40 @@ "product": { "product_data": [ { - "product_name": "QNAP QTS", + "product_name": "QTS", "version": { "version_data": [ { - "version_value": "QTS 4.2.6 build 20180711, QTS 4.3.3 build 20180725, QTS 4.3.4 build 20180710 and earlier versions" + "platform": "build 20180711", + "version_affected": "<=", + "version_value": "4.2.6" + }, + { + "platform": "build 20180725", + "version_affected": "<=", + "version_value": "4.3.3" + }, + { + "platform": "build 20180710", + "version_affected": "<=", + "version_value": "4.3.4" } ] } } ] }, - "vendor_name": "QNAP" + "vendor_name": "QNAP Systems Inc." } ] } }, + "credit": [ + { + "lang": "eng", + "value": "Davide Cioccia, security researcher" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -35,17 +54,36 @@ "description_data": [ { "lang": "eng", - "value": "Cross-site scripting (XSS) vulnerability in QNAP QTS 4.2.6 build 20180711 and earlier versions, 4.3.3 build 20180725 and earlier versions, and 4.3.4 build 20180710 and earlier versions could allow remote attackers to inject javascript code." + "value": "Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript.\nThis issue affects:\nQNAP Systems Inc. QTS\nversion 4.2.6 and prior versions on build 20180711;\nversion 4.3.3 and prior versions on build 20180725;\nversion 4.3.4 and prior versions on build 20180710." } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "Cross-site scripting" + "value": "CWE-79 Cross-site Scripting (XSS)" } ] } @@ -59,5 +97,8 @@ "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201809-20" } ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0721.json b/2018/0xxx/CVE-2018-0721.json index 59ae7d475bf..2ad84b8e742 100644 --- a/2018/0xxx/CVE-2018-0721.json +++ b/2018/0xxx/CVE-2018-0721.json @@ -1,8 +1,9 @@ { "CVE_data_meta": { - "ASSIGNER": "security@qnap.com", + "ASSIGNER": "psirt@qnap.com", "ID": "CVE-2018-0721", - "STATE": "PUBLIC" + "STATE": "PUBLIC", + "TITLE": "Security Advisory for Vulnerabilities in QTS" }, "affects": { "vendor": { @@ -11,22 +12,40 @@ "product": { "product_data": [ { - "product_name": "n/a", + "product_name": "QTS", "version": { "version_data": [ { - "version_value": "n/a" + "platform": "build 20180711", + "version_affected": "<=", + "version_value": "4.2.6" + }, + { + "platform": "build 20180725", + "version_affected": "<=", + "version_value": "4.3.3" + }, + { + "platform": "build 20180710", + "version_affected": "<=", + "version_value": "4.3.4" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name": "QNAP Systems Inc." } ] } }, + "credit": [ + { + "lang": "eng", + "value": "Yuki, security researcher" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -34,17 +53,36 @@ "description_data": [ { "lang": "eng", - "value": "Buffer Overflow vulnerability in QNAP QTS 4.2.6 build 20180711 and earlier versions, 4.3.3 build 20180725 and earlier versions, and 4.3.4 build 20180710 and earlier versions could allow remote attackers to run arbitrary code on NAS devices." + "value": "Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code.\nThis issue affects:\nQNAP Systems Inc. QTS\nversion 4.2.6 and prior versions on build 20180711;\nversion 4.3.3 and prior versions on build 20180725;\nversion 4.3.4 and prior versions on build 20180710." } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "version": "3.1" + } + }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "n/a" + "value": "CWE-120 Buffer Overflow" } ] } @@ -58,5 +96,8 @@ "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201809-20" } ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file From 8481fbce887cd61d5fec9f3d90ae93b4b2f0d235 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 16 Jan 2020 13:01:24 +0000 Subject: [PATCH 106/387] "-Synchronized-Data." --- 2016/5xxx/CVE-2016-5003.json | 5 +++++ 2019/17xxx/CVE-2019-17180.json | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/2016/5xxx/CVE-2016-5003.json b/2016/5xxx/CVE-2016-5003.json index c36c7344b36..83e1d187125 100644 --- a/2016/5xxx/CVE-2016-5003.json +++ b/2016/5xxx/CVE-2016-5003.json @@ -106,6 +106,11 @@ "name": "RHSA-2018:3768", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3768" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200116 [CVE-2019-17570] xmlrpc-common untrusted deserialization", + "url": "http://www.openwall.com/lists/oss-security/2020/01/16/1" } ] } diff --git a/2019/17xxx/CVE-2019-17180.json b/2019/17xxx/CVE-2019-17180.json index 6265b26b520..d30040976c0 100644 --- a/2019/17xxx/CVE-2019-17180.json +++ b/2019/17xxx/CVE-2019-17180.json @@ -71,6 +71,11 @@ "url": "https://store.steampowered.com/news/54236/", "refsource": "MISC", "name": "https://store.steampowered.com/news/54236/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/583184", + "url": "https://hackerone.com/reports/583184" } ] } From ad996290a76bed3e43c9749c2a55f4bf9fcd7162 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 16 Jan 2020 14:01:14 +0000 Subject: [PATCH 107/387] "-Synchronized-Data." --- 2019/18xxx/CVE-2019-18935.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/2019/18xxx/CVE-2019-18935.json b/2019/18xxx/CVE-2019-18935.json index cb0e313b041..36145f63ee8 100644 --- a/2019/18xxx/CVE-2019-18935.json +++ b/2019/18xxx/CVE-2019-18935.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (In 2019.3.1023 but not earlier versions, a non-default setting can prevent exploitation.)" + "value": "Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)" } ] }, @@ -86,6 +86,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "https://www.telerik.com/support/whats-new/aspnet-ajax/release-history/ui-for-asp-net-ajax-r1-2020-(version-2020-1-114)", + "url": "https://www.telerik.com/support/whats-new/aspnet-ajax/release-history/ui-for-asp-net-ajax-r1-2020-(version-2020-1-114)" } ] } From 1147036c9ef62d934a21ff472baf15b3546ee6cc Mon Sep 17 00:00:00 2001 From: Siemens ProductCERT Date: Thu, 16 Jan 2020 15:18:50 +0100 Subject: [PATCH 108/387] Siemens CVE update for Siemens-AD-2020-01 --- 2018/4xxx/CVE-2018-4833.json | 33 ++++---- 2018/4xxx/CVE-2018-4842.json | 48 +++++------ 2018/4xxx/CVE-2018-4848.json | 59 ++++++++------ 2019/10xxx/CVE-2019-10923.json | 72 ++++++++--------- 2019/10xxx/CVE-2019-10934.json | 75 ++++++++++++++++-- 2019/10xxx/CVE-2019-10936.json | 141 +++++++++++++++++++-------------- 2019/10xxx/CVE-2019-10938.json | 13 ++- 2019/10xxx/CVE-2019-10940.json | 55 +++++++++++-- 2019/13xxx/CVE-2019-13921.json | 23 +++--- 2019/13xxx/CVE-2019-13933.json | 71 +++++++++++++++++ 2019/13xxx/CVE-2019-13939.json | 110 +++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13942.json | 8 +- 2019/13xxx/CVE-2019-13943.json | 8 +- 2019/13xxx/CVE-2019-13944.json | 8 +- 2019/19xxx/CVE-2019-19278.json | 65 +++++++++++++-- 2019/6xxx/CVE-2019-6567.json | 29 ++++--- 2019/6xxx/CVE-2019-6568.json | 110 +++++++++++++------------ 2019/6xxx/CVE-2019-6569.json | 33 ++++---- 2019/6xxx/CVE-2019-6575.json | 41 +++++----- 19 files changed, 668 insertions(+), 334 deletions(-) create mode 100644 2019/13xxx/CVE-2019-13933.json create mode 100644 2019/13xxx/CVE-2019-13939.json diff --git a/2018/4xxx/CVE-2018-4833.json b/2018/4xxx/CVE-2018-4833.json index 597674f436b..7e6ef0191e0 100644 --- a/2018/4xxx/CVE-2018-4833.json +++ b/2018/4xxx/CVE-2018-4833.json @@ -5,8 +5,8 @@ "STATE": "PUBLIC" }, "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", "affects": { "vendor": { "vendor_data": [ @@ -35,7 +35,7 @@ } }, { - "product_name": "SCALANCE X-200", + "product_name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)", "version": { "version_data": [ { @@ -45,7 +45,7 @@ } }, { - "product_name": "SCALANCE X-200IRT", + "product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)", "version": { "version_data": [ { @@ -55,7 +55,7 @@ } }, { - "product_name": "SCALANCE X-200RNA", + "product_name": "SCALANCE X-200RNA switch family", "version": { "version_data": [ { @@ -65,11 +65,11 @@ } }, { - "product_name": "SCALANCE X-300", + "product_name": "SCALANCE X-300 switch family (incl. SIPLUS NET variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V4.1.3" } ] } @@ -79,7 +79,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V4.1.3" } ] } @@ -122,20 +122,19 @@ } ] }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf" - } - ] - }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in RFID 181-EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 (All versions < V5.2.3), SCALANCE X-200IRT (All versions < V5.4.1), SCALANCE X-200RNA (All versions < V3.2.6), SCALANCE X-300 (All versions), SCALANCE X408 (All versions), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client\u2019s DHCP request." + "value": "A vulnerability has been identified in RFID 181-EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf" } ] } diff --git a/2018/4xxx/CVE-2018-4842.json b/2018/4xxx/CVE-2018-4842.json index c47d6321638..bad8ec59715 100644 --- a/2018/4xxx/CVE-2018-4842.json +++ b/2018/4xxx/CVE-2018-4842.json @@ -1,47 +1,45 @@ { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", - "DATE_PUBLIC": "2018-06-12T00:00:00", "ID": "CVE-2018-4842", "STATE": "PUBLIC" }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "Siemens AG", "product": { "product_data": [ { - "product_name": "SCALANCE X-200 IRT, SCALANCE X300", + "product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)", "version": { "version_data": [ { - "version_value": "SCALANCE X-200 IRT : All versions < V5.4.1" - }, + "version_value": "All versions < V5.4.1" + } + ] + } + }, + { + "product_name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)", + "version": { + "version_data": [ { - "version_value": "SCALANCE X300 : All versions" + "version_value": "All versions < V4.1.3" } ] } } ] - }, - "vendor_name": "Siemens AG" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 IRT (All versions < V5.4.1), SCALANCE X300 (All versions). A remote, authenticated attacker with access to the configuration web server could be able to store script code on the web site, if the HRP redundancy option is set. This code could be executed in the web browser of victims visiting this web site (XSS), affecting its confidentiality, integrity and availability. User interaction is required for successful exploitation, as the user needs to visit the manipulated web site." - } - ] - }, "problemtype": { "problemtype_data": [ { @@ -54,17 +52,19 @@ } ] }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). A remote, authenticated attacker with access to the configuration web\nserver could be able to store script code on the web site, if the HRP redundancy \noption is set. This code could be executed in the web browser of victims visiting \nthis web site (XSS), affecting its confidentiality, integrity and availability. \n\nUser interaction is required for successful exploitation, as the user needs\nto visit the manipulated web site. At the stage of publishing this security\nadvisory no public exploitation is known. The vendor has confirmed the\nvulnerability and provides mitigations to resolve it.\n" + } + ] + }, "references": { "reference_data": [ { - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf" - }, - { - "name": "104494", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/104494" } ] } diff --git a/2018/4xxx/CVE-2018-4848.json b/2018/4xxx/CVE-2018-4848.json index 68fc6280a3c..7f0afa6f277 100644 --- a/2018/4xxx/CVE-2018-4848.json +++ b/2018/4xxx/CVE-2018-4848.json @@ -1,50 +1,55 @@ { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", - "DATE_PUBLIC": "2018-06-12T00:00:00", "ID": "CVE-2018-4848", "STATE": "PUBLIC" }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "Siemens AG", "product": { "product_data": [ { - "product_name": "SCALANCE X-200, SCALANCE X-200 IRT, SCALANCE X300", + "product_name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)", "version": { "version_data": [ { - "version_value": "SCALANCE X-200 : All versions < V5.2.3" - }, + "version_value": "All versions < V5.2.3" + } + ] + } + }, + { + "product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)", + "version": { + "version_data": [ { - "version_value": "SCALANCE X-200 IRT : All versions < V5.4.1" - }, + "version_value": "All versions < V5.4.1" + } + ] + } + }, + { + "product_name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)", + "version": { + "version_data": [ { - "version_value": "SCALANCE X300 : All versions" + "version_value": "All versions < V4.1.3" } ] } } ] - }, - "vendor_name": "Siemens AG" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 (All versions < V5.2.3), SCALANCE X-200 IRT (All versions < V5.4.1), SCALANCE X300 (All versions). The integrated configuration web server of the affected Scalance X Switches could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it." - } - ] - }, "problemtype": { "problemtype_data": [ { @@ -57,17 +62,19 @@ } ] }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). The integrated configuration web server of the affected Scalance X Switches could allow\nCross-Site Scripting (XSS) attacks if unsuspecting users are tricked into\naccessing a malicious link.\n\nUser interaction is required for a successful exploitation. The user must \nbe logged into the web interface in order for the exploitation to succeed.\nAt the stage of publishing this security advisory no public exploitation is known.\nThe vendor has confirmed the vulnerability and provides mitigations to resolve it.\n" + } + ] + }, "references": { "reference_data": [ { - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf" - }, - { - "name": "104494", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/104494" } ] } diff --git a/2019/10xxx/CVE-2019-10923.json b/2019/10xxx/CVE-2019-10923.json index 943e88af996..fd826ed572e 100644 --- a/2019/10xxx/CVE-2019-10923.json +++ b/2019/10xxx/CVE-2019-10923.json @@ -5,8 +5,8 @@ "STATE": "PUBLIC" }, "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", "affects": { "vendor": { "vendor_data": [ @@ -65,7 +65,7 @@ } }, { - "product_name": "SCALANCE X-200IRT", + "product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)", "version": { "version_data": [ { @@ -75,7 +75,7 @@ } }, { - "product_name": "SIMATIC ET 200M", + "product_name": "SIMATIC ET200M (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -85,7 +85,7 @@ } }, { - "product_name": "SIMATIC ET 200S", + "product_name": "SIMATIC ET200S (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -95,7 +95,7 @@ } }, { - "product_name": "SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0)", + "product_name": "SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0)", "version": { "version_data": [ { @@ -105,7 +105,7 @@ } }, { - "product_name": "SIMATIC ET 200pro", + "product_name": "SIMATIC ET200pro (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -115,7 +115,7 @@ } }, { - "product_name": "SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0", + "product_name": "SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant)", "version": { "version_data": [ { @@ -125,7 +125,7 @@ } }, { - "product_name": "SIMATIC S7-300 CPU family (incl. F)", + "product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "version": { "version_data": [ { @@ -135,7 +135,7 @@ } }, { - "product_name": "SIMATIC S7-400 (incl. F) V6 and below", + "product_name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -145,7 +145,7 @@ } }, { - "product_name": "SIMATIC S7-400 PN/DP V7 (incl. F)", + "product_name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -165,7 +165,7 @@ } }, { - "product_name": "SIMOTION", + "product_name": "SIMOTION (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -195,7 +195,7 @@ } }, { - "product_name": "SINAMICS G110M V4.7 (Control Unit)", + "product_name": "SINAMICS G110M V4.7 Control Unit", "version": { "version_data": [ { @@ -205,7 +205,7 @@ } }, { - "product_name": "SINAMICS G120 V4.7 (Control Unit)", + "product_name": "SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -215,7 +215,7 @@ } }, { - "product_name": "SINAMICS G130 V4.7 (Control Unit)", + "product_name": "SINAMICS G130 V4.7 Control Unit", "version": { "version_data": [ { @@ -225,7 +225,7 @@ } }, { - "product_name": "SINAMICS G150 (Control Unit)", + "product_name": "SINAMICS G150 Control Unit", "version": { "version_data": [ { @@ -235,7 +235,7 @@ } }, { - "product_name": "SINAMICS GH150 V4.7 (Control Unit)", + "product_name": "SINAMICS GH150 V4.7 Control Unit", "version": { "version_data": [ { @@ -245,7 +245,7 @@ } }, { - "product_name": "SINAMICS GL150 V4.7 (Control Unit)", + "product_name": "SINAMICS GL150 V4.7 Control Unit", "version": { "version_data": [ { @@ -255,7 +255,7 @@ } }, { - "product_name": "SINAMICS GM150 V4.7 (Control Unit)", + "product_name": "SINAMICS GM150 V4.7 Control Unit", "version": { "version_data": [ { @@ -265,7 +265,7 @@ } }, { - "product_name": "SINAMICS S110 (Control Unit)", + "product_name": "SINAMICS S110 Control Unit", "version": { "version_data": [ { @@ -275,7 +275,7 @@ } }, { - "product_name": "SINAMICS S120 V4.7 (Control Unit and CBE20)", + "product_name": "SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -285,7 +285,7 @@ } }, { - "product_name": "SINAMICS S150 (Control Unit)", + "product_name": "SINAMICS S150 Control Unit", "version": { "version_data": [ { @@ -295,17 +295,17 @@ } }, { - "product_name": "SINAMICS SL150 V4.7 (Control Unit)", + "product_name": "SINAMICS SL150 V4.7 Control Unit", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V4.7 HF33" } ] } }, { - "product_name": "SINAMICS SM120 V4.7 (Control Unit)", + "product_name": "SINAMICS SM120 V4.7 Control Unit", "version": { "version_data": [ { @@ -352,25 +352,19 @@ } ] }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf" - }, - { - "refsource": "MISC", - "name": "https://www.us-cert.gov/ics/advisories/icsa-19-283-01", - "url": "https://www.us-cert.gov/ics/advisories/icsa-19-283-01" - } - ] - }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT (All versions < V5.2.1), SIMATIC ET 200M (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (All versions), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions < V4.7 HF29), SINAMICS G150 (Control Unit) (All versions < V4.8), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit and CBE20) (All versions < V4.7 HF34), SINAMICS S150 (Control Unit) (All versions < V4.8), SINAMICS SL150 V4.7 (Control Unit) (All versions), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a Denial-of-Service condition by breaking the real-time synchronization (IRT) of the affected installation. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations." + "value": "A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.2.1), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro (incl. SIPLUS variants) (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (incl. SIPLUS variants) (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < V4.7 HF29), SINAMICS G150 Control Unit (All versions < V4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants) (All versions < V4.7 HF34), SINAMICS S150 Control Unit (All versions < V4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a\nDenial-of-Service condition by breaking the real-time synchronization (IRT)\nof the affected installation.\n\nThe security vulnerability could be exploited by an unauthenticated attacker\nwith network access to the affected installation. No user interaction is\nrequired to exploit this security vulnerability. The vulnerability impacts\nthe availability of the affected installations.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf" } ] } diff --git a/2019/10xxx/CVE-2019-10934.json b/2019/10xxx/CVE-2019-10934.json index 36e66665f2d..9a00d6f779e 100644 --- a/2019/10xxx/CVE-2019-10934.json +++ b/2019/10xxx/CVE-2019-10934.json @@ -1,17 +1,80 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-10934", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10934", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "TIA Portal V14", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TIA Portal V15", + "version": { + "version_data": [ + { + "version_value": "All versions < V15.1 Upd 4" + } + ] + } + }, + { + "product_name": "TIA Portal V16", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions < V15.1 Upd 4), TIA Portal V16 (All versions). Changing the contents of a configuration file could allow an attacker to\nexecute arbitrary code with SYSTEM privileges.\n\nThe security vulnerability could be exploited by an attacker with a valid\naccount and limited access rights on the system. No user interaction is\nrequired.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-629512.pdf" } ] } diff --git a/2019/10xxx/CVE-2019-10936.json b/2019/10xxx/CVE-2019-10936.json index 185f3db6c9f..f7d592685e6 100644 --- a/2019/10xxx/CVE-2019-10936.json +++ b/2019/10xxx/CVE-2019-10936.json @@ -55,7 +55,7 @@ } }, { - "product_name": "SIMATIC ET 200AL", + "product_name": "SIMATIC ET200AL (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -65,7 +65,7 @@ } }, { - "product_name": "SIMATIC ET 200M", + "product_name": "SIMATIC ET200M (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -75,7 +75,7 @@ } }, { - "product_name": "SIMATIC ET 200MP IM 155-5 PN BA", + "product_name": "SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -85,7 +85,7 @@ } }, { - "product_name": "SIMATIC ET 200MP IM 155-5 PN HF", + "product_name": "SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -95,7 +95,7 @@ } }, { - "product_name": "SIMATIC ET 200MP IM 155-5 PN ST", + "product_name": "SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -105,7 +105,7 @@ } }, { - "product_name": "SIMATIC ET 200S", + "product_name": "SIMATIC ET200S (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -115,7 +115,7 @@ } }, { - "product_name": "SIMATIC ET 200SP IM 155-6 PN BA", + "product_name": "SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -125,7 +125,7 @@ } }, { - "product_name": "SIMATIC ET 200SP IM 155-6 PN HA", + "product_name": "SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -135,7 +135,7 @@ } }, { - "product_name": "SIMATIC ET 200SP IM 155-6 PN HF", + "product_name": "SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -145,7 +145,7 @@ } }, { - "product_name": "SIMATIC ET 200SP IM 155-6 PN HS", + "product_name": "SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -155,7 +155,7 @@ } }, { - "product_name": "SIMATIC ET 200SP IM 155-6 PN ST", + "product_name": "SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -165,7 +165,7 @@ } }, { - "product_name": "SIMATIC ET 200SP IM 155-6 PN/2 HF", + "product_name": "SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -175,7 +175,7 @@ } }, { - "product_name": "SIMATIC ET 200SP IM 155-6 PN/3 HF", + "product_name": "SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -185,7 +185,17 @@ } }, { - "product_name": "SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0)", + "product_name": "SIMATIC ET200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V2.0" + } + ] + } + }, + { + "product_name": "SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0)", "version": { "version_data": [ { @@ -195,7 +205,7 @@ } }, { - "product_name": "SIMATIC ET 200pro", + "product_name": "SIMATIC ET200pro (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -205,7 +215,7 @@ } }, { - "product_name": "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\"", + "product_name": "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -215,7 +225,7 @@ } }, { - "product_name": "SIMATIC HMI Comfort Panels 4\" - 22\"", + "product_name": "SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -225,7 +235,7 @@ } }, { - "product_name": "SIMATIC HMI KTP Mobile Panels", + "product_name": "SIMATIC HMI KTP Mobile Panels (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -235,7 +245,7 @@ } }, { - "product_name": "SIMATIC PN/PN Coupler", + "product_name": "SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)", "version": { "version_data": [ { @@ -255,17 +265,17 @@ } }, { - "product_name": "SIMATIC S7-1200 CPU family (incl. F)", + "product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V4.4.0" } ] } }, { - "product_name": "SIMATIC S7-1500 CPU family (incl. F)", + "product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "version": { "version_data": [ { @@ -275,7 +285,17 @@ } }, { - "product_name": "SIMATIC S7-300 CPU family (incl. F)", + "product_name": "SIMATIC S7-1500 Software Controller", + "version": { + "version_data": [ + { + "version_value": "All versions < V2.0" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "version": { "version_data": [ { @@ -285,27 +305,7 @@ } }, { - "product_name": "SIMATIC S7-400 PN/DP V7 (incl. F)", - "version": { - "version_data": [ - { - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "SIMATIC S7-400 V6 (incl F) and below", - "version": { - "version_data": [ - { - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "SIMATIC S7-400H V6", + "product_name": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -315,7 +315,27 @@ } }, { - "product_name": "SIMATIC S7-410 V8", + "product_name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -355,7 +375,7 @@ } }, { - "product_name": "SINAMICS G110M V4.7 (PN Control Unit)", + "product_name": "SINAMICS G110M V4.7 PN Control Unit", "version": { "version_data": [ { @@ -365,7 +385,7 @@ } }, { - "product_name": "SINAMICS G120 V4.7 (PN Control Unit)", + "product_name": "SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -375,7 +395,7 @@ } }, { - "product_name": "SINAMICS G130 V4.7 (Control Unit)", + "product_name": "SINAMICS G130 V4.7 Control Unit", "version": { "version_data": [ { @@ -385,7 +405,7 @@ } }, { - "product_name": "SINAMICS G150 (Control Unit)", + "product_name": "SINAMICS G150 Control Unit", "version": { "version_data": [ { @@ -395,7 +415,7 @@ } }, { - "product_name": "SINAMICS GH150 V4.7 (Control Unit)", + "product_name": "SINAMICS GH150 V4.7 Control Unit", "version": { "version_data": [ { @@ -405,7 +425,7 @@ } }, { - "product_name": "SINAMICS GL150 V4.7 (Control Unit)", + "product_name": "SINAMICS GL150 V4.7 Control Unit", "version": { "version_data": [ { @@ -415,7 +435,7 @@ } }, { - "product_name": "SINAMICS GM150 V4.7 (Control Unit)", + "product_name": "SINAMICS GM150 V4.7 Control Unit", "version": { "version_data": [ { @@ -425,7 +445,7 @@ } }, { - "product_name": "SINAMICS S110 (Control Unit)", + "product_name": "SINAMICS S110 Control Unit", "version": { "version_data": [ { @@ -435,7 +455,7 @@ } }, { - "product_name": "SINAMICS S120 V4.7 (Control Unit)", + "product_name": "SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -445,7 +465,7 @@ } }, { - "product_name": "SINAMICS S150 (Control Unit)", + "product_name": "SINAMICS S150 Control Unit", "version": { "version_data": [ { @@ -455,7 +475,7 @@ } }, { - "product_name": "SINAMICS SL150 V4.7 (Control Unit)", + "product_name": "SINAMICS SL150 V4.7 Control Unit", "version": { "version_data": [ { @@ -465,7 +485,7 @@ } }, { - "product_name": "SINAMICS SM120 V4.7 (Control Unit)", + "product_name": "SINAMICS SM120 V4.7 Control Unit", "version": { "version_data": [ { @@ -516,16 +536,15 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions < V1.2.0), SIMATIC ET 200AL (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM 155-5 PN BA (All versions < V4.3.0), SIMATIC ET 200MP IM 155-5 PN HF (All versions), SIMATIC ET 200MP IM 155-5 PN ST (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM 155-6 PN BA (All versions), SIMATIC ET 200SP IM 155-6 PN HA (All versions), SIMATIC ET 200SP IM 155-6 PN HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN HS (All versions), SIMATIC ET 200SP IM 155-6 PN ST (All versions), SIMATIC ET 200SP IM 155-6 PN/2 HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN/3 HF (All versions < V4.2.1), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (All versions), SIMATIC HMI KTP Mobile Panels (All versions), SIMATIC PN/PN Coupler (All versions), SIMATIC PROFINET Driver (All versions < V2.1), SIMATIC S7-1200 CPU family (incl. F) (All versions), SIMATIC S7-1500 CPU family (incl. F) (All versions < V2.0), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400 V6 (incl F) and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 V8 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions < 4.8), SINAMICS G150 (Control Unit) (All versions < 4.8), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S150 (Control Unit) (All versions < 4.8), SINAMICS SL150 V4.7 (Control Unit) (All versions < V4.7 HF33), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of specially crafted UDP packets are sent to device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions < V1.2.0), SIMATIC ET200AL (incl. SIPLUS variants) (All versions), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants) (All versions < V4.3.0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions < V4.2.2), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions < V4.2.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions < V4.2.1), SIMATIC ET200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP Mobile Panels (incl. SIPLUS variants) (All versions), SIMATIC PN/PN Coupler (incl. SIPLUS NET variants) (All versions), SIMATIC PROFINET Driver (All versions < V2.1), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 PN Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < 4.8), SINAMICS G150 Control Unit (All versions < 4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants) (All versions), SINAMICS S150 Control Unit (All versions < 4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker\nto trigger a denial-of-service condition. The vulnerability can be triggered \nif a large amount of specially crafted UDP packets are sent to device.\n\nThe security vulnerability could be exploited by an attacker with network \naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the device.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n" } ] }, "references": { "reference_data": [ { - "refsource": "MISC", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf" + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf" } ] } diff --git a/2019/10xxx/CVE-2019-10938.json b/2019/10xxx/CVE-2019-10938.json index 50f839f4fa6..a146ebb1046 100644 --- a/2019/10xxx/CVE-2019-10938.json +++ b/2019/10xxx/CVE-2019-10938.json @@ -15,7 +15,7 @@ "product": { "product_data": [ { - "product_name": "Ethernet plug-in communication modules for SIPROTEC 5 devices with CPU variants CP200", + "product_name": "SIPROTEC 5 devices with CPU variants CP200", "version": { "version_data": [ { @@ -25,11 +25,11 @@ } }, { - "product_name": "SIPROTEC 5 devices with CPU variants CP300", + "product_name": "SIPROTEC 5 devices with CPU variants CP300 and CP100", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V8.01" } ] } @@ -56,16 +56,15 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Ethernet plug-in communication modules for SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. \n\nAt the time of advisory publication no public exploitation of this security vulnerability was known.\n" } ] }, "references": { "reference_data": [ { - "refsource": "MISC", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf" + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf" } ] } diff --git a/2019/10xxx/CVE-2019-10940.json b/2019/10xxx/CVE-2019-10940.json index c7f04c38e6b..f40596442da 100644 --- a/2019/10xxx/CVE-2019-10940.json +++ b/2019/10xxx/CVE-2019-10940.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-10940", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10940", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SINEMA Server", + "version": { + "version_data": [ + { + "version_value": "All versions < V14.0 SP2 Update 1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-266: Incorrect Privilege Assignment" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges,\nto perform firmware updates and other administrative operations on connected devices.\n\nThe security vulnerability could be exploited by an attacker with network access to the\naffected system. An attacker must have access to a low privileged account in order to exploit\nthe vulnerability. An attacker could use the vulnerability to compromise confidentiality,\nintegrity, and availability of the affected system and underlying components.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-880233.pdf" } ] } diff --git a/2019/13xxx/CVE-2019-13921.json b/2019/13xxx/CVE-2019-13921.json index 593025f5fe4..093b377d3fc 100644 --- a/2019/13xxx/CVE-2019-13921.json +++ b/2019/13xxx/CVE-2019-13921.json @@ -5,8 +5,8 @@ "STATE": "PUBLIC" }, "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", "affects": { "vendor": { "vendor_data": [ @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < SP3 Update 1" } ] } @@ -42,20 +42,19 @@ } ] }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf" - } - ] - }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the service provided by the software. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions < SP3 Update 1). Affected versions of the software contain a vulnerability that could\nallow an unauthenticated attacker to trigger a denial-of-service\ncondition. The vulnerability can be triggered if a large HTTP request\nis sent to the executing service.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the service provided by the software.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf" } ] } diff --git a/2019/13xxx/CVE-2019-13933.json b/2019/13xxx/CVE-2019-13933.json new file mode 100644 index 00000000000..30e3fd4be58 --- /dev/null +++ b/2019/13xxx/CVE-2019-13933.json @@ -0,0 +1,71 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-13933", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SCALANCE X-200RNA switch family", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). Affected devices contain a vulnerability that allows an unauthenticated attacker\nto violate access-control rules. The vulnerability can be triggered\nby sending GET request to specific uniform resource locator on the\nweb configuration interface of the device. \n\nThe security vulnerability could be exploited by an attacker with network\naccess to the affected systems. An attacker could use the vulnerability\nto obtain sensitive information or change the device configuration.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13939.json b/2019/13xxx/CVE-2019-13939.json new file mode 100644 index 00000000000..a25165b2557 --- /dev/null +++ b/2019/13xxx/CVE-2019-13939.json @@ -0,0 +1,110 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-13939", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "affects": { + "vendor" : { + "vendor_data" : [ + { + "vendor_name": "Siemens AG", + "product" : { + "product_data" : [ + { + "product_name": "Nucleus NET", + "version" : { + "version_data" : [ + { + "version_value" : "All versions" + } + ] + } + }, + { + "product_name": "Nucleus RTOS", + "version" : { + "version_data" : [ + { + "version_value" : "All versions" + } + ] + } + }, + { + "product_name": "Nucleus ReadyStart for ARM, MIPS, and PPC", + "version" : { + "version_data" : [ + { + "version_value" : "All versions < V2017.02.2 with patch \"Nucleus 2017.02.02 Nucleus NET Patch\"" + } + ] + } + }, + { + "product_name": "Nucleus SafetyCert", + "version" : { + "version_data" : [ + { + "version_value" : "All versions" + } + ] + } + }, + { + "product_name": "Nucleus Source Code", + "version" : { + "version_data" : [ + { + "version_value" : "All versions" + } + ] + } + }, + { + "product_name": "VSTAR", + "version" : { + "version_data" : [ + { + "version_value" : "All versions" + } + ] + } + } ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-840: Business Logic Errors" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch \"Nucleus 2017.02.02 Nucleus NET Patch\"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), VSTAR (All versions). By sending specially crafted DHCP packets to a device, an attacker may be able to affect availability and integrity of the device. Adjacent network access, but no authentication and no user interaction is needed to conduct this attack.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known." + } + ] + } +} diff --git a/2019/13xxx/CVE-2019-13942.json b/2019/13xxx/CVE-2019-13942.json index 43e51498163..eaf259aad5e 100644 --- a/2019/13xxx/CVE-2019-13942.json +++ b/2019/13xxx/CVE-2019-13942.json @@ -86,7 +86,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). An unauthorized user could exploit a buffer overflow vulnerability in the webserver. Specially crafted packets sent could cause a Denial-of-Service condition and if certain conditions are met, the affected devices must be restarted manually to fully recover. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). An unauthorized user could exploit a buffer overflow vulnerability in the webserver. Specially crafted packets sent could cause a Denial-of-Service condition and if certain conditions are met, the affected\ndevices must be restarted manually to fully recover. \n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, @@ -94,13 +94,7 @@ "reference_data": [ { "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf" - }, - { - "refsource": "MISC", - "name": "https://www.us-cert.gov/ics/advisories/icsa-19-344-07", - "url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-07" } ] } diff --git a/2019/13xxx/CVE-2019-13943.json b/2019/13xxx/CVE-2019-13943.json index f4a28f615c3..ef9361e326d 100644 --- a/2019/13xxx/CVE-2019-13943.json +++ b/2019/13xxx/CVE-2019-13943.json @@ -86,7 +86,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated to the web interface. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security. vulnerability was known." + "value": "A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify\ncontent of particular web pages, causing the application to behave in unexpected ways for legitimate\nusers. Successful exploitation does not require for an attacker to be authenticated to the web interface. \nThis could allow the attacker to read or modify contents of the web application.\n\nAt the time of advisory publication no public exploitation of this security.\nvulnerability was known. \n" } ] }, @@ -94,13 +94,7 @@ "reference_data": [ { "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf" - }, - { - "refsource": "MISC", - "name": "https://www.us-cert.gov/ics/advisories/icsa-19-344-07", - "url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-07" } ] } diff --git a/2019/13xxx/CVE-2019-13944.json b/2019/13xxx/CVE-2019-13944.json index 7a102c0693f..2d5e328b2ec 100644 --- a/2019/13xxx/CVE-2019-13944.json +++ b/2019/13xxx/CVE-2019-13944.json @@ -86,7 +86,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). A vulnerability in the integrated web server of the affected devices could allow unauthorized attackers to obtain sensitive information about the device, including logs and configurations. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). A vulnerability in the integrated web server \nof the affected devices could allow unauthorized attackers to obtain sensitive \ninformation about the device, including logs and configurations.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, @@ -94,13 +94,7 @@ "reference_data": [ { "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf" - }, - { - "refsource": "MISC", - "name": "https://www.us-cert.gov/ics/advisories/icsa-19-344-07", - "url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-07" } ] } diff --git a/2019/19xxx/CVE-2019-19278.json b/2019/19xxx/CVE-2019-19278.json index 12bf87d3ef8..8831bba911e 100644 --- a/2019/19xxx/CVE-2019-19278.json +++ b/2019/19xxx/CVE-2019-19278.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-19278", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-19278", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SINAMICS PERFECT HARMONY GH180 Drives\n\n MLFB 6SR32..-.....-....\n\n MLFB 6SR4...-.....-....\n\n MLFB 6SR5...-.....-....\n\n With option A30 (HMIs 12 inches or larger)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SINAMICS PERFECT HARMONY GH180 Drives\n\n MLFB 6SR325.-.....-.... (High Availability)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-693: Protection Mechanism Failure" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 Drives\n\n MLFB 6SR32..-.....-....\n\n MLFB 6SR4...-.....-....\n\n MLFB 6SR5...-.....-....\n\n With option A30 (HMIs 12 inches or larger) (All versions), SINAMICS PERFECT HARMONY GH180 Drives\n\n MLFB 6SR325.-.....-.... (High Availability) (All versions). The affected device contains a vulnerability that could allow an unauthenticated attacker to restore\nthe affected device to a point where predefined application and operating system\nprotection mechanisms are not in place.\n\nSuccessful exploitation requires physical access to the system, but no\nsystem privileges and no user interaction. An attacker could use the\nvulnerability to compromise confidentialiy, integrity and availability\nof the device.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-242353.pdf" } ] } diff --git a/2019/6xxx/CVE-2019-6567.json b/2019/6xxx/CVE-2019-6567.json index 612fb08a78b..dc04acfbd03 100644 --- a/2019/6xxx/CVE-2019-6567.json +++ b/2019/6xxx/CVE-2019-6567.json @@ -5,8 +5,8 @@ "STATE": "PUBLIC" }, "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", "affects": { "vendor": { "vendor_data": [ @@ -15,7 +15,7 @@ "product": { "product_data": [ { - "product_name": "SCALANCE X-200", + "product_name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)", "version": { "version_data": [ { @@ -25,7 +25,7 @@ } }, { - "product_name": "SCALANCE X-200IRT", + "product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)", "version": { "version_data": [ { @@ -35,11 +35,11 @@ } }, { - "product_name": "SCALANCE X-300", + "product_name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V4.1.3" } ] } @@ -72,20 +72,19 @@ } ] }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf" - } - ] - }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 (All Versions < V5.2.4), SCALANCE X-200IRT (All versions), SCALANCE X-300 (All versions), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker\nmay extract and recover device passwords from the device configuration.\n\nSuccessful exploitation requires access to a device configuration backup and\nimpacts confidentiality of the stored passwords.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf" } ] } diff --git a/2019/6xxx/CVE-2019-6568.json b/2019/6xxx/CVE-2019-6568.json index 2686acc3d05..22e572decaf 100644 --- a/2019/6xxx/CVE-2019-6568.json +++ b/2019/6xxx/CVE-2019-6568.json @@ -35,7 +35,7 @@ } }, { - "product_name": "SIMATIC CP343-1 Advanced", + "product_name": "CP343-1 Advanced (incl. SIPLUS NET variants)", "version": { "version_data": [ { @@ -45,7 +45,7 @@ } }, { - "product_name": "SIMATIC CP443-1", + "product_name": "CP443-1 (incl. SIPLUS NET variants)", "version": { "version_data": [ { @@ -55,7 +55,7 @@ } }, { - "product_name": "SIMATIC CP443-1 Advanced", + "product_name": "CP443-1 Advanced (incl. SIPLUS NET variants)", "version": { "version_data": [ { @@ -65,7 +65,7 @@ } }, { - "product_name": "SIMATIC CP443-1 OPC UA", + "product_name": "CP443-1 OPC UA (incl. SIPLUS NET variants)", "version": { "version_data": [ { @@ -75,7 +75,7 @@ } }, { - "product_name": "SIMATIC ET 200 SP Open Controller CPU 1515SP PC", + "product_name": "SIMATIC ET 200 SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -85,7 +85,7 @@ } }, { - "product_name": "SIMATIC ET 200 SP Open Controller CPU 1515SP PC2", + "product_name": "SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -95,31 +95,31 @@ } }, { - "product_name": "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\"", + "product_name": "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V15.1 Upd 4" } ] } }, { - "product_name": "SIMATIC HMI Comfort Panels 4\" - 22\"", + "product_name": "SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V15.1 Upd 4" } ] } }, { - "product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F", + "product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V15.1 Upd 4" } ] } @@ -195,7 +195,7 @@ } }, { - "product_name": "SIMATIC S7-1500 CPU family", + "product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "version": { "version_data": [ { @@ -215,7 +215,7 @@ } }, { - "product_name": "SIMATIC S7-300 CPU family", + "product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "version": { "version_data": [ { @@ -225,7 +225,7 @@ } }, { - "product_name": "SIMATIC S7-400 PN (incl. F) V6 and below", + "product_name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -235,7 +235,7 @@ } }, { - "product_name": "SIMATIC S7-400 PN/DP V7 (incl. F)", + "product_name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -299,13 +299,13 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V15.1 Upd 4" } ] } }, { - "product_name": "SIMOCODE pro V EIP", + "product_name": "SIMOCODE pro V EIP (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -315,7 +315,7 @@ } }, { - "product_name": "SIMOCODE pro V PN", + "product_name": "SIMOCODE pro V PN (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -325,7 +325,7 @@ } }, { - "product_name": "SINAMICS G130 V4.6 (Control Unit)", + "product_name": "SINAMICS G130 V4.6 Control Unit", "version": { "version_data": [ { @@ -335,7 +335,7 @@ } }, { - "product_name": "SINAMICS G130 V4.7 (Control Unit)", + "product_name": "SINAMICS G130 V4.7 Control Unit", "version": { "version_data": [ { @@ -345,7 +345,7 @@ } }, { - "product_name": "SINAMICS G130 V4.7 SP1 (Control Unit)", + "product_name": "SINAMICS G130 V4.7 SP1 Control Unit", "version": { "version_data": [ { @@ -355,7 +355,7 @@ } }, { - "product_name": "SINAMICS G130 V4.8 (Control Unit)", + "product_name": "SINAMICS G130 V4.8 Control Unit", "version": { "version_data": [ { @@ -365,7 +365,7 @@ } }, { - "product_name": "SINAMICS G130 V5.1 (Control Unit)", + "product_name": "SINAMICS G130 V5.1 Control Unit", "version": { "version_data": [ { @@ -375,7 +375,7 @@ } }, { - "product_name": "SINAMICS G130 V5.1 SP1 (Control Unit)", + "product_name": "SINAMICS G130 V5.1 SP1 Control Unit", "version": { "version_data": [ { @@ -385,7 +385,7 @@ } }, { - "product_name": "SINAMICS G150 V4.6 (Control Unit)", + "product_name": "SINAMICS G150 V4.6 Control Unit", "version": { "version_data": [ { @@ -395,7 +395,7 @@ } }, { - "product_name": "SINAMICS G150 V4.7 (Control Unit)", + "product_name": "SINAMICS G150 V4.7 Control Unit", "version": { "version_data": [ { @@ -405,7 +405,7 @@ } }, { - "product_name": "SINAMICS G150 V4.7 SP1 (Control Unit)", + "product_name": "SINAMICS G150 V4.7 SP1 Control Unit", "version": { "version_data": [ { @@ -415,7 +415,7 @@ } }, { - "product_name": "SINAMICS G150 V4.8 (Control Unit)", + "product_name": "SINAMICS G150 V4.8 Control Unit", "version": { "version_data": [ { @@ -425,7 +425,7 @@ } }, { - "product_name": "SINAMICS G150 V5.1 (Control Unit)", + "product_name": "SINAMICS G150 V5.1 Control Unit", "version": { "version_data": [ { @@ -435,7 +435,7 @@ } }, { - "product_name": "SINAMICS G150 V5.1 SP1 (Control Unit)", + "product_name": "SINAMICS G150 V5.1 SP1 Control Unit", "version": { "version_data": [ { @@ -505,7 +505,7 @@ } }, { - "product_name": "SINAMICS S120 V4.6 (Control Unit)", + "product_name": "SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -515,7 +515,7 @@ } }, { - "product_name": "SINAMICS S120 V4.7 (Control Unit)", + "product_name": "SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -525,7 +525,7 @@ } }, { - "product_name": "SINAMICS S120 V4.7 SP1 (Control Unit)", + "product_name": "SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -535,7 +535,7 @@ } }, { - "product_name": "SINAMICS S120 V4.8 (Control Unit)", + "product_name": "SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -545,7 +545,7 @@ } }, { - "product_name": "SINAMICS S120 V5.1 (Control Unit)", + "product_name": "SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -555,7 +555,7 @@ } }, { - "product_name": "SINAMICS S120 V5.1 SP1 (Control Unit)", + "product_name": "SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -565,7 +565,7 @@ } }, { - "product_name": "SINAMICS S150 V4.6 (Control Unit)", + "product_name": "SINAMICS S150 V4.6 Control Unit", "version": { "version_data": [ { @@ -575,7 +575,7 @@ } }, { - "product_name": "SINAMICS S150 V4.7 (Control Unit)", + "product_name": "SINAMICS S150 V4.7 Control Unit", "version": { "version_data": [ { @@ -585,7 +585,7 @@ } }, { - "product_name": "SINAMICS S150 V4.7 SP1 (Control Unit)", + "product_name": "SINAMICS S150 V4.7 SP1 Control Unit", "version": { "version_data": [ { @@ -595,7 +595,7 @@ } }, { - "product_name": "SINAMICS S150 V4.8 (Control Unit)", + "product_name": "SINAMICS S150 V4.8 Control Unit", "version": { "version_data": [ { @@ -605,7 +605,7 @@ } }, { - "product_name": "SINAMICS S150 V5.1 (Control Unit)", + "product_name": "SINAMICS S150 V5.1 Control Unit", "version": { "version_data": [ { @@ -615,7 +615,7 @@ } }, { - "product_name": "SINAMICS S150 V5.1 SP1 (Control Unit)", + "product_name": "SINAMICS S150 V5.1 SP1 Control Unit", "version": { "version_data": [ { @@ -625,7 +625,7 @@ } }, { - "product_name": "SINAMICS S210 V5.1 (Control Unit)", + "product_name": "SINAMICS S210 V5.1 Control Unit", "version": { "version_data": [ { @@ -635,7 +635,7 @@ } }, { - "product_name": "SINAMICS S210 V5.1 SP1 (Control Unit)", + "product_name": "SINAMICS S210 V5.1 SP1 Control Unit", "version": { "version_data": [ { @@ -699,7 +699,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V1.1" } ] } @@ -715,17 +715,17 @@ } }, { - "product_name": "SITOP UPS1600", + "product_name": "SITOP UPS1600 (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V2.3" } ] } }, { - "product_name": "TIM 1531 IRC", + "product_name": "TIM 1531 IRC (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -756,21 +756,19 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in CP1604, CP1616, SIMATIC CP343-1 Advanced, SIMATIC CP443-1, SIMATIC CP443-1 Advanced, SIMATIC CP443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC, SIMATIC ET 200 SP Open Controller CPU 1515SP PC2, SIMATIC HMI Comfort Outdoor Panels 7\" & 15\", SIMATIC HMI Comfort Panels 4\" - 22\", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family, SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family, SIMATIC S7-400 PN (incl. F) V6 and below, SIMATIC S7-400 PN/DP V7 (incl. F), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP, SIMOCODE pro V PN, SINAMICS G130 V4.6 (Control Unit), SINAMICS G130 V4.7 (Control Unit), SINAMICS G130 V4.7 SP1 (Control Unit), SINAMICS G130 V4.8 (Control Unit), SINAMICS G130 V5.1 (Control Unit), SINAMICS G130 V5.1 SP1 (Control Unit), SINAMICS G150 V4.6 (Control Unit), SINAMICS G150 V4.7 (Control Unit), SINAMICS G150 V4.7 SP1 (Control Unit), SINAMICS G150 V4.8 (Control Unit), SINAMICS G150 V5.1 (Control Unit), SINAMICS G150 V5.1 SP1 (Control Unit), SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 (Control Unit), SINAMICS S120 V4.7 (Control Unit), SINAMICS S120 V4.7 SP1 (Control Unit), SINAMICS S120 V4.8 (Control Unit), SINAMICS S120 V5.1 (Control Unit), SINAMICS S120 V5.1 SP1 (Control Unit), SINAMICS S150 V4.6 (Control Unit), SINAMICS S150 V4.7 (Control Unit), SINAMICS S150 V4.7 SP1 (Control Unit), SINAMICS S150 V4.8 (Control Unit), SINAMICS S150 V5.1 (Control Unit), SINAMICS S150 V5.1 SP1 (Control Unit), SINAMICS S210 V5.1 (Control Unit), SINAMICS S210 V5.1 SP1 (Control Unit), SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600, TIM 1531 IRC. The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in CP1604, CP1616, CP343-1 Advanced (incl. SIPLUS NET variants), CP443-1 (incl. SIPLUS NET variants), CP443-1 Advanced (incl. SIPLUS NET variants), CP443-1 OPC UA (incl. SIPLUS NET variants), SIMATIC ET 200 SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (incl. SIPLUS variants), SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SINAMICS G130 V4.6 Control Unit, SINAMICS G130 V4.7 Control Unit, SINAMICS G130 V4.7 SP1 Control Unit, SINAMICS G130 V4.8 Control Unit, SINAMICS G130 V5.1 Control Unit, SINAMICS G130 V5.1 SP1 Control Unit, SINAMICS G150 V4.6 Control Unit, SINAMICS G150 V4.7 Control Unit, SINAMICS G150 V4.7 SP1 Control Unit, SINAMICS G150 V4.8 Control Unit, SINAMICS G150 V5.1 Control Unit, SINAMICS G150 V5.1 SP1 Control Unit, SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S150 V4.6 Control Unit, SINAMICS S150 V4.7 Control Unit, SINAMICS S150 V4.7 SP1 Control Unit, SINAMICS S150 V4.8 Control Unit, SINAMICS S150 V5.1 Control Unit, SINAMICS S150 V5.1 SP1 Control Unit, SINAMICS S210 V5.1 Control Unit, SINAMICS S210 V5.1 SP1 Control Unit, SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600 (incl. SIPLUS variants), TIM 1531 IRC (incl. SIPLUS variants). The webserver of the affected devices contains a vulnerability that may lead to\na denial-of-service condition. An attacker may cause a denial-of-service\nsituation which leads to a restart of the webserver of the affected device.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the device.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n" } ] }, "references": { "reference_data": [ { - "refsource": "MISC", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf" + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf" }, { - "refsource": "MISC", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf" + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf" } ] } diff --git a/2019/6xxx/CVE-2019-6569.json b/2019/6xxx/CVE-2019-6569.json index 626759187b6..317a7424569 100644 --- a/2019/6xxx/CVE-2019-6569.json +++ b/2019/6xxx/CVE-2019-6569.json @@ -5,8 +5,8 @@ "STATE": "PUBLIC" }, "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", "affects": { "vendor": { "vendor_data": [ @@ -15,31 +15,31 @@ "product": { "product_data": [ { - "product_name": "Scalance X-200", + "product_name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)", "version": { "version_data": [ { - "version_value": "All versions = V7.1), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15-P018), SIMATIC WinCC Runtime Advanced (All versions), SINEC-NMS (All versions), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SIMATIC CP443-1 OPC UA (incl. SIPLUS NET variants) (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions), SIMATIC NET PC Software (All versions >= V7.1), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15-P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC-NMS (All versions), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp\ncould allow an unauthenticated remote attacker to cause a Denial-of-Service\ncondition of the OPC communication or crash the device.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the OPC communication.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf" } ] } From 1d41ab727fd4a437d33a56d3ee9d606de8497538 Mon Sep 17 00:00:00 2001 From: DellEMCProductSecurity Date: Thu, 16 Jan 2020 09:22:32 -0500 Subject: [PATCH 109/387] Updated Affected products for CVE-2019-3764 --- 2019/3xxx/CVE-2019-3764.json | 47 ++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 24 deletions(-) diff --git a/2019/3xxx/CVE-2019-3764.json b/2019/3xxx/CVE-2019-3764.json index 09ce9bde5ab..cdea49186df 100644 --- a/2019/3xxx/CVE-2019-3764.json +++ b/2019/3xxx/CVE-2019-3764.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2019-11-04", - "ID": "CVE-2019-3764", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2019-11-04", + "ID": "CVE-2019-3764", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,60 +12,59 @@ "product": { "product_data": [ { - "product_name": "Integrated Dell Remote Access Controller (iDRAC)", + "product_name": "Integrated Dell Remote Access Controller (iDRAC)", "version": { "version_data": [ { - "version_affected": "<", - "version_value": "iDRAC8: 2.70.70.70, iDRAC9: 3.40.40.40 and 3.36.36.36" + "version_affected": "<", + "version_value": "iDRAC7: 2.65.65.65, iDRAC8: 2.70.70.70, iDRAC9: 3.40.40.40 and 3.36.36.36" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "Dell EMC iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes." + "lang": "eng", + "value": "Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes." } ] - }, + }, "impact": { "cvss": { - "baseScore": 5.0, - "baseSeverity": "Medium", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 5.0, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-285: Improper Authorization" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "MISC", - "url": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en", - "name": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en" + "refsource": "CONFIRM", + "url": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en" } ] } From f9af229662ee8638cbaa459c62868e5df9afbaf0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 16 Jan 2020 15:01:13 +0000 Subject: [PATCH 110/387] "-Synchronized-Data." --- 2010/2xxx/CVE-2010-2076.json | 5 +++ 2011/1xxx/CVE-2011-1096.json | 5 +++ 2012/0xxx/CVE-2012-0803.json | 5 +++ 2012/2xxx/CVE-2012-2378.json | 5 +++ 2012/2xxx/CVE-2012-2379.json | 5 +++ 2012/3xxx/CVE-2012-3451.json | 5 +++ 2012/5xxx/CVE-2012-5575.json | 5 +++ 2012/5xxx/CVE-2012-5633.json | 5 +++ 2013/0xxx/CVE-2013-0239.json | 5 +++ 2013/2xxx/CVE-2013-2160.json | 5 +++ 2014/0xxx/CVE-2014-0034.json | 5 +++ 2014/0xxx/CVE-2014-0035.json | 5 +++ 2014/0xxx/CVE-2014-0109.json | 5 +++ 2014/0xxx/CVE-2014-0110.json | 5 +++ 2014/3xxx/CVE-2014-3566.json | 5 +++ 2014/3xxx/CVE-2014-3577.json | 10 ++++++ 2014/3xxx/CVE-2014-3584.json | 5 +++ 2014/3xxx/CVE-2014-3623.json | 5 +++ 2015/5xxx/CVE-2015-5175.json | 5 +++ 2015/5xxx/CVE-2015-5253.json | 5 +++ 2016/4xxx/CVE-2016-4464.json | 5 +++ 2016/6xxx/CVE-2016-6812.json | 5 +++ 2016/8xxx/CVE-2016-8739.json | 5 +++ 2017/12xxx/CVE-2017-12624.json | 5 +++ 2017/12xxx/CVE-2017-12631.json | 5 +++ 2017/3xxx/CVE-2017-3156.json | 5 +++ 2017/5xxx/CVE-2017-5653.json | 5 +++ 2017/5xxx/CVE-2017-5656.json | 5 +++ 2017/7xxx/CVE-2017-7661.json | 5 +++ 2017/7xxx/CVE-2017-7662.json | 5 +++ 2018/8xxx/CVE-2018-8038.json | 5 +++ 2018/8xxx/CVE-2018-8039.json | 5 +++ 2019/12xxx/CVE-2019-12406.json | 5 +++ 2019/12xxx/CVE-2019-12419.json | 5 +++ 2019/19xxx/CVE-2019-19680.json | 2 +- 2019/20xxx/CVE-2019-20327.json | 61 ++++++++++++++++++++++++++++++---- 36 files changed, 231 insertions(+), 7 deletions(-) diff --git a/2010/2xxx/CVE-2010-2076.json b/2010/2xxx/CVE-2010-2076.json index 0fb8d6a65a2..8001039afce 100644 --- a/2010/2xxx/CVE-2010-2076.json +++ b/2010/2xxx/CVE-2010-2076.json @@ -101,6 +101,11 @@ "name": "40969", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40969" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2011/1xxx/CVE-2011-1096.json b/2011/1xxx/CVE-2011-1096.json index fc4a3ca8f12..264133fbff8 100644 --- a/2011/1xxx/CVE-2011-1096.json +++ b/2011/1xxx/CVE-2011-1096.json @@ -176,6 +176,11 @@ "refsource": "MLIST", "name": "[cxf-commits] 20190326 svn commit: r1042570 [4/4] - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-http-signature.html docs/jax-rs-jose.html docs/jax-rs-oauth2.html docs/jax-rs-xml-security.html docs/secure-jax-rs-services.html", "url": "https://lists.apache.org/thread.html/8d5d29747548a24cccdb7f3e2d4d599ffb7ffe4537426b3c9a852cf4@%3Ccommits.cxf.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2012/0xxx/CVE-2012-0803.json b/2012/0xxx/CVE-2012-0803.json index e9fd15f8c41..b0c2438104b 100644 --- a/2012/0xxx/CVE-2012-0803.json +++ b/2012/0xxx/CVE-2012-0803.json @@ -61,6 +61,11 @@ "name": "http://svn.apache.org/viewvc?view=revision&revision=1233457", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision&revision=1233457" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2012/2xxx/CVE-2012-2378.json b/2012/2xxx/CVE-2012-2378.json index 466d515015a..0a8f5475b8e 100644 --- a/2012/2xxx/CVE-2012-2378.json +++ b/2012/2xxx/CVE-2012-2378.json @@ -86,6 +86,11 @@ "name": "http://svn.apache.org/viewvc?view=revision&revision=1337150", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision&revision=1337150" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2012/2xxx/CVE-2012-2379.json b/2012/2xxx/CVE-2012-2379.json index c0ff3921742..c955d64f759 100644 --- a/2012/2xxx/CVE-2012-2379.json +++ b/2012/2xxx/CVE-2012-2379.json @@ -141,6 +141,11 @@ "name": "RHSA-2013:0194", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2012/3xxx/CVE-2012-3451.json b/2012/3xxx/CVE-2012-3451.json index 072c7f897f2..f28a4535ceb 100644 --- a/2012/3xxx/CVE-2012-3451.json +++ b/2012/3xxx/CVE-2012-3451.json @@ -126,6 +126,11 @@ "name": "RHSA-2013:0726", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2012/5xxx/CVE-2012-5575.json b/2012/5xxx/CVE-2012-5575.json index 5cdd78cec45..2fec9213a3d 100644 --- a/2012/5xxx/CVE-2012-5575.json +++ b/2012/5xxx/CVE-2012-5575.json @@ -126,6 +126,11 @@ "name": "RHSA-2013:0874", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0874.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2012/5xxx/CVE-2012-5633.json b/2012/5xxx/CVE-2012-5633.json index 5ee6258e60f..13b4e459491 100644 --- a/2012/5xxx/CVE-2012-5633.json +++ b/2012/5xxx/CVE-2012-5633.json @@ -151,6 +151,11 @@ "name": "RHSA-2013:0726", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2013/0xxx/CVE-2013-0239.json b/2013/0xxx/CVE-2013-0239.json index cfd3f6ef0ff..6a3dd2a892a 100644 --- a/2013/0xxx/CVE-2013-0239.json +++ b/2013/0xxx/CVE-2013-0239.json @@ -96,6 +96,11 @@ "name": "http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2013/2xxx/CVE-2013-2160.json b/2013/2xxx/CVE-2013-2160.json index 3af5d3dd31f..2f6d970c571 100644 --- a/2013/2xxx/CVE-2013-2160.json +++ b/2013/2xxx/CVE-2013-2160.json @@ -81,6 +81,11 @@ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=929197", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=929197" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0034.json b/2014/0xxx/CVE-2014-0034.json index 4d1d6a5f659..86693da7ec6 100644 --- a/2014/0xxx/CVE-2014-0034.json +++ b/2014/0xxx/CVE-2014-0034.json @@ -96,6 +96,11 @@ "name": "RHSA-2014:1351", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0035.json b/2014/0xxx/CVE-2014-0035.json index fe96d3c861a..6e3609c54d2 100644 --- a/2014/0xxx/CVE-2014-0035.json +++ b/2014/0xxx/CVE-2014-0035.json @@ -91,6 +91,11 @@ "name": "RHSA-2014:1351", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0109.json b/2014/0xxx/CVE-2014-0109.json index 98b83ceb491..abda5d37b39 100644 --- a/2014/0xxx/CVE-2014-0109.json +++ b/2014/0xxx/CVE-2014-0109.json @@ -76,6 +76,11 @@ "name": "RHSA-2014:1351", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0110.json b/2014/0xxx/CVE-2014-0110.json index de1757cb417..5739140d92a 100644 --- a/2014/0xxx/CVE-2014-0110.json +++ b/2014/0xxx/CVE-2014-0110.json @@ -76,6 +76,11 @@ "name": "RHSA-2014:1351", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2014/3xxx/CVE-2014-3566.json b/2014/3xxx/CVE-2014-3566.json index 18b04e7936c..a002dcd7cfd 100644 --- a/2014/3xxx/CVE-2014-3566.json +++ b/2014/3xxx/CVE-2014-3566.json @@ -1341,6 +1341,11 @@ "name": "HPSBPI03107", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=143558137709884&w=2" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2014/3xxx/CVE-2014-3577.json b/2014/3xxx/CVE-2014-3577.json index 135b42e41b0..1a56b7cd014 100644 --- a/2014/3xxx/CVE-2014-3577.json +++ b/2014/3xxx/CVE-2014-3577.json @@ -231,6 +231,16 @@ "refsource": "MLIST", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2014/3xxx/CVE-2014-3584.json b/2014/3xxx/CVE-2014-3584.json index b4967a99c2c..98bd312b26c 100644 --- a/2014/3xxx/CVE-2014-3584.json +++ b/2014/3xxx/CVE-2014-3584.json @@ -76,6 +76,11 @@ "name": "http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc", "refsource": "CONFIRM", "url": "http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2014/3xxx/CVE-2014-3623.json b/2014/3xxx/CVE-2014-3623.json index f244f2bf898..26ec5812d65 100644 --- a/2014/3xxx/CVE-2014-3623.json +++ b/2014/3xxx/CVE-2014-3623.json @@ -96,6 +96,11 @@ "name": "apache-cxf-cve20143623-sec-bypass(97754)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97754" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2015/5xxx/CVE-2015-5175.json b/2015/5xxx/CVE-2015-5175.json index 3502d06895f..3a7367a170a 100644 --- a/2015/5xxx/CVE-2015-5175.json +++ b/2015/5xxx/CVE-2015-5175.json @@ -76,6 +76,11 @@ "name": "https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=commit;h=f65c961ea31e3c1851daba8e7e49fc37bbf77b19", "refsource": "CONFIRM", "url": "https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=commit;h=f65c961ea31e3c1851daba8e7e49fc37bbf77b19" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2015/5xxx/CVE-2015-5253.json b/2015/5xxx/CVE-2015-5253.json index 56e963cf9eb..3b339d9fdd1 100644 --- a/2015/5xxx/CVE-2015-5253.json +++ b/2015/5xxx/CVE-2015-5253.json @@ -76,6 +76,11 @@ "name": "[oss-security] 20151114 New security advisory for Apache CXF", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/11/14/1" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2016/4xxx/CVE-2016-4464.json b/2016/4xxx/CVE-2016-4464.json index a66fbe15e52..d15fe88fd38 100644 --- a/2016/4xxx/CVE-2016-4464.json +++ b/2016/4xxx/CVE-2016-4464.json @@ -76,6 +76,11 @@ "name": "https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=commit;h=0006581e9cacbeef46381a223e5671e524d416b6", "refsource": "CONFIRM", "url": "https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=commit;h=0006581e9cacbeef46381a223e5671e524d416b6" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2016/6xxx/CVE-2016-6812.json b/2016/6xxx/CVE-2016-6812.json index 17a2a442045..40b67c8db12 100644 --- a/2016/6xxx/CVE-2016-6812.json +++ b/2016/6xxx/CVE-2016-6812.json @@ -80,6 +80,11 @@ "name": "97582", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97582" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2016/8xxx/CVE-2016-8739.json b/2016/8xxx/CVE-2016-8739.json index 8cc57540d8a..c7ea7b124f3 100644 --- a/2016/8xxx/CVE-2016-8739.json +++ b/2016/8xxx/CVE-2016-8739.json @@ -75,6 +75,11 @@ "name": "http://cxf.apache.org/security-advisories.data/CVE-2016-8739.txt.asc", "refsource": "CONFIRM", "url": "http://cxf.apache.org/security-advisories.data/CVE-2016-8739.txt.asc" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2017/12xxx/CVE-2017-12624.json b/2017/12xxx/CVE-2017-12624.json index 1f0f0c6164a..6ae17352945 100644 --- a/2017/12xxx/CVE-2017-12624.json +++ b/2017/12xxx/CVE-2017-12624.json @@ -90,6 +90,11 @@ "name": "http://cxf.apache.org/security-advisories.data/CVE-2017-12624.txt.asc", "refsource": "CONFIRM", "url": "http://cxf.apache.org/security-advisories.data/CVE-2017-12624.txt.asc" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2017/12xxx/CVE-2017-12631.json b/2017/12xxx/CVE-2017-12631.json index 9bdb215d518..fb40a06365b 100644 --- a/2017/12xxx/CVE-2017-12631.json +++ b/2017/12xxx/CVE-2017-12631.json @@ -70,6 +70,11 @@ "name": "[cxf-user] 20171130 Apache CXF Fediz 1.4.3 and 1.3.3 released with a new security advisory CVE-2017-12631", "refsource": "MLIST", "url": "http://cxf.547215.n5.nabble.com/Apache-CXF-Fediz-1-4-3-and-1-3-3-released-with-a-new-security-advisory-CVE-2017-12631-td5785868.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2017/3xxx/CVE-2017-3156.json b/2017/3xxx/CVE-2017-3156.json index 6dbba425291..37889022655 100644 --- a/2017/3xxx/CVE-2017-3156.json +++ b/2017/3xxx/CVE-2017-3156.json @@ -70,6 +70,11 @@ "name": "http://cxf.apache.org/security-advisories.data/CVE-2017-3156.txt.asc", "refsource": "CONFIRM", "url": "http://cxf.apache.org/security-advisories.data/CVE-2017-3156.txt.asc" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2017/5xxx/CVE-2017-5653.json b/2017/5xxx/CVE-2017-5653.json index bc631ecec76..70fcf65a954 100644 --- a/2017/5xxx/CVE-2017-5653.json +++ b/2017/5xxx/CVE-2017-5653.json @@ -74,6 +74,11 @@ "name": "97968", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97968" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2017/5xxx/CVE-2017-5656.json b/2017/5xxx/CVE-2017-5656.json index 43ec036a4ab..7493b1ca424 100644 --- a/2017/5xxx/CVE-2017-5656.json +++ b/2017/5xxx/CVE-2017-5656.json @@ -79,6 +79,11 @@ "name": "RHSA-2018:1694", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1694" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2017/7xxx/CVE-2017-7661.json b/2017/7xxx/CVE-2017-7661.json index 6ab73fed381..457541ef3d4 100644 --- a/2017/7xxx/CVE-2017-7661.json +++ b/2017/7xxx/CVE-2017-7661.json @@ -61,6 +61,11 @@ "name": "1038497", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038497" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2017/7xxx/CVE-2017-7662.json b/2017/7xxx/CVE-2017-7662.json index f2a711451bf..8548c69b625 100644 --- a/2017/7xxx/CVE-2017-7662.json +++ b/2017/7xxx/CVE-2017-7662.json @@ -61,6 +61,11 @@ "name": "1038498", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038498" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2018/8xxx/CVE-2018-8038.json b/2018/8xxx/CVE-2018-8038.json index dd8c767eefc..9abbe27c1a1 100644 --- a/2018/8xxx/CVE-2018-8038.json +++ b/2018/8xxx/CVE-2018-8038.json @@ -72,6 +72,11 @@ "name": "http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc", "refsource": "CONFIRM", "url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2018/8xxx/CVE-2018-8039.json b/2018/8xxx/CVE-2018-8039.json index 2aeb3389e32..4c642df4304 100644 --- a/2018/8xxx/CVE-2018-8039.json +++ b/2018/8xxx/CVE-2018-8039.json @@ -140,6 +140,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2019/12xxx/CVE-2019-12406.json b/2019/12xxx/CVE-2019-12406.json index 2591325af53..b5ee7602e7f 100644 --- a/2019/12xxx/CVE-2019-12406.json +++ b/2019/12xxx/CVE-2019-12406.json @@ -53,6 +53,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] }, diff --git a/2019/12xxx/CVE-2019-12419.json b/2019/12xxx/CVE-2019-12419.json index 63677dd2ab5..e4b14798041 100644 --- a/2019/12xxx/CVE-2019-12419.json +++ b/2019/12xxx/CVE-2019-12419.json @@ -53,6 +53,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] }, diff --git a/2019/19xxx/CVE-2019-19680.json b/2019/19xxx/CVE-2019-19680.json index d01c475b2f8..4f6171c22dd 100644 --- a/2019/19xxx/CVE-2019-19680.json +++ b/2019/19xxx/CVE-2019-19680.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A file-extension filtering vulnerability in ProofPoint Protection Server Email Firewall through 8.10 allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart email." + "value": "A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart email." } ] }, diff --git a/2019/20xxx/CVE-2019-20327.json b/2019/20xxx/CVE-2019-20327.json index 9d5a02ec12f..44f40af340a 100644 --- a/2019/20xxx/CVE-2019-20327.json +++ b/2019/20xxx/CVE-2019-20327.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20327", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20327", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure permissions in cwrapper_perl in Centreon Infrastructure Monitoring Software through 19.10 allow local attackers to gain privileges. (cwrapper_perl is a setuid executable allowing execution of Perl scripts with root privileges.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.centreon.com/en/", + "refsource": "MISC", + "name": "https://www.centreon.com/en/" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/Diefunction/9237f46b8659a65ab08de8ec9c258139", + "url": "https://gist.github.com/Diefunction/9237f46b8659a65ab08de8ec9c258139" } ] } From 9ee3febb615f0da69b5fc6795644986c41a30490 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 16 Jan 2020 16:01:22 +0000 Subject: [PATCH 111/387] "-Synchronized-Data." --- 2018/0xxx/CVE-2018-0719.json | 4 +- 2018/0xxx/CVE-2018-0721.json | 4 +- 2018/4xxx/CVE-2018-4833.json | 5 ++- 2018/4xxx/CVE-2018-4842.json | 12 ++++-- 2018/4xxx/CVE-2018-4848.json | 12 ++++-- 2019/10xxx/CVE-2019-10923.json | 7 ++-- 2019/10xxx/CVE-2019-10934.json | 7 ++-- 2019/10xxx/CVE-2019-10936.json | 7 ++-- 2019/10xxx/CVE-2019-10938.json | 7 ++-- 2019/10xxx/CVE-2019-10940.json | 7 ++-- 2019/13xxx/CVE-2019-13921.json | 7 ++-- 2019/13xxx/CVE-2019-13933.json | 7 ++-- 2019/13xxx/CVE-2019-13939.json | 58 +++++++++++++++-------------- 2019/13xxx/CVE-2019-13942.json | 12 ++++-- 2019/13xxx/CVE-2019-13943.json | 12 ++++-- 2019/13xxx/CVE-2019-13944.json | 12 ++++-- 2019/17xxx/CVE-2019-17016.json | 15 ++++++++ 2019/17xxx/CVE-2019-17017.json | 15 ++++++++ 2019/17xxx/CVE-2019-17022.json | 15 ++++++++ 2019/17xxx/CVE-2019-17024.json | 15 ++++++++ 2019/18xxx/CVE-2019-18282.json | 67 ++++++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19278.json | 7 ++-- 2019/3xxx/CVE-2019-3764.json | 45 ++++++++++++----------- 2019/6xxx/CVE-2019-6567.json | 7 ++-- 2019/6xxx/CVE-2019-6568.json | 12 +++--- 2019/6xxx/CVE-2019-6569.json | 7 ++-- 2019/6xxx/CVE-2019-6575.json | 7 ++-- 2020/2xxx/CVE-2020-2583.json | 10 +++++ 2020/2xxx/CVE-2020-2590.json | 10 +++++ 2020/2xxx/CVE-2020-2593.json | 10 +++++ 2020/2xxx/CVE-2020-2601.json | 10 +++++ 2020/2xxx/CVE-2020-2604.json | 10 +++++ 2020/2xxx/CVE-2020-2654.json | 10 +++++ 2020/2xxx/CVE-2020-2655.json | 10 +++++ 34 files changed, 353 insertions(+), 109 deletions(-) create mode 100644 2019/18xxx/CVE-2019-18282.json diff --git a/2018/0xxx/CVE-2018-0719.json b/2018/0xxx/CVE-2018-0719.json index 1dafe47bbe1..38ca467765f 100644 --- a/2018/0xxx/CVE-2018-0719.json +++ b/2018/0xxx/CVE-2018-0719.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "psirt@qnap.com", + "ASSIGNER": "security@qnap.com", "DATE_PUBLIC": "2018-09-19T16:00:00.000Z", "ID": "CVE-2018-0719", "STATE": "PUBLIC", @@ -54,7 +54,7 @@ "description_data": [ { "lang": "eng", - "value": "Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript.\nThis issue affects:\nQNAP Systems Inc. QTS\nversion 4.2.6 and prior versions on build 20180711;\nversion 4.3.3 and prior versions on build 20180725;\nversion 4.3.4 and prior versions on build 20180710." + "value": "Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710." } ] }, diff --git a/2018/0xxx/CVE-2018-0721.json b/2018/0xxx/CVE-2018-0721.json index 2ad84b8e742..5e25bb6aedb 100644 --- a/2018/0xxx/CVE-2018-0721.json +++ b/2018/0xxx/CVE-2018-0721.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "psirt@qnap.com", + "ASSIGNER": "security@qnap.com", "ID": "CVE-2018-0721", "STATE": "PUBLIC", "TITLE": "Security Advisory for Vulnerabilities in QTS" @@ -53,7 +53,7 @@ "description_data": [ { "lang": "eng", - "value": "Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code.\nThis issue affects:\nQNAP Systems Inc. QTS\nversion 4.2.6 and prior versions on build 20180711;\nversion 4.3.3 and prior versions on build 20180725;\nversion 4.3.4 and prior versions on build 20180710." + "value": "Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710." } ] }, diff --git a/2018/4xxx/CVE-2018-4833.json b/2018/4xxx/CVE-2018-4833.json index 7e6ef0191e0..8bbf0c680e5 100644 --- a/2018/4xxx/CVE-2018-4833.json +++ b/2018/4xxx/CVE-2018-4833.json @@ -133,8 +133,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf" } ] } diff --git a/2018/4xxx/CVE-2018-4842.json b/2018/4xxx/CVE-2018-4842.json index bad8ec59715..fb22ee1a952 100644 --- a/2018/4xxx/CVE-2018-4842.json +++ b/2018/4xxx/CVE-2018-4842.json @@ -56,15 +56,21 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). A remote, authenticated attacker with access to the configuration web\nserver could be able to store script code on the web site, if the HRP redundancy \noption is set. This code could be executed in the web browser of victims visiting \nthis web site (XSS), affecting its confidentiality, integrity and availability. \n\nUser interaction is required for successful exploitation, as the user needs\nto visit the manipulated web site. At the stage of publishing this security\nadvisory no public exploitation is known. The vendor has confirmed the\nvulnerability and provides mitigations to resolve it.\n" + "value": "A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). A remote, authenticated attacker with access to the configuration web server could be able to store script code on the web site, if the HRP redundancy option is set. This code could be executed in the web browser of victims visiting this web site (XSS), affecting its confidentiality, integrity and availability. User interaction is required for successful exploitation, as the user needs to visit the manipulated web site. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf" + }, + { + "refsource": "BID", + "name": "104494", + "url": "https://www.securityfocus.com/bid/104494" } ] } diff --git a/2018/4xxx/CVE-2018-4848.json b/2018/4xxx/CVE-2018-4848.json index 7f0afa6f277..51bf82ca119 100644 --- a/2018/4xxx/CVE-2018-4848.json +++ b/2018/4xxx/CVE-2018-4848.json @@ -66,15 +66,21 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). The integrated configuration web server of the affected Scalance X Switches could allow\nCross-Site Scripting (XSS) attacks if unsuspecting users are tricked into\naccessing a malicious link.\n\nUser interaction is required for a successful exploitation. The user must \nbe logged into the web interface in order for the exploitation to succeed.\nAt the stage of publishing this security advisory no public exploitation is known.\nThe vendor has confirmed the vulnerability and provides mitigations to resolve it.\n" + "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). The integrated configuration web server of the affected Scalance X Switches could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf" + "refsource": "BID", + "name": "104494", + "url": "http://www.securityfocus.com/bid/104494" + }, + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf" } ] } diff --git a/2019/10xxx/CVE-2019-10923.json b/2019/10xxx/CVE-2019-10923.json index fd826ed572e..169a697dc94 100644 --- a/2019/10xxx/CVE-2019-10923.json +++ b/2019/10xxx/CVE-2019-10923.json @@ -356,15 +356,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.2.1), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro (incl. SIPLUS variants) (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (incl. SIPLUS variants) (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < V4.7 HF29), SINAMICS G150 Control Unit (All versions < V4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants) (All versions < V4.7 HF34), SINAMICS S150 Control Unit (All versions < V4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a\nDenial-of-Service condition by breaking the real-time synchronization (IRT)\nof the affected installation.\n\nThe security vulnerability could be exploited by an unauthenticated attacker\nwith network access to the affected installation. No user interaction is\nrequired to exploit this security vulnerability. The vulnerability impacts\nthe availability of the affected installations.\n" + "value": "A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.2.1), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro (incl. SIPLUS variants) (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (incl. SIPLUS variants) (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < V4.7 HF29), SINAMICS G150 Control Unit (All versions < V4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants) (All versions < V4.7 HF34), SINAMICS S150 Control Unit (All versions < V4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a Denial-of-Service condition by breaking the real-time synchronization (IRT) of the affected installation. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf" } ] } diff --git a/2019/10xxx/CVE-2019-10934.json b/2019/10xxx/CVE-2019-10934.json index 9a00d6f779e..b486dff472a 100644 --- a/2019/10xxx/CVE-2019-10934.json +++ b/2019/10xxx/CVE-2019-10934.json @@ -66,15 +66,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions < V15.1 Upd 4), TIA Portal V16 (All versions). Changing the contents of a configuration file could allow an attacker to\nexecute arbitrary code with SYSTEM privileges.\n\nThe security vulnerability could be exploited by an attacker with a valid\naccount and limited access rights on the system. No user interaction is\nrequired.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions < V15.1 Upd 4), TIA Portal V16 (All versions). Changing the contents of a configuration file could allow an attacker to execute arbitrary code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system. No user interaction is required. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-629512.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-629512.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-629512.pdf" } ] } diff --git a/2019/10xxx/CVE-2019-10936.json b/2019/10xxx/CVE-2019-10936.json index f7d592685e6..a106a45ec70 100644 --- a/2019/10xxx/CVE-2019-10936.json +++ b/2019/10xxx/CVE-2019-10936.json @@ -536,15 +536,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions < V1.2.0), SIMATIC ET200AL (incl. SIPLUS variants) (All versions), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants) (All versions < V4.3.0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions < V4.2.2), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions < V4.2.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions < V4.2.1), SIMATIC ET200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP Mobile Panels (incl. SIPLUS variants) (All versions), SIMATIC PN/PN Coupler (incl. SIPLUS NET variants) (All versions), SIMATIC PROFINET Driver (All versions < V2.1), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 PN Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < 4.8), SINAMICS G150 Control Unit (All versions < 4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants) (All versions), SINAMICS S150 Control Unit (All versions < 4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker\nto trigger a denial-of-service condition. The vulnerability can be triggered \nif a large amount of specially crafted UDP packets are sent to device.\n\nThe security vulnerability could be exploited by an attacker with network \naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the device.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n" + "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions < V1.2.0), SIMATIC ET200AL (incl. SIPLUS variants) (All versions), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants) (All versions < V4.3.0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions < V4.2.2), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions < V4.2.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions < V4.2.1), SIMATIC ET200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP Mobile Panels (incl. SIPLUS variants) (All versions), SIMATIC PN/PN Coupler (incl. SIPLUS NET variants) (All versions), SIMATIC PROFINET Driver (All versions < V2.1), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 PN Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < 4.8), SINAMICS G150 Control Unit (All versions < 4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants) (All versions), SINAMICS S150 Control Unit (All versions < 4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of specially crafted UDP packets are sent to device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf" } ] } diff --git a/2019/10xxx/CVE-2019-10938.json b/2019/10xxx/CVE-2019-10938.json index a146ebb1046..9f692bd08b3 100644 --- a/2019/10xxx/CVE-2019-10938.json +++ b/2019/10xxx/CVE-2019-10938.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. \n\nAt the time of advisory publication no public exploitation of this security vulnerability was known.\n" + "value": "A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf" } ] } diff --git a/2019/10xxx/CVE-2019-10940.json b/2019/10xxx/CVE-2019-10940.json index f40596442da..8e68401d2fd 100644 --- a/2019/10xxx/CVE-2019-10940.json +++ b/2019/10xxx/CVE-2019-10940.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges,\nto perform firmware updates and other administrative operations on connected devices.\n\nThe security vulnerability could be exploited by an attacker with network access to the\naffected system. An attacker must have access to a low privileged account in order to exploit\nthe vulnerability. An attacker could use the vulnerability to compromise confidentiality,\nintegrity, and availability of the affected system and underlying components.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account in order to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity, and availability of the affected system and underlying components. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-880233.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-880233.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-880233.pdf" } ] } diff --git a/2019/13xxx/CVE-2019-13921.json b/2019/13xxx/CVE-2019-13921.json index 093b377d3fc..e3acf116257 100644 --- a/2019/13xxx/CVE-2019-13921.json +++ b/2019/13xxx/CVE-2019-13921.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions < SP3 Update 1). Affected versions of the software contain a vulnerability that could\nallow an unauthenticated attacker to trigger a denial-of-service\ncondition. The vulnerability can be triggered if a large HTTP request\nis sent to the executing service.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the service provided by the software.\n" + "value": "A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions < SP3 Update 1). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the service provided by the software." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf" } ] } diff --git a/2019/13xxx/CVE-2019-13933.json b/2019/13xxx/CVE-2019-13933.json index 30e3fd4be58..1e759f15a41 100644 --- a/2019/13xxx/CVE-2019-13933.json +++ b/2019/13xxx/CVE-2019-13933.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). Affected devices contain a vulnerability that allows an unauthenticated attacker\nto violate access-control rules. The vulnerability can be triggered\nby sending GET request to specific uniform resource locator on the\nweb configuration interface of the device. \n\nThe security vulnerability could be exploited by an attacker with network\naccess to the affected systems. An attacker could use the vulnerability\nto obtain sensitive information or change the device configuration.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n" + "value": "A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf" } ] } diff --git a/2019/13xxx/CVE-2019-13939.json b/2019/13xxx/CVE-2019-13939.json index a25165b2557..e26a1efee1d 100644 --- a/2019/13xxx/CVE-2019-13939.json +++ b/2019/13xxx/CVE-2019-13939.json @@ -8,72 +8,73 @@ "data_type": "CVE", "data_version": "4.0", "affects": { - "vendor" : { - "vendor_data" : [ + "vendor": { + "vendor_data": [ { "vendor_name": "Siemens AG", - "product" : { - "product_data" : [ + "product": { + "product_data": [ { "product_name": "Nucleus NET", - "version" : { - "version_data" : [ + "version": { + "version_data": [ { - "version_value" : "All versions" + "version_value": "All versions" } ] } }, { "product_name": "Nucleus RTOS", - "version" : { - "version_data" : [ + "version": { + "version_data": [ { - "version_value" : "All versions" + "version_value": "All versions" } ] } }, { "product_name": "Nucleus ReadyStart for ARM, MIPS, and PPC", - "version" : { - "version_data" : [ + "version": { + "version_data": [ { - "version_value" : "All versions < V2017.02.2 with patch \"Nucleus 2017.02.02 Nucleus NET Patch\"" + "version_value": "All versions < V2017.02.2 with patch \"Nucleus 2017.02.02 Nucleus NET Patch\"" } ] } }, { "product_name": "Nucleus SafetyCert", - "version" : { - "version_data" : [ + "version": { + "version_data": [ { - "version_value" : "All versions" + "version_value": "All versions" } ] } }, { "product_name": "Nucleus Source Code", - "version" : { - "version_data" : [ + "version": { + "version_data": [ { - "version_value" : "All versions" + "version_value": "All versions" } ] } }, { "product_name": "VSTAR", - "version" : { - "version_data" : [ + "version": { + "version_data": [ { - "version_value" : "All versions" + "version_value": "All versions" } ] } - } ] + } + ] } } ] @@ -92,10 +93,11 @@ ] }, "references": { - "reference_data": [ + "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf" } ] }, @@ -103,8 +105,8 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch \"Nucleus 2017.02.02 Nucleus NET Patch\"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), VSTAR (All versions). By sending specially crafted DHCP packets to a device, an attacker may be able to affect availability and integrity of the device. Adjacent network access, but no authentication and no user interaction is needed to conduct this attack.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch \"Nucleus 2017.02.02 Nucleus NET Patch\"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), VSTAR (All versions). By sending specially crafted DHCP packets to a device, an attacker may be able to affect availability and integrity of the device. Adjacent network access, but no authentication and no user interaction is needed to conduct this attack. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] } -} +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13942.json b/2019/13xxx/CVE-2019-13942.json index eaf259aad5e..a1ee7fa6143 100644 --- a/2019/13xxx/CVE-2019-13942.json +++ b/2019/13xxx/CVE-2019-13942.json @@ -86,15 +86,21 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). An unauthorized user could exploit a buffer overflow vulnerability in the webserver. Specially crafted packets sent could cause a Denial-of-Service condition and if certain conditions are met, the affected\ndevices must be restarted manually to fully recover. \n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). An unauthorized user could exploit a buffer overflow vulnerability in the webserver. Specially crafted packets sent could cause a Denial-of-Service condition and if certain conditions are met, the affected devices must be restarted manually to fully recover. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-344-07", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-07" } ] } diff --git a/2019/13xxx/CVE-2019-13943.json b/2019/13xxx/CVE-2019-13943.json index ef9361e326d..37abdcda4a8 100644 --- a/2019/13xxx/CVE-2019-13943.json +++ b/2019/13xxx/CVE-2019-13943.json @@ -86,15 +86,21 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify\ncontent of particular web pages, causing the application to behave in unexpected ways for legitimate\nusers. Successful exploitation does not require for an attacker to be authenticated to the web interface. \nThis could allow the attacker to read or modify contents of the web application.\n\nAt the time of advisory publication no public exploitation of this security.\nvulnerability was known. \n" + "value": "A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated to the web interface. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security. vulnerability was known." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-344-07", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-07" } ] } diff --git a/2019/13xxx/CVE-2019-13944.json b/2019/13xxx/CVE-2019-13944.json index 2d5e328b2ec..547215e0611 100644 --- a/2019/13xxx/CVE-2019-13944.json +++ b/2019/13xxx/CVE-2019-13944.json @@ -86,15 +86,21 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). A vulnerability in the integrated web server \nof the affected devices could allow unauthorized attackers to obtain sensitive \ninformation about the device, including logs and configurations.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). A vulnerability in the integrated web server of the affected devices could allow unauthorized attackers to obtain sensitive information about the device, including logs and configurations. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-344-07", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-07" } ] } diff --git a/2019/17xxx/CVE-2019-17016.json b/2019/17xxx/CVE-2019-17016.json index 18ed8a1582a..5baac559fcb 100644 --- a/2019/17xxx/CVE-2019-17016.json +++ b/2019/17xxx/CVE-2019-17016.json @@ -118,6 +118,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0060", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0120", + "url": "https://access.redhat.com/errata/RHSA-2020:0120" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0123", + "url": "https://access.redhat.com/errata/RHSA-2020:0123" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0127", + "url": "https://access.redhat.com/errata/RHSA-2020:0127" } ] }, diff --git a/2019/17xxx/CVE-2019-17017.json b/2019/17xxx/CVE-2019-17017.json index 953a5049a52..a21e1787663 100644 --- a/2019/17xxx/CVE-2019-17017.json +++ b/2019/17xxx/CVE-2019-17017.json @@ -118,6 +118,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0060", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0120", + "url": "https://access.redhat.com/errata/RHSA-2020:0120" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0123", + "url": "https://access.redhat.com/errata/RHSA-2020:0123" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0127", + "url": "https://access.redhat.com/errata/RHSA-2020:0127" } ] }, diff --git a/2019/17xxx/CVE-2019-17022.json b/2019/17xxx/CVE-2019-17022.json index cb93d3b8641..d527abf7335 100644 --- a/2019/17xxx/CVE-2019-17022.json +++ b/2019/17xxx/CVE-2019-17022.json @@ -118,6 +118,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0060", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0120", + "url": "https://access.redhat.com/errata/RHSA-2020:0120" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0123", + "url": "https://access.redhat.com/errata/RHSA-2020:0123" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0127", + "url": "https://access.redhat.com/errata/RHSA-2020:0127" } ] }, diff --git a/2019/17xxx/CVE-2019-17024.json b/2019/17xxx/CVE-2019-17024.json index 3c9f5fd9750..5f18e0aaabc 100644 --- a/2019/17xxx/CVE-2019-17024.json +++ b/2019/17xxx/CVE-2019-17024.json @@ -118,6 +118,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0060", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0120", + "url": "https://access.redhat.com/errata/RHSA-2020:0120" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0123", + "url": "https://access.redhat.com/errata/RHSA-2020:0123" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0127", + "url": "https://access.redhat.com/errata/RHSA-2020:0127" } ] }, diff --git a/2019/18xxx/CVE-2019-18282.json b/2019/18xxx/CVE-2019-18282.json new file mode 100644 index 00000000000..2e3d96f2b8a --- /dev/null +++ b/2019/18xxx/CVE-2019-18282.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashmd value as a secret, and because jhash (instead of siphash) is used. The hashmd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10", + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10" + }, + { + "refsource": "CONFIRM", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=55667441c84fa5e0911a0aac44fb059c15ba6da2", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=55667441c84fa5e0911a0aac44fb059c15ba6da2" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19278.json b/2019/19xxx/CVE-2019-19278.json index 8831bba911e..e2b98d7c963 100644 --- a/2019/19xxx/CVE-2019-19278.json +++ b/2019/19xxx/CVE-2019-19278.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 Drives\n\n MLFB 6SR32..-.....-....\n\n MLFB 6SR4...-.....-....\n\n MLFB 6SR5...-.....-....\n\n With option A30 (HMIs 12 inches or larger) (All versions), SINAMICS PERFECT HARMONY GH180 Drives\n\n MLFB 6SR325.-.....-.... (High Availability) (All versions). The affected device contains a vulnerability that could allow an unauthenticated attacker to restore\nthe affected device to a point where predefined application and operating system\nprotection mechanisms are not in place.\n\nSuccessful exploitation requires physical access to the system, but no\nsystem privileges and no user interaction. An attacker could use the\nvulnerability to compromise confidentialiy, integrity and availability\nof the device.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n" + "value": "A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR32..-.....-.... MLFB 6SR4...-.....-.... MLFB 6SR5...-.....-.... With option A30 (HMIs 12 inches or larger) (All versions), SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR325.-.....-.... (High Availability) (All versions). The affected device contains a vulnerability that could allow an unauthenticated attacker to restore the affected device to a point where predefined application and operating system protection mechanisms are not in place. Successful exploitation requires physical access to the system, but no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentialiy, integrity and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-242353.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-242353.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-242353.pdf" } ] } diff --git a/2019/3xxx/CVE-2019-3764.json b/2019/3xxx/CVE-2019-3764.json index cdea49186df..eb21837a31c 100644 --- a/2019/3xxx/CVE-2019-3764.json +++ b/2019/3xxx/CVE-2019-3764.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2019-11-04", - "ID": "CVE-2019-3764", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2019-11-04", + "ID": "CVE-2019-3764", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "Integrated Dell Remote Access Controller (iDRAC)", + "product_name": "Integrated Dell Remote Access Controller (iDRAC)", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "iDRAC7: 2.65.65.65, iDRAC8: 2.70.70.70, iDRAC9: 3.40.40.40 and 3.36.36.36" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes." + "lang": "eng", + "value": "Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes." } ] - }, + }, "impact": { "cvss": { - "baseScore": 5.0, - "baseSeverity": "Medium", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 5.0, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-285: Improper Authorization" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en" + "refsource": "MISC", + "url": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en", + "name": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en" } ] } diff --git a/2019/6xxx/CVE-2019-6567.json b/2019/6xxx/CVE-2019-6567.json index dc04acfbd03..797cb2116c7 100644 --- a/2019/6xxx/CVE-2019-6567.json +++ b/2019/6xxx/CVE-2019-6567.json @@ -76,15 +76,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker\nmay extract and recover device passwords from the device configuration.\n\nSuccessful exploitation requires access to a device configuration backup and\nimpacts confidentiality of the stored passwords.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n" + "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf" } ] } diff --git a/2019/6xxx/CVE-2019-6568.json b/2019/6xxx/CVE-2019-6568.json index 22e572decaf..4e07e84dbea 100644 --- a/2019/6xxx/CVE-2019-6568.json +++ b/2019/6xxx/CVE-2019-6568.json @@ -756,19 +756,21 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in CP1604, CP1616, CP343-1 Advanced (incl. SIPLUS NET variants), CP443-1 (incl. SIPLUS NET variants), CP443-1 Advanced (incl. SIPLUS NET variants), CP443-1 OPC UA (incl. SIPLUS NET variants), SIMATIC ET 200 SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (incl. SIPLUS variants), SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SINAMICS G130 V4.6 Control Unit, SINAMICS G130 V4.7 Control Unit, SINAMICS G130 V4.7 SP1 Control Unit, SINAMICS G130 V4.8 Control Unit, SINAMICS G130 V5.1 Control Unit, SINAMICS G130 V5.1 SP1 Control Unit, SINAMICS G150 V4.6 Control Unit, SINAMICS G150 V4.7 Control Unit, SINAMICS G150 V4.7 SP1 Control Unit, SINAMICS G150 V4.8 Control Unit, SINAMICS G150 V5.1 Control Unit, SINAMICS G150 V5.1 SP1 Control Unit, SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S150 V4.6 Control Unit, SINAMICS S150 V4.7 Control Unit, SINAMICS S150 V4.7 SP1 Control Unit, SINAMICS S150 V4.8 Control Unit, SINAMICS S150 V5.1 Control Unit, SINAMICS S150 V5.1 SP1 Control Unit, SINAMICS S210 V5.1 Control Unit, SINAMICS S210 V5.1 SP1 Control Unit, SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600 (incl. SIPLUS variants), TIM 1531 IRC (incl. SIPLUS variants). The webserver of the affected devices contains a vulnerability that may lead to\na denial-of-service condition. An attacker may cause a denial-of-service\nsituation which leads to a restart of the webserver of the affected device.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the device.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n" + "value": "A vulnerability has been identified in CP1604, CP1616, CP343-1 Advanced (incl. SIPLUS NET variants), CP443-1 (incl. SIPLUS NET variants), CP443-1 Advanced (incl. SIPLUS NET variants), CP443-1 OPC UA (incl. SIPLUS NET variants), SIMATIC ET 200 SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (incl. SIPLUS variants), SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SINAMICS G130 V4.6 Control Unit, SINAMICS G130 V4.7 Control Unit, SINAMICS G130 V4.7 SP1 Control Unit, SINAMICS G130 V4.8 Control Unit, SINAMICS G130 V5.1 Control Unit, SINAMICS G130 V5.1 SP1 Control Unit, SINAMICS G150 V4.6 Control Unit, SINAMICS G150 V4.7 Control Unit, SINAMICS G150 V4.7 SP1 Control Unit, SINAMICS G150 V4.8 Control Unit, SINAMICS G150 V5.1 Control Unit, SINAMICS G150 V5.1 SP1 Control Unit, SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S150 V4.6 Control Unit, SINAMICS S150 V4.7 Control Unit, SINAMICS S150 V4.7 SP1 Control Unit, SINAMICS S150 V4.8 Control Unit, SINAMICS S150 V5.1 Control Unit, SINAMICS S150 V5.1 SP1 Control Unit, SINAMICS S210 V5.1 Control Unit, SINAMICS S210 V5.1 SP1 Control Unit, SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600 (incl. SIPLUS variants), TIM 1531 IRC (incl. SIPLUS variants). The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf" }, { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf" } ] } diff --git a/2019/6xxx/CVE-2019-6569.json b/2019/6xxx/CVE-2019-6569.json index 317a7424569..3395acf9832 100644 --- a/2019/6xxx/CVE-2019-6569.json +++ b/2019/6xxx/CVE-2019-6569.json @@ -66,15 +66,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.4), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE XP/XC/XF-200 switch family (incl. SIPLUS NET variants) (All versions < V4.1). The monitor barrier of the affected products insufficiently blocks data from being\nforwarded over the mirror port into the mirrored network. An attacker might use\nthis behaviour to transmit malicious packets to systems in the mirrored network, \npossibly influencing their configuration and runtime behaviour. \n\nThe security vulnerability could be exploited by an attacker with network\naccess to the traffic-receiving network. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise the confidentiality and availability of the traffic-generating network.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n" + "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.4), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE XP/XC/XF-200 switch family (incl. SIPLUS NET variants) (All versions < V4.1). The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker might use this behaviour to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behaviour. The security vulnerability could be exploited by an attacker with network access to the traffic-receiving network. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the confidentiality and availability of the traffic-generating network. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-557804.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-557804.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-557804.pdf" } ] } diff --git a/2019/6xxx/CVE-2019-6575.json b/2019/6xxx/CVE-2019-6575.json index 062246fc012..47d73a2412d 100644 --- a/2019/6xxx/CVE-2019-6575.json +++ b/2019/6xxx/CVE-2019-6575.json @@ -206,15 +206,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC CP443-1 OPC UA (incl. SIPLUS NET variants) (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions), SIMATIC NET PC Software (All versions >= V7.1), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15-P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC-NMS (All versions), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp\ncould allow an unauthenticated remote attacker to cause a Denial-of-Service\ncondition of the OPC communication or crash the device.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the OPC communication.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n" + "value": "A vulnerability has been identified in SIMATIC CP443-1 OPC UA (incl. SIPLUS NET variants) (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions), SIMATIC NET PC Software (All versions >= V7.1), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15-P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC-NMS (All versions), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf" } ] } diff --git a/2020/2xxx/CVE-2020-2583.json b/2020/2xxx/CVE-2020-2583.json index 9a1970defc0..844bcaa51c3 100644 --- a/2020/2xxx/CVE-2020-2583.json +++ b/2020/2xxx/CVE-2020-2583.json @@ -61,6 +61,16 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0128", + "url": "https://access.redhat.com/errata/RHSA-2020:0128" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0122", + "url": "https://access.redhat.com/errata/RHSA-2020:0122" } ] } diff --git a/2020/2xxx/CVE-2020-2590.json b/2020/2xxx/CVE-2020-2590.json index 04d01e266ce..7db513d0713 100644 --- a/2020/2xxx/CVE-2020-2590.json +++ b/2020/2xxx/CVE-2020-2590.json @@ -61,6 +61,16 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0128", + "url": "https://access.redhat.com/errata/RHSA-2020:0128" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0122", + "url": "https://access.redhat.com/errata/RHSA-2020:0122" } ] } diff --git a/2020/2xxx/CVE-2020-2593.json b/2020/2xxx/CVE-2020-2593.json index b36fda31709..6a155a0dd10 100644 --- a/2020/2xxx/CVE-2020-2593.json +++ b/2020/2xxx/CVE-2020-2593.json @@ -61,6 +61,16 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0128", + "url": "https://access.redhat.com/errata/RHSA-2020:0128" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0122", + "url": "https://access.redhat.com/errata/RHSA-2020:0122" } ] } diff --git a/2020/2xxx/CVE-2020-2601.json b/2020/2xxx/CVE-2020-2601.json index be16fd71ca2..16b36c5da45 100644 --- a/2020/2xxx/CVE-2020-2601.json +++ b/2020/2xxx/CVE-2020-2601.json @@ -61,6 +61,16 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0128", + "url": "https://access.redhat.com/errata/RHSA-2020:0128" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0122", + "url": "https://access.redhat.com/errata/RHSA-2020:0122" } ] } diff --git a/2020/2xxx/CVE-2020-2604.json b/2020/2xxx/CVE-2020-2604.json index f3eeeff161d..daa7623c3e8 100644 --- a/2020/2xxx/CVE-2020-2604.json +++ b/2020/2xxx/CVE-2020-2604.json @@ -61,6 +61,16 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0128", + "url": "https://access.redhat.com/errata/RHSA-2020:0128" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0122", + "url": "https://access.redhat.com/errata/RHSA-2020:0122" } ] } diff --git a/2020/2xxx/CVE-2020-2654.json b/2020/2xxx/CVE-2020-2654.json index cd6b00d28fe..e012ccfb4c9 100644 --- a/2020/2xxx/CVE-2020-2654.json +++ b/2020/2xxx/CVE-2020-2654.json @@ -57,6 +57,16 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0128", + "url": "https://access.redhat.com/errata/RHSA-2020:0128" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0122", + "url": "https://access.redhat.com/errata/RHSA-2020:0122" } ] } diff --git a/2020/2xxx/CVE-2020-2655.json b/2020/2xxx/CVE-2020-2655.json index 495e0075814..43f970f3205 100644 --- a/2020/2xxx/CVE-2020-2655.json +++ b/2020/2xxx/CVE-2020-2655.json @@ -57,6 +57,16 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0128", + "url": "https://access.redhat.com/errata/RHSA-2020:0128" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0122", + "url": "https://access.redhat.com/errata/RHSA-2020:0122" } ] } From c498b25fff54b9ecbc8caefe3da474c26d78f578 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 16 Jan 2020 17:01:12 +0000 Subject: [PATCH 112/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7110.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7111.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7112.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7113.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7114.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7115.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7116.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7117.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7118.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7119.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7120.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7121.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7122.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7123.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7124.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7125.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7126.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7127.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7128.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7129.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7130.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7131.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7132.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7133.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7134.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7135.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7136.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7137.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7138.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7139.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7140.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7141.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7142.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7143.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7144.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7145.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7146.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7147.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7148.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7149.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7150.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7151.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7152.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7153.json | 18 ++++++++++++++++++ 44 files changed, 792 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7110.json create mode 100644 2020/7xxx/CVE-2020-7111.json create mode 100644 2020/7xxx/CVE-2020-7112.json create mode 100644 2020/7xxx/CVE-2020-7113.json create mode 100644 2020/7xxx/CVE-2020-7114.json create mode 100644 2020/7xxx/CVE-2020-7115.json create mode 100644 2020/7xxx/CVE-2020-7116.json create mode 100644 2020/7xxx/CVE-2020-7117.json create mode 100644 2020/7xxx/CVE-2020-7118.json create mode 100644 2020/7xxx/CVE-2020-7119.json create mode 100644 2020/7xxx/CVE-2020-7120.json create mode 100644 2020/7xxx/CVE-2020-7121.json create mode 100644 2020/7xxx/CVE-2020-7122.json create mode 100644 2020/7xxx/CVE-2020-7123.json create mode 100644 2020/7xxx/CVE-2020-7124.json create mode 100644 2020/7xxx/CVE-2020-7125.json create mode 100644 2020/7xxx/CVE-2020-7126.json create mode 100644 2020/7xxx/CVE-2020-7127.json create mode 100644 2020/7xxx/CVE-2020-7128.json create mode 100644 2020/7xxx/CVE-2020-7129.json create mode 100644 2020/7xxx/CVE-2020-7130.json create mode 100644 2020/7xxx/CVE-2020-7131.json create mode 100644 2020/7xxx/CVE-2020-7132.json create mode 100644 2020/7xxx/CVE-2020-7133.json create mode 100644 2020/7xxx/CVE-2020-7134.json create mode 100644 2020/7xxx/CVE-2020-7135.json create mode 100644 2020/7xxx/CVE-2020-7136.json create mode 100644 2020/7xxx/CVE-2020-7137.json create mode 100644 2020/7xxx/CVE-2020-7138.json create mode 100644 2020/7xxx/CVE-2020-7139.json create mode 100644 2020/7xxx/CVE-2020-7140.json create mode 100644 2020/7xxx/CVE-2020-7141.json create mode 100644 2020/7xxx/CVE-2020-7142.json create mode 100644 2020/7xxx/CVE-2020-7143.json create mode 100644 2020/7xxx/CVE-2020-7144.json create mode 100644 2020/7xxx/CVE-2020-7145.json create mode 100644 2020/7xxx/CVE-2020-7146.json create mode 100644 2020/7xxx/CVE-2020-7147.json create mode 100644 2020/7xxx/CVE-2020-7148.json create mode 100644 2020/7xxx/CVE-2020-7149.json create mode 100644 2020/7xxx/CVE-2020-7150.json create mode 100644 2020/7xxx/CVE-2020-7151.json create mode 100644 2020/7xxx/CVE-2020-7152.json create mode 100644 2020/7xxx/CVE-2020-7153.json diff --git a/2020/7xxx/CVE-2020-7110.json b/2020/7xxx/CVE-2020-7110.json new file mode 100644 index 00000000000..0c0e5c63d01 --- /dev/null +++ b/2020/7xxx/CVE-2020-7110.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7110", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7111.json b/2020/7xxx/CVE-2020-7111.json new file mode 100644 index 00000000000..744083fb065 --- /dev/null +++ b/2020/7xxx/CVE-2020-7111.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7111", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7112.json b/2020/7xxx/CVE-2020-7112.json new file mode 100644 index 00000000000..5e246b46dd3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7112.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7112", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7113.json b/2020/7xxx/CVE-2020-7113.json new file mode 100644 index 00000000000..82297effd12 --- /dev/null +++ b/2020/7xxx/CVE-2020-7113.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7113", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7114.json b/2020/7xxx/CVE-2020-7114.json new file mode 100644 index 00000000000..9b86b347e0f --- /dev/null +++ b/2020/7xxx/CVE-2020-7114.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7114", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7115.json b/2020/7xxx/CVE-2020-7115.json new file mode 100644 index 00000000000..f6e812aeb09 --- /dev/null +++ b/2020/7xxx/CVE-2020-7115.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7115", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7116.json b/2020/7xxx/CVE-2020-7116.json new file mode 100644 index 00000000000..434154e06a7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7116.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7116", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7117.json b/2020/7xxx/CVE-2020-7117.json new file mode 100644 index 00000000000..b8d88864cf0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7117.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7117", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7118.json b/2020/7xxx/CVE-2020-7118.json new file mode 100644 index 00000000000..c467398ed45 --- /dev/null +++ b/2020/7xxx/CVE-2020-7118.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7118", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7119.json b/2020/7xxx/CVE-2020-7119.json new file mode 100644 index 00000000000..ac19e247ef1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7119.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7119", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7120.json b/2020/7xxx/CVE-2020-7120.json new file mode 100644 index 00000000000..3dd59c39d6f --- /dev/null +++ b/2020/7xxx/CVE-2020-7120.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7120", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7121.json b/2020/7xxx/CVE-2020-7121.json new file mode 100644 index 00000000000..17ba5cbc608 --- /dev/null +++ b/2020/7xxx/CVE-2020-7121.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7121", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7122.json b/2020/7xxx/CVE-2020-7122.json new file mode 100644 index 00000000000..ed1c405115e --- /dev/null +++ b/2020/7xxx/CVE-2020-7122.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7122", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7123.json b/2020/7xxx/CVE-2020-7123.json new file mode 100644 index 00000000000..8b04959ff02 --- /dev/null +++ b/2020/7xxx/CVE-2020-7123.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7123", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7124.json b/2020/7xxx/CVE-2020-7124.json new file mode 100644 index 00000000000..ec9fb3be475 --- /dev/null +++ b/2020/7xxx/CVE-2020-7124.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7124", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7125.json b/2020/7xxx/CVE-2020-7125.json new file mode 100644 index 00000000000..46b970b347d --- /dev/null +++ b/2020/7xxx/CVE-2020-7125.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7125", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7126.json b/2020/7xxx/CVE-2020-7126.json new file mode 100644 index 00000000000..66f5f03de97 --- /dev/null +++ b/2020/7xxx/CVE-2020-7126.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7126", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7127.json b/2020/7xxx/CVE-2020-7127.json new file mode 100644 index 00000000000..8125a6088f8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7127.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7127", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7128.json b/2020/7xxx/CVE-2020-7128.json new file mode 100644 index 00000000000..17a901d59ae --- /dev/null +++ b/2020/7xxx/CVE-2020-7128.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7128", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7129.json b/2020/7xxx/CVE-2020-7129.json new file mode 100644 index 00000000000..2c79a3e647d --- /dev/null +++ b/2020/7xxx/CVE-2020-7129.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7129", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7130.json b/2020/7xxx/CVE-2020-7130.json new file mode 100644 index 00000000000..58d5a13f589 --- /dev/null +++ b/2020/7xxx/CVE-2020-7130.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7130", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7131.json b/2020/7xxx/CVE-2020-7131.json new file mode 100644 index 00000000000..63ebfa30bf1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7131.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7131", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7132.json b/2020/7xxx/CVE-2020-7132.json new file mode 100644 index 00000000000..4e3e1013b10 --- /dev/null +++ b/2020/7xxx/CVE-2020-7132.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7132", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7133.json b/2020/7xxx/CVE-2020-7133.json new file mode 100644 index 00000000000..5e0cd7261c0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7133.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7133", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7134.json b/2020/7xxx/CVE-2020-7134.json new file mode 100644 index 00000000000..0c4ae6f6494 --- /dev/null +++ b/2020/7xxx/CVE-2020-7134.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7134", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7135.json b/2020/7xxx/CVE-2020-7135.json new file mode 100644 index 00000000000..b8f42f53e5b --- /dev/null +++ b/2020/7xxx/CVE-2020-7135.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7135", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7136.json b/2020/7xxx/CVE-2020-7136.json new file mode 100644 index 00000000000..ffdd4f05ff2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7136.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7136", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7137.json b/2020/7xxx/CVE-2020-7137.json new file mode 100644 index 00000000000..975da46e505 --- /dev/null +++ b/2020/7xxx/CVE-2020-7137.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7137", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7138.json b/2020/7xxx/CVE-2020-7138.json new file mode 100644 index 00000000000..971f367f3d1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7138.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7138", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7139.json b/2020/7xxx/CVE-2020-7139.json new file mode 100644 index 00000000000..812fca703a2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7139.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7139", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7140.json b/2020/7xxx/CVE-2020-7140.json new file mode 100644 index 00000000000..8fac5841000 --- /dev/null +++ b/2020/7xxx/CVE-2020-7140.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7140", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7141.json b/2020/7xxx/CVE-2020-7141.json new file mode 100644 index 00000000000..b87c6301a7f --- /dev/null +++ b/2020/7xxx/CVE-2020-7141.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7141", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7142.json b/2020/7xxx/CVE-2020-7142.json new file mode 100644 index 00000000000..f8ddaaa098b --- /dev/null +++ b/2020/7xxx/CVE-2020-7142.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7142", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7143.json b/2020/7xxx/CVE-2020-7143.json new file mode 100644 index 00000000000..6bb0a7f7964 --- /dev/null +++ b/2020/7xxx/CVE-2020-7143.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7143", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7144.json b/2020/7xxx/CVE-2020-7144.json new file mode 100644 index 00000000000..9b05fc9bb54 --- /dev/null +++ b/2020/7xxx/CVE-2020-7144.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7144", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7145.json b/2020/7xxx/CVE-2020-7145.json new file mode 100644 index 00000000000..a4005bd85ff --- /dev/null +++ b/2020/7xxx/CVE-2020-7145.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7145", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7146.json b/2020/7xxx/CVE-2020-7146.json new file mode 100644 index 00000000000..b9a0d339d9a --- /dev/null +++ b/2020/7xxx/CVE-2020-7146.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7146", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7147.json b/2020/7xxx/CVE-2020-7147.json new file mode 100644 index 00000000000..d3ba762cbaf --- /dev/null +++ b/2020/7xxx/CVE-2020-7147.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7147", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7148.json b/2020/7xxx/CVE-2020-7148.json new file mode 100644 index 00000000000..e4895ef1fae --- /dev/null +++ b/2020/7xxx/CVE-2020-7148.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7148", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7149.json b/2020/7xxx/CVE-2020-7149.json new file mode 100644 index 00000000000..72585b510d7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7149.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7149", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7150.json b/2020/7xxx/CVE-2020-7150.json new file mode 100644 index 00000000000..4dd623b7b66 --- /dev/null +++ b/2020/7xxx/CVE-2020-7150.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7150", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7151.json b/2020/7xxx/CVE-2020-7151.json new file mode 100644 index 00000000000..c705a937fa0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7151.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7151", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7152.json b/2020/7xxx/CVE-2020-7152.json new file mode 100644 index 00000000000..5b23ab26549 --- /dev/null +++ b/2020/7xxx/CVE-2020-7152.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7152", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7153.json b/2020/7xxx/CVE-2020-7153.json new file mode 100644 index 00000000000..3f4587f4ad2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7153.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7153", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From c491315761ac08631b225a7ef86811e999ccc944 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 16 Jan 2020 17:01:32 +0000 Subject: [PATCH 113/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7154.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7155.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7156.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7157.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7158.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7159.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7160.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7161.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7162.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7163.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7164.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7165.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7166.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7167.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7168.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7169.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7170.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7171.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7172.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7173.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7174.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7175.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7176.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7177.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7178.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7179.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7180.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7181.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7182.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7183.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7184.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7185.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7186.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7187.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7188.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7189.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7190.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7191.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7192.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7193.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7194.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7195.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7196.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7197.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7198.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7199.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7200.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7201.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7202.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7203.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7204.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7205.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7206.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7207.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7208.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7209.json | 18 ++++++++++++++++++ 56 files changed, 1008 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7154.json create mode 100644 2020/7xxx/CVE-2020-7155.json create mode 100644 2020/7xxx/CVE-2020-7156.json create mode 100644 2020/7xxx/CVE-2020-7157.json create mode 100644 2020/7xxx/CVE-2020-7158.json create mode 100644 2020/7xxx/CVE-2020-7159.json create mode 100644 2020/7xxx/CVE-2020-7160.json create mode 100644 2020/7xxx/CVE-2020-7161.json create mode 100644 2020/7xxx/CVE-2020-7162.json create mode 100644 2020/7xxx/CVE-2020-7163.json create mode 100644 2020/7xxx/CVE-2020-7164.json create mode 100644 2020/7xxx/CVE-2020-7165.json create mode 100644 2020/7xxx/CVE-2020-7166.json create mode 100644 2020/7xxx/CVE-2020-7167.json create mode 100644 2020/7xxx/CVE-2020-7168.json create mode 100644 2020/7xxx/CVE-2020-7169.json create mode 100644 2020/7xxx/CVE-2020-7170.json create mode 100644 2020/7xxx/CVE-2020-7171.json create mode 100644 2020/7xxx/CVE-2020-7172.json create mode 100644 2020/7xxx/CVE-2020-7173.json create mode 100644 2020/7xxx/CVE-2020-7174.json create mode 100644 2020/7xxx/CVE-2020-7175.json create mode 100644 2020/7xxx/CVE-2020-7176.json create mode 100644 2020/7xxx/CVE-2020-7177.json create mode 100644 2020/7xxx/CVE-2020-7178.json create mode 100644 2020/7xxx/CVE-2020-7179.json create mode 100644 2020/7xxx/CVE-2020-7180.json create mode 100644 2020/7xxx/CVE-2020-7181.json create mode 100644 2020/7xxx/CVE-2020-7182.json create mode 100644 2020/7xxx/CVE-2020-7183.json create mode 100644 2020/7xxx/CVE-2020-7184.json create mode 100644 2020/7xxx/CVE-2020-7185.json create mode 100644 2020/7xxx/CVE-2020-7186.json create mode 100644 2020/7xxx/CVE-2020-7187.json create mode 100644 2020/7xxx/CVE-2020-7188.json create mode 100644 2020/7xxx/CVE-2020-7189.json create mode 100644 2020/7xxx/CVE-2020-7190.json create mode 100644 2020/7xxx/CVE-2020-7191.json create mode 100644 2020/7xxx/CVE-2020-7192.json create mode 100644 2020/7xxx/CVE-2020-7193.json create mode 100644 2020/7xxx/CVE-2020-7194.json create mode 100644 2020/7xxx/CVE-2020-7195.json create mode 100644 2020/7xxx/CVE-2020-7196.json create mode 100644 2020/7xxx/CVE-2020-7197.json create mode 100644 2020/7xxx/CVE-2020-7198.json create mode 100644 2020/7xxx/CVE-2020-7199.json create mode 100644 2020/7xxx/CVE-2020-7200.json create mode 100644 2020/7xxx/CVE-2020-7201.json create mode 100644 2020/7xxx/CVE-2020-7202.json create mode 100644 2020/7xxx/CVE-2020-7203.json create mode 100644 2020/7xxx/CVE-2020-7204.json create mode 100644 2020/7xxx/CVE-2020-7205.json create mode 100644 2020/7xxx/CVE-2020-7206.json create mode 100644 2020/7xxx/CVE-2020-7207.json create mode 100644 2020/7xxx/CVE-2020-7208.json create mode 100644 2020/7xxx/CVE-2020-7209.json diff --git a/2020/7xxx/CVE-2020-7154.json b/2020/7xxx/CVE-2020-7154.json new file mode 100644 index 00000000000..9aec677f3bc --- /dev/null +++ b/2020/7xxx/CVE-2020-7154.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7154", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7155.json b/2020/7xxx/CVE-2020-7155.json new file mode 100644 index 00000000000..8d44c1a723a --- /dev/null +++ b/2020/7xxx/CVE-2020-7155.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7155", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7156.json b/2020/7xxx/CVE-2020-7156.json new file mode 100644 index 00000000000..f56f32fb482 --- /dev/null +++ b/2020/7xxx/CVE-2020-7156.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7156", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7157.json b/2020/7xxx/CVE-2020-7157.json new file mode 100644 index 00000000000..6258ed71776 --- /dev/null +++ b/2020/7xxx/CVE-2020-7157.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7157", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7158.json b/2020/7xxx/CVE-2020-7158.json new file mode 100644 index 00000000000..3aee698f18f --- /dev/null +++ b/2020/7xxx/CVE-2020-7158.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7158", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7159.json b/2020/7xxx/CVE-2020-7159.json new file mode 100644 index 00000000000..7d132ed4d77 --- /dev/null +++ b/2020/7xxx/CVE-2020-7159.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7159", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7160.json b/2020/7xxx/CVE-2020-7160.json new file mode 100644 index 00000000000..4163f8406b5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7160.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7160", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7161.json b/2020/7xxx/CVE-2020-7161.json new file mode 100644 index 00000000000..c1e55a8add9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7161.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7161", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7162.json b/2020/7xxx/CVE-2020-7162.json new file mode 100644 index 00000000000..a28e4441efb --- /dev/null +++ b/2020/7xxx/CVE-2020-7162.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7162", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7163.json b/2020/7xxx/CVE-2020-7163.json new file mode 100644 index 00000000000..65a4f58ab7c --- /dev/null +++ b/2020/7xxx/CVE-2020-7163.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7163", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7164.json b/2020/7xxx/CVE-2020-7164.json new file mode 100644 index 00000000000..116459c8ece --- /dev/null +++ b/2020/7xxx/CVE-2020-7164.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7164", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7165.json b/2020/7xxx/CVE-2020-7165.json new file mode 100644 index 00000000000..eb103996f95 --- /dev/null +++ b/2020/7xxx/CVE-2020-7165.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7165", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7166.json b/2020/7xxx/CVE-2020-7166.json new file mode 100644 index 00000000000..794a6252301 --- /dev/null +++ b/2020/7xxx/CVE-2020-7166.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7166", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7167.json b/2020/7xxx/CVE-2020-7167.json new file mode 100644 index 00000000000..aa0c1ad8b18 --- /dev/null +++ b/2020/7xxx/CVE-2020-7167.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7167", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7168.json b/2020/7xxx/CVE-2020-7168.json new file mode 100644 index 00000000000..2552ceae62d --- /dev/null +++ b/2020/7xxx/CVE-2020-7168.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7168", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7169.json b/2020/7xxx/CVE-2020-7169.json new file mode 100644 index 00000000000..2f3789a80d5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7169.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7169", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7170.json b/2020/7xxx/CVE-2020-7170.json new file mode 100644 index 00000000000..1a17a5ea4a9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7170.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7170", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7171.json b/2020/7xxx/CVE-2020-7171.json new file mode 100644 index 00000000000..44850e402fe --- /dev/null +++ b/2020/7xxx/CVE-2020-7171.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7171", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7172.json b/2020/7xxx/CVE-2020-7172.json new file mode 100644 index 00000000000..d85f2f768af --- /dev/null +++ b/2020/7xxx/CVE-2020-7172.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7172", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7173.json b/2020/7xxx/CVE-2020-7173.json new file mode 100644 index 00000000000..1bd4a7b0920 --- /dev/null +++ b/2020/7xxx/CVE-2020-7173.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7173", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7174.json b/2020/7xxx/CVE-2020-7174.json new file mode 100644 index 00000000000..da937bbb429 --- /dev/null +++ b/2020/7xxx/CVE-2020-7174.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7174", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7175.json b/2020/7xxx/CVE-2020-7175.json new file mode 100644 index 00000000000..391f31b6a3c --- /dev/null +++ b/2020/7xxx/CVE-2020-7175.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7175", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7176.json b/2020/7xxx/CVE-2020-7176.json new file mode 100644 index 00000000000..609169bbad8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7176.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7176", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7177.json b/2020/7xxx/CVE-2020-7177.json new file mode 100644 index 00000000000..ae9ae38a833 --- /dev/null +++ b/2020/7xxx/CVE-2020-7177.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7177", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7178.json b/2020/7xxx/CVE-2020-7178.json new file mode 100644 index 00000000000..c38a1b5223c --- /dev/null +++ b/2020/7xxx/CVE-2020-7178.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7178", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7179.json b/2020/7xxx/CVE-2020-7179.json new file mode 100644 index 00000000000..a62b2b30d50 --- /dev/null +++ b/2020/7xxx/CVE-2020-7179.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7179", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7180.json b/2020/7xxx/CVE-2020-7180.json new file mode 100644 index 00000000000..9b66b1783de --- /dev/null +++ b/2020/7xxx/CVE-2020-7180.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7180", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7181.json b/2020/7xxx/CVE-2020-7181.json new file mode 100644 index 00000000000..4af8de4e893 --- /dev/null +++ b/2020/7xxx/CVE-2020-7181.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7181", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7182.json b/2020/7xxx/CVE-2020-7182.json new file mode 100644 index 00000000000..9a9100a838d --- /dev/null +++ b/2020/7xxx/CVE-2020-7182.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7182", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7183.json b/2020/7xxx/CVE-2020-7183.json new file mode 100644 index 00000000000..88aa9cf9c34 --- /dev/null +++ b/2020/7xxx/CVE-2020-7183.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7183", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7184.json b/2020/7xxx/CVE-2020-7184.json new file mode 100644 index 00000000000..739cc2f2e9b --- /dev/null +++ b/2020/7xxx/CVE-2020-7184.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7184", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7185.json b/2020/7xxx/CVE-2020-7185.json new file mode 100644 index 00000000000..7d476cafc64 --- /dev/null +++ b/2020/7xxx/CVE-2020-7185.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7185", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7186.json b/2020/7xxx/CVE-2020-7186.json new file mode 100644 index 00000000000..3a23dac9106 --- /dev/null +++ b/2020/7xxx/CVE-2020-7186.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7186", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7187.json b/2020/7xxx/CVE-2020-7187.json new file mode 100644 index 00000000000..671b5b71eb3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7187.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7187", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7188.json b/2020/7xxx/CVE-2020-7188.json new file mode 100644 index 00000000000..89010b57a20 --- /dev/null +++ b/2020/7xxx/CVE-2020-7188.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7188", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7189.json b/2020/7xxx/CVE-2020-7189.json new file mode 100644 index 00000000000..344d526111d --- /dev/null +++ b/2020/7xxx/CVE-2020-7189.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7189", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7190.json b/2020/7xxx/CVE-2020-7190.json new file mode 100644 index 00000000000..7d928ac6e48 --- /dev/null +++ b/2020/7xxx/CVE-2020-7190.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7190", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7191.json b/2020/7xxx/CVE-2020-7191.json new file mode 100644 index 00000000000..0498158529c --- /dev/null +++ b/2020/7xxx/CVE-2020-7191.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7191", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7192.json b/2020/7xxx/CVE-2020-7192.json new file mode 100644 index 00000000000..7dfb2c93426 --- /dev/null +++ b/2020/7xxx/CVE-2020-7192.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7192", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7193.json b/2020/7xxx/CVE-2020-7193.json new file mode 100644 index 00000000000..54550ed140e --- /dev/null +++ b/2020/7xxx/CVE-2020-7193.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7193", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7194.json b/2020/7xxx/CVE-2020-7194.json new file mode 100644 index 00000000000..4bd0a80c29e --- /dev/null +++ b/2020/7xxx/CVE-2020-7194.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7194", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7195.json b/2020/7xxx/CVE-2020-7195.json new file mode 100644 index 00000000000..4c8880cce3b --- /dev/null +++ b/2020/7xxx/CVE-2020-7195.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7195", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7196.json b/2020/7xxx/CVE-2020-7196.json new file mode 100644 index 00000000000..9fdc9fb38ac --- /dev/null +++ b/2020/7xxx/CVE-2020-7196.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7196", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7197.json b/2020/7xxx/CVE-2020-7197.json new file mode 100644 index 00000000000..8f870f5a34b --- /dev/null +++ b/2020/7xxx/CVE-2020-7197.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7197", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7198.json b/2020/7xxx/CVE-2020-7198.json new file mode 100644 index 00000000000..ff50d6543e2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7198.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7198", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7199.json b/2020/7xxx/CVE-2020-7199.json new file mode 100644 index 00000000000..f2b5ce5b30d --- /dev/null +++ b/2020/7xxx/CVE-2020-7199.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7199", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7200.json b/2020/7xxx/CVE-2020-7200.json new file mode 100644 index 00000000000..95093eee258 --- /dev/null +++ b/2020/7xxx/CVE-2020-7200.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7200", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7201.json b/2020/7xxx/CVE-2020-7201.json new file mode 100644 index 00000000000..a8338c543ed --- /dev/null +++ b/2020/7xxx/CVE-2020-7201.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7201", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7202.json b/2020/7xxx/CVE-2020-7202.json new file mode 100644 index 00000000000..1b3f371a0c7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7202.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7202", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7203.json b/2020/7xxx/CVE-2020-7203.json new file mode 100644 index 00000000000..0b9f8f23546 --- /dev/null +++ b/2020/7xxx/CVE-2020-7203.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7203", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7204.json b/2020/7xxx/CVE-2020-7204.json new file mode 100644 index 00000000000..cd253b8c649 --- /dev/null +++ b/2020/7xxx/CVE-2020-7204.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7204", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7205.json b/2020/7xxx/CVE-2020-7205.json new file mode 100644 index 00000000000..911957a5ed3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7205.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7205", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7206.json b/2020/7xxx/CVE-2020-7206.json new file mode 100644 index 00000000000..2ad46bd0228 --- /dev/null +++ b/2020/7xxx/CVE-2020-7206.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7206", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7207.json b/2020/7xxx/CVE-2020-7207.json new file mode 100644 index 00000000000..e39048d0586 --- /dev/null +++ b/2020/7xxx/CVE-2020-7207.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7207", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7208.json b/2020/7xxx/CVE-2020-7208.json new file mode 100644 index 00000000000..b43c3f7d680 --- /dev/null +++ b/2020/7xxx/CVE-2020-7208.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7208", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7209.json b/2020/7xxx/CVE-2020-7209.json new file mode 100644 index 00000000000..f4ab6412b8a --- /dev/null +++ b/2020/7xxx/CVE-2020-7209.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7209", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 917ad27d63dec178e4eba613c861e8de1dca67da Mon Sep 17 00:00:00 2001 From: username Date: Thu, 16 Jan 2020 12:41:22 -0500 Subject: [PATCH 114/387] Files for CVE-2019-9500 and CVE-2019-9503. --- 2019/9xxx/CVE-2019-9500.json | 87 ++++++++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9503.json | 87 ++++++++++++++++++++++++++++++++++-- 2 files changed, 168 insertions(+), 6 deletions(-) diff --git a/2019/9xxx/CVE-2019-9500.json b/2019/9xxx/CVE-2019-9500.json index 95d39b49410..6952f951544 100644 --- a/2019/9xxx/CVE-2019-9500.json +++ b/2019/9xxx/CVE-2019-9500.json @@ -1,8 +1,32 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2019-9500", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Broadcom brcmfmac driver is vulnerable to a heap buffer overflow" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "brcmfmac WiFi driver", + "version": { + "version_data": [ + { + "version_value": "commit prior to 1b5e2423164b3670e8bc9174e4762d297990deff" + } + ] + } + } + ] + }, + "vendor_name": "Broadcom" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +35,65 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.9, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122 Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html" + }, + { + "refsource": "CERT-VN", + "url": "https://kb.cert.org/vuls/id/166939/" + }, + { + "refsource": "MISC", + "url": "https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff" + } + ], + "source": { + "advisory": "VU#166939", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9503.json b/2019/9xxx/CVE-2019-9503.json index 5fa90749353..07f6ddfa5a1 100644 --- a/2019/9xxx/CVE-2019-9503.json +++ b/2019/9xxx/CVE-2019-9503.json @@ -1,8 +1,32 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2019-9503", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Broadcom brcmfmac driver is vulnerable to a frame validation bypass" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "brcmfmac WiFi driver", + "version": { + "version_data": [ + { + "version_value": "commit prior to a4176ec356c73a46c07c181c6d04039fafa34a9f" + } + ] + } + } + ] + }, + "vendor_name": "Broadcom" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +35,65 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.9, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html" + }, + { + "refsource": "CERT-VN", + "url": "https://kb.cert.org/vuls/id/166939/" + }, + { + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4176ec356c73a46c07c181c6d04039fafa34a9f" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4176ec356c73a46c07c181c6d04039fafa34a9f" + } + ], + "source": { + "advisory": "VU#166939", + "discovery": "UNKNOWN" } } \ No newline at end of file From f929793da169d6af09545af4736f6b269a15a40e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 16 Jan 2020 18:01:11 +0000 Subject: [PATCH 115/387] "-Synchronized-Data." --- 2010/3xxx/CVE-2010-3048.json | 50 +++++++++++++++++++++++++-- 2019/12xxx/CVE-2019-12423.json | 50 +++++++++++++++++++++++++-- 2019/13xxx/CVE-2019-13524.json | 62 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17573.json | 62 ++++++++++++++++++++++++++++++++++ 2019/1xxx/CVE-2019-1387.json | 5 +++ 2020/0xxx/CVE-2020-0601.json | 10 ++++++ 2020/0xxx/CVE-2020-0602.json | 5 +++ 2020/0xxx/CVE-2020-0603.json | 5 +++ 8 files changed, 243 insertions(+), 6 deletions(-) create mode 100644 2019/13xxx/CVE-2019-13524.json create mode 100644 2019/17xxx/CVE-2019-17573.json diff --git a/2010/3xxx/CVE-2010-3048.json b/2010/3xxx/CVE-2010-3048.json index f4a7bd51b06..cc5405277f6 100644 --- a/2010/3xxx/CVE-2010-3048.json +++ b/2010/3xxx/CVE-2010-3048.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2010-3048", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Unified Personal Communicator", + "version": { + "version_data": [ + { + "version_value": "7.0 (1.13056)" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cisco Unified Personal Communicator 7.0 (1.13056) does not free allocated memory for received data and does not perform validation if memory allocation is successful, causing a remote denial of service condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.fuzzmyapp.com/advisories/FMA-2010-002/FMA-2010-002-EN.xml", + "refsource": "MISC", + "name": "http://www.fuzzmyapp.com/advisories/FMA-2010-002/FMA-2010-002-EN.xml" } ] } diff --git a/2019/12xxx/CVE-2019-12423.json b/2019/12xxx/CVE-2019-12423.json index 6fb23b6b8f6..42132f3edf0 100644 --- a/2019/12xxx/CVE-2019-12423.json +++ b/2019/12xxx/CVE-2019-12423.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-12423", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "CXF", + "version": { + "version_data": [ + { + "version_value": "All versions of Apache CXF prior to 3.3.5 and 3.2.12." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://cxf.apache.org/security-advisories.data/CVE-2019-12423.txt.asc?version=1&modificationDate=1579178393000&api=v2", + "url": "http://cxf.apache.org/security-advisories.data/CVE-2019-12423.txt.asc?version=1&modificationDate=1579178393000&api=v2" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter \"rs.security.keystore.type\" to \"jwk\". For this case all keys are returned in this file \"as is\", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. \"oct\" keys, which contain secret keys, are not returned at all." } ] } diff --git a/2019/13xxx/CVE-2019-13524.json b/2019/13xxx/CVE-2019-13524.json new file mode 100644 index 00000000000..8c947c574b1 --- /dev/null +++ b/2019/13xxx/CVE-2019-13524.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-13524", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GE PACSystems RX3i", + "version": { + "version_data": [ + { + "version_value": "CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU320 All versions(End of Life)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER INPUT VALIDATION CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17573.json b/2019/17xxx/CVE-2019-17573.json new file mode 100644 index 00000000000..97de0467120 --- /dev/null +++ b/2019/17xxx/CVE-2019-17573.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17573", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "CXF", + "version": { + "version_data": [ + { + "version_value": "All versions of Apache CXF prior to 3.3.5 and 3.2.12." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://cxf.apache.org/security-advisories.data/CVE-2019-17573.txt.asc?version=1&modificationDate=1579178542000&api=v2", + "url": "http://cxf.apache.org/security-advisories.data/CVE-2019-17573.txt.asc?version=1&modificationDate=1579178542000&api=v2" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1387.json b/2019/1xxx/CVE-2019-1387.json index 8651d2f1f76..2a93ab8ba4a 100644 --- a/2019/1xxx/CVE-2019-1387.json +++ b/2019/1xxx/CVE-2019-1387.json @@ -93,6 +93,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-1cec196e20", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6UGTEOXWIYSM5KDZL74QD2GK6YQNQCP/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0124", + "url": "https://access.redhat.com/errata/RHSA-2020:0124" } ] }, diff --git a/2020/0xxx/CVE-2020-0601.json b/2020/0xxx/CVE-2020-0601.json index 48a205f4c45..c52f93eee2b 100644 --- a/2020/0xxx/CVE-2020-0601.json +++ b/2020/0xxx/CVE-2020-0601.json @@ -194,6 +194,16 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html", + "url": "http://packetstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html", + "url": "http://packetstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html" } ] } diff --git a/2020/0xxx/CVE-2020-0602.json b/2020/0xxx/CVE-2020-0602.json index 259e5db38df..141ee0754e3 100644 --- a/2020/0xxx/CVE-2020-0602.json +++ b/2020/0xxx/CVE-2020-0602.json @@ -62,6 +62,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0130", + "url": "https://access.redhat.com/errata/RHSA-2020:0130" } ] } diff --git a/2020/0xxx/CVE-2020-0603.json b/2020/0xxx/CVE-2020-0603.json index 237c93b457b..b0b793c1793 100644 --- a/2020/0xxx/CVE-2020-0603.json +++ b/2020/0xxx/CVE-2020-0603.json @@ -62,6 +62,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0130", + "url": "https://access.redhat.com/errata/RHSA-2020:0130" } ] } From d6654f5409819b8b77d7b07378c66d6c6bbad3bc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 16 Jan 2020 19:01:17 +0000 Subject: [PATCH 116/387] "-Synchronized-Data." --- 2019/11xxx/CVE-2019-11745.json | 5 ++++ 2019/11xxx/CVE-2019-11997.json | 53 ++++++++++++++++++++++++++++++++-- 2019/11xxx/CVE-2019-11998.json | 50 ++++++++++++++++++++++++++++++-- 2019/12xxx/CVE-2019-12423.json | 5 ++++ 2019/17xxx/CVE-2019-17005.json | 5 ++++ 2019/17xxx/CVE-2019-17008.json | 5 ++++ 2019/17xxx/CVE-2019-17010.json | 5 ++++ 2019/17xxx/CVE-2019-17011.json | 5 ++++ 2019/17xxx/CVE-2019-17012.json | 5 ++++ 2019/17xxx/CVE-2019-17016.json | 5 ++++ 2019/17xxx/CVE-2019-17017.json | 5 ++++ 2019/17xxx/CVE-2019-17022.json | 5 ++++ 2019/17xxx/CVE-2019-17024.json | 5 ++++ 2019/17xxx/CVE-2019-17573.json | 5 ++++ 2019/19xxx/CVE-2019-19781.json | 5 ++++ 2019/19xxx/CVE-2019-19833.json | 5 ++++ 2019/20xxx/CVE-2019-20204.json | 5 ++++ 2020/2xxx/CVE-2020-2096.json | 10 +++++++ 2020/2xxx/CVE-2020-2696.json | 5 ++++ 19 files changed, 187 insertions(+), 6 deletions(-) diff --git a/2019/11xxx/CVE-2019-11745.json b/2019/11xxx/CVE-2019-11745.json index ee4b6f38093..fb2df72abb5 100644 --- a/2019/11xxx/CVE-2019-11745.json +++ b/2019/11xxx/CVE-2019-11745.json @@ -98,6 +98,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0008", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4241-1", + "url": "https://usn.ubuntu.com/4241-1/" } ] }, diff --git a/2019/11xxx/CVE-2019-11997.json b/2019/11xxx/CVE-2019-11997.json index 5fbe0879ab6..472577e5f1f 100644 --- a/2019/11xxx/CVE-2019-11997.json +++ b/2019/11xxx/CVE-2019-11997.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11997", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HPE", + "product": { + "product_data": [ + { + "product_name": "HPE enhanced Internet Usage Manager (eIUM)", + "version": { + "version_data": [ + { + "version_value": "8.3" + }, + { + "version_value": "9.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote cross-site scripting (xss)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03975en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03975en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0. The vulnerability could be used for unauthorized access to information via cross site scripting. HPE has made the following software updates to resolve the vulnerability in eIUM. The eIUM 8.3 FP01 customers are advised to install eIUM83FP01Patch_QXCR1001711284.20190806-1244 patch. The eIUM 9.0 customers are advised to upgrade to eIUM 9.0 FP02 PI5 or later versions. For other versions, please, contact the product support." } ] } diff --git a/2019/11xxx/CVE-2019-11998.json b/2019/11xxx/CVE-2019-11998.json index 0e72ccc0dfc..cbd781af2a0 100644 --- a/2019/11xxx/CVE-2019-11998.json +++ b/2019/11xxx/CVE-2019-11998.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11998", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HPE", + "product": { + "product_data": [ + { + "product_name": "HPE Superdome Flex Server", + "version": { + "version_data": [ + { + "version_value": "Prior to v3.20.186" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "local multiple vulnerabilities" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03978en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03978en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input validation of administrator commands. This vulnerability could allow an Administrator to bypass security restrictions and access multiple remote vulnerabilities including information disclosure, or denial of service. HPE has provided firmware updates that address the above vulnerabilities for the HPE Superdome Flex Server starting with firmware version v3.20.186 (not available online) and v3.20.206 (available online). Apply v3.20.206 (4 December 2019) or a newer version to resolve this issue. Please visit HPE Support Center https://support.hpe.com/hpesc/public/home to obtain the updated firmware for your product." } ] } diff --git a/2019/12xxx/CVE-2019-12423.json b/2019/12xxx/CVE-2019-12423.json index 42132f3edf0..63fdb71ca59 100644 --- a/2019/12xxx/CVE-2019-12423.json +++ b/2019/12xxx/CVE-2019-12423.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "http://cxf.apache.org/security-advisories.data/CVE-2019-12423.txt.asc?version=1&modificationDate=1579178393000&api=v2", "url": "http://cxf.apache.org/security-advisories.data/CVE-2019-12423.txt.asc?version=1&modificationDate=1579178393000&api=v2" + }, + { + "refsource": "MLIST", + "name": "[announce] 20200116 [CVE-2019-12423] - Apache CXF OpenId Connect JWK Keys service returns private/secret credentials if configured with a jwk keystore", + "url": "https://lists.apache.org/thread.html/rd588ff96f18563aeb5f87ac8c6bce7aae86cb1a4d4be483f96e7208c@%3Cannounce.apache.org%3E" } ] }, diff --git a/2019/17xxx/CVE-2019-17005.json b/2019/17xxx/CVE-2019-17005.json index 226c74f4bd4..098a15c46ae 100644 --- a/2019/17xxx/CVE-2019-17005.json +++ b/2019/17xxx/CVE-2019-17005.json @@ -93,6 +93,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0002", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4241-1", + "url": "https://usn.ubuntu.com/4241-1/" } ] }, diff --git a/2019/17xxx/CVE-2019-17008.json b/2019/17xxx/CVE-2019-17008.json index bea1707f7a2..a874354c825 100644 --- a/2019/17xxx/CVE-2019-17008.json +++ b/2019/17xxx/CVE-2019-17008.json @@ -93,6 +93,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0002", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4241-1", + "url": "https://usn.ubuntu.com/4241-1/" } ] }, diff --git a/2019/17xxx/CVE-2019-17010.json b/2019/17xxx/CVE-2019-17010.json index 69ed4101082..7e19ae1bbe0 100644 --- a/2019/17xxx/CVE-2019-17010.json +++ b/2019/17xxx/CVE-2019-17010.json @@ -93,6 +93,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0002", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4241-1", + "url": "https://usn.ubuntu.com/4241-1/" } ] }, diff --git a/2019/17xxx/CVE-2019-17011.json b/2019/17xxx/CVE-2019-17011.json index 1ffca517077..39c415b6b4d 100644 --- a/2019/17xxx/CVE-2019-17011.json +++ b/2019/17xxx/CVE-2019-17011.json @@ -93,6 +93,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0002", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4241-1", + "url": "https://usn.ubuntu.com/4241-1/" } ] }, diff --git a/2019/17xxx/CVE-2019-17012.json b/2019/17xxx/CVE-2019-17012.json index 03df1580c52..613fedfa357 100644 --- a/2019/17xxx/CVE-2019-17012.json +++ b/2019/17xxx/CVE-2019-17012.json @@ -93,6 +93,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0002", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4241-1", + "url": "https://usn.ubuntu.com/4241-1/" } ] }, diff --git a/2019/17xxx/CVE-2019-17016.json b/2019/17xxx/CVE-2019-17016.json index 5baac559fcb..883b9e8daaa 100644 --- a/2019/17xxx/CVE-2019-17016.json +++ b/2019/17xxx/CVE-2019-17016.json @@ -133,6 +133,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0127", "url": "https://access.redhat.com/errata/RHSA-2020:0127" + }, + { + "refsource": "UBUNTU", + "name": "USN-4241-1", + "url": "https://usn.ubuntu.com/4241-1/" } ] }, diff --git a/2019/17xxx/CVE-2019-17017.json b/2019/17xxx/CVE-2019-17017.json index a21e1787663..36d62b36c8b 100644 --- a/2019/17xxx/CVE-2019-17017.json +++ b/2019/17xxx/CVE-2019-17017.json @@ -133,6 +133,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0127", "url": "https://access.redhat.com/errata/RHSA-2020:0127" + }, + { + "refsource": "UBUNTU", + "name": "USN-4241-1", + "url": "https://usn.ubuntu.com/4241-1/" } ] }, diff --git a/2019/17xxx/CVE-2019-17022.json b/2019/17xxx/CVE-2019-17022.json index d527abf7335..c6629e5e5cc 100644 --- a/2019/17xxx/CVE-2019-17022.json +++ b/2019/17xxx/CVE-2019-17022.json @@ -133,6 +133,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0127", "url": "https://access.redhat.com/errata/RHSA-2020:0127" + }, + { + "refsource": "UBUNTU", + "name": "USN-4241-1", + "url": "https://usn.ubuntu.com/4241-1/" } ] }, diff --git a/2019/17xxx/CVE-2019-17024.json b/2019/17xxx/CVE-2019-17024.json index 5f18e0aaabc..93ef8be30f2 100644 --- a/2019/17xxx/CVE-2019-17024.json +++ b/2019/17xxx/CVE-2019-17024.json @@ -133,6 +133,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0127", "url": "https://access.redhat.com/errata/RHSA-2020:0127" + }, + { + "refsource": "UBUNTU", + "name": "USN-4241-1", + "url": "https://usn.ubuntu.com/4241-1/" } ] }, diff --git a/2019/17xxx/CVE-2019-17573.json b/2019/17xxx/CVE-2019-17573.json index 97de0467120..7cfbdd511ae 100644 --- a/2019/17xxx/CVE-2019-17573.json +++ b/2019/17xxx/CVE-2019-17573.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "http://cxf.apache.org/security-advisories.data/CVE-2019-17573.txt.asc?version=1&modificationDate=1579178542000&api=v2", "url": "http://cxf.apache.org/security-advisories.data/CVE-2019-17573.txt.asc?version=1&modificationDate=1579178542000&api=v2" + }, + { + "refsource": "MLIST", + "name": "[announce] 20200116 [CVE-2019-17573] Apache CXF Reflected XSS in the services listing page", + "url": "https://lists.apache.org/thread.html/rf3b50583fefce2810cbd37c3d358cbcd9a03e750005950bf54546194@%3Cannounce.apache.org%3E" } ] }, diff --git a/2019/19xxx/CVE-2019-19781.json b/2019/19xxx/CVE-2019-19781.json index 2429cac376d..0c6c6f87e15 100644 --- a/2019/19xxx/CVE-2019-19781.json +++ b/2019/19xxx/CVE-2019-19781.json @@ -96,6 +96,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html", + "url": "http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html" } ] } diff --git a/2019/19xxx/CVE-2019-19833.json b/2019/19xxx/CVE-2019-19833.json index cb28b346e81..69abf5b7ff8 100644 --- a/2019/19xxx/CVE-2019-19833.json +++ b/2019/19xxx/CVE-2019-19833.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155710/Tautulli-2.1.9-Cross-Site-Request-Forgery.html", "url": "http://packetstormsecurity.com/files/155710/Tautulli-2.1.9-Cross-Site-Request-Forgery.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155974/Tautulli-2.1.9-Denial-Of-Service.html", + "url": "http://packetstormsecurity.com/files/155974/Tautulli-2.1.9-Denial-Of-Service.html" } ] } diff --git a/2019/20xxx/CVE-2019-20204.json b/2019/20xxx/CVE-2019-20204.json index bfed6577496..4affca536ed 100644 --- a/2019/20xxx/CVE-2019-20204.json +++ b/2019/20xxx/CVE-2019-20204.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://wpvulndb.com/vulnerabilities/10002", "url": "https://wpvulndb.com/vulnerabilities/10002" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155973/WordPress-Postie-1.9.40-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/155973/WordPress-Postie-1.9.40-Cross-Site-Scripting.html" } ] } diff --git a/2020/2xxx/CVE-2020-2096.json b/2020/2xxx/CVE-2020-2096.json index 6da437e8dba..c31ee490eee 100644 --- a/2020/2xxx/CVE-2020-2096.json +++ b/2020/2xxx/CVE-2020-2096.json @@ -61,6 +61,16 @@ "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683", "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155967/Jenkins-Gitlab-Hook-1.4.2-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/155967/Jenkins-Gitlab-Hook-1.4.2-Cross-Site-Scripting.html" } ] } diff --git a/2020/2xxx/CVE-2020-2696.json b/2020/2xxx/CVE-2020-2696.json index a6b2ecc20c2..7e326423315 100644 --- a/2020/2xxx/CVE-2020-2696.json +++ b/2020/2xxx/CVE-2020-2696.json @@ -57,6 +57,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155963/SunOS-5.10-Generic_147148-26-Local-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/155963/SunOS-5.10-Generic_147148-26-Local-Privilege-Escalation.html" } ] } From 9a115a7353d22a063c2b226b39acc16684a52135 Mon Sep 17 00:00:00 2001 From: Bill Situ Date: Thu, 16 Jan 2020 11:38:23 -0800 Subject: [PATCH 117/387] Bill Situ Oracle Critical Patch Update Advisory - January 2020 Rev 2 On branch cna/OracleCPU2020JanRev2 Changes to be committed: modified: 2020/2xxx/CVE-2020-2518.json --- 2020/2xxx/CVE-2020-2518.json | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/2020/2xxx/CVE-2020-2518.json b/2020/2xxx/CVE-2020-2518.json index f791dd414dd..7859774e195 100644 --- a/2020/2xxx/CVE-2020-2518.json +++ b/2020/2xxx/CVE-2020-2518.json @@ -19,15 +19,11 @@ "version_affected": "=" }, { - "version_value": "12.1.0.11", + "version_value": "12.1.0.2", "version_affected": "=" }, { - "version_value": "29", - "version_affected": "=" - }, - { - "version_value": "212.2.0.1", + "version_value": "12.2.0.1", "version_affected": "=" }, { @@ -55,7 +51,7 @@ "description_data": [ { "lang": "eng", - "value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.11,29,212.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)." + "value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)." } ] }, From 4c9c8c6324a36c2b5a0ef25725652a0885601d70 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 16 Jan 2020 20:01:09 +0000 Subject: [PATCH 118/387] "-Synchronized-Data." --- 2016/10xxx/CVE-2016-10735.json | 10 ++++++++++ 2018/20xxx/CVE-2018-20676.json | 10 ++++++++++ 2018/20xxx/CVE-2018-20677.json | 10 ++++++++++ 2019/0xxx/CVE-2019-0205.json | 5 +++++ 2020/0xxx/CVE-2020-0602.json | 5 +++++ 2020/0xxx/CVE-2020-0603.json | 5 +++++ 6 files changed, 45 insertions(+) diff --git a/2016/10xxx/CVE-2016-10735.json b/2016/10xxx/CVE-2016-10735.json index 67924268322..a8b7a7bfcab 100644 --- a/2016/10xxx/CVE-2016-10735.json +++ b/2016/10xxx/CVE-2016-10735.json @@ -101,6 +101,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:3023", "url": "https://access.redhat.com/errata/RHSA-2019:3023" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0132", + "url": "https://access.redhat.com/errata/RHSA-2020:0132" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0133", + "url": "https://access.redhat.com/errata/RHSA-2020:0133" } ] } diff --git a/2018/20xxx/CVE-2018-20676.json b/2018/20xxx/CVE-2018-20676.json index 05d085ec15d..47cd30ecb7d 100644 --- a/2018/20xxx/CVE-2018-20676.json +++ b/2018/20xxx/CVE-2018-20676.json @@ -96,6 +96,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:3023", "url": "https://access.redhat.com/errata/RHSA-2019:3023" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0132", + "url": "https://access.redhat.com/errata/RHSA-2020:0132" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0133", + "url": "https://access.redhat.com/errata/RHSA-2020:0133" } ] } diff --git a/2018/20xxx/CVE-2018-20677.json b/2018/20xxx/CVE-2018-20677.json index f17331a1b89..febe2f56453 100644 --- a/2018/20xxx/CVE-2018-20677.json +++ b/2018/20xxx/CVE-2018-20677.json @@ -101,6 +101,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:3023", "url": "https://access.redhat.com/errata/RHSA-2019:3023" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0132", + "url": "https://access.redhat.com/errata/RHSA-2020:0132" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0133", + "url": "https://access.redhat.com/errata/RHSA-2020:0133" } ] } diff --git a/2019/0xxx/CVE-2019-0205.json b/2019/0xxx/CVE-2019-0205.json index 991095b4142..ccf111533b3 100644 --- a/2019/0xxx/CVE-2019-0205.json +++ b/2019/0xxx/CVE-2019-0205.json @@ -93,6 +93,11 @@ "refsource": "MLIST", "name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15420) CVE-2019-0205(Apache Thrift all versions up to and including 0.12.0) on version Cassendra 3.11.4", "url": "https://lists.apache.org/thread.html/003ac686189e6ce7b99267784d04bf60059a8c323eeda5a79a0309b8@%3Ccommits.cassandra.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[hive-dev] 20200116 [jira] [Created] (HIVE-22738) CVE-2019-0205", + "url": "https://lists.apache.org/thread.html/r50bf84c60867574238d18cdad5da9f303b618114c35566a3a001ae08@%3Cdev.hive.apache.org%3E" } ] }, diff --git a/2020/0xxx/CVE-2020-0602.json b/2020/0xxx/CVE-2020-0602.json index 141ee0754e3..5d7578b8eeb 100644 --- a/2020/0xxx/CVE-2020-0602.json +++ b/2020/0xxx/CVE-2020-0602.json @@ -67,6 +67,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0130", "url": "https://access.redhat.com/errata/RHSA-2020:0130" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0134", + "url": "https://access.redhat.com/errata/RHSA-2020:0134" } ] } diff --git a/2020/0xxx/CVE-2020-0603.json b/2020/0xxx/CVE-2020-0603.json index b0b793c1793..aba55ce6099 100644 --- a/2020/0xxx/CVE-2020-0603.json +++ b/2020/0xxx/CVE-2020-0603.json @@ -67,6 +67,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0130", "url": "https://access.redhat.com/errata/RHSA-2020:0130" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0134", + "url": "https://access.redhat.com/errata/RHSA-2020:0134" } ] } From 3ef5e138859a074cc0dfd666110b1fab92f29dd6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 16 Jan 2020 21:01:15 +0000 Subject: [PATCH 119/387] "-Synchronized-Data." --- 2018/8xxx/CVE-2018-8828.json | 5 +++ 2019/9xxx/CVE-2019-9500.json | 17 ++++---- 2019/9xxx/CVE-2019-9503.json | 17 ++++---- 2020/7xxx/CVE-2020-7047.json | 80 +++++++++++++++++++++++++++++++++--- 2020/7xxx/CVE-2020-7048.json | 80 +++++++++++++++++++++++++++++++++--- 2020/7xxx/CVE-2020-7210.json | 18 ++++++++ 2020/7xxx/CVE-2020-7211.json | 18 ++++++++ 2020/7xxx/CVE-2020-7212.json | 18 ++++++++ 8 files changed, 227 insertions(+), 26 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7210.json create mode 100644 2020/7xxx/CVE-2020-7211.json create mode 100644 2020/7xxx/CVE-2020-7212.json diff --git a/2018/8xxx/CVE-2018-8828.json b/2018/8xxx/CVE-2018-8828.json index d9a7fcee575..27b7f90f25d 100644 --- a/2018/8xxx/CVE-2018-8828.json +++ b/2018/8xxx/CVE-2018-8828.json @@ -66,6 +66,11 @@ "name": "DSA-4148", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4148" + }, + { + "refsource": "UBUNTU", + "name": "USN-4240-1", + "url": "https://usn.ubuntu.com/4240-1/" } ] } diff --git a/2019/9xxx/CVE-2019-9500.json b/2019/9xxx/CVE-2019-9500.json index 6952f951544..06915d9c3ad 100644 --- a/2019/9xxx/CVE-2019-9500.json +++ b/2019/9xxx/CVE-2019-9500.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions." + "value": "The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions." } ] }, @@ -74,15 +74,18 @@ "reference_data": [ { "refsource": "MISC", - "url": "https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html" - }, - { - "refsource": "CERT-VN", - "url": "https://kb.cert.org/vuls/id/166939/" + "url": "https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html", + "name": "https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html" }, { "refsource": "MISC", - "url": "https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff" + "url": "https://kb.cert.org/vuls/id/166939/", + "name": "https://kb.cert.org/vuls/id/166939/" + }, + { + "refsource": "MISC", + "url": "https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff", + "name": "https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff" } ] }, diff --git a/2019/9xxx/CVE-2019-9503.json b/2019/9xxx/CVE-2019-9503.json index 07f6ddfa5a1..3dd76f83a23 100644 --- a/2019/9xxx/CVE-2019-9503.json +++ b/2019/9xxx/CVE-2019-9503.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions." + "value": "The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions." } ] }, @@ -74,15 +74,18 @@ "reference_data": [ { "refsource": "MISC", - "url": "https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html" - }, - { - "refsource": "CERT-VN", - "url": "https://kb.cert.org/vuls/id/166939/" + "url": "https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html", + "name": "https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html" }, { "refsource": "MISC", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4176ec356c73a46c07c181c6d04039fafa34a9f" + "url": "https://kb.cert.org/vuls/id/166939/", + "name": "https://kb.cert.org/vuls/id/166939/" + }, + { + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4176ec356c73a46c07c181c6d04039fafa34a9f", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4176ec356c73a46c07c181c6d04039fafa34a9f" } ] }, diff --git a/2020/7xxx/CVE-2020-7047.json b/2020/7xxx/CVE-2020-7047.json index 8d726e6cf63..c0d7ab2d2fd 100644 --- a/2020/7xxx/CVE-2020-7047.json +++ b/2020/7xxx/CVE-2020-7047.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7047", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7047", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wordpress-database-reset/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wordpress-database-reset/#developers" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10028", + "url": "https://wpvulndb.com/vulnerabilities/10028" + }, + { + "refsource": "MISC", + "name": "https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/", + "url": "https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7048.json b/2020/7xxx/CVE-2020-7048.json index dd183a96aa7..50d34c4bedd 100644 --- a/2020/7xxx/CVE-2020-7048.json +++ b/2020/7xxx/CVE-2020-7048.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7048", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7048", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wordpress-database-reset/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wordpress-database-reset/#developers" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10027", + "url": "https://wpvulndb.com/vulnerabilities/10027" + }, + { + "refsource": "MISC", + "name": "https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/", + "url": "https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:N/I:H/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7210.json b/2020/7xxx/CVE-2020-7210.json new file mode 100644 index 00000000000..153278a7790 --- /dev/null +++ b/2020/7xxx/CVE-2020-7210.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7210", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7211.json b/2020/7xxx/CVE-2020-7211.json new file mode 100644 index 00000000000..5d24faf901b --- /dev/null +++ b/2020/7xxx/CVE-2020-7211.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7211", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7212.json b/2020/7xxx/CVE-2020-7212.json new file mode 100644 index 00000000000..cc7936e9ae6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7212.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7212", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From e4c0199285d385ac0f6664212d2f21502c7e4236 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 16 Jan 2020 22:01:17 +0000 Subject: [PATCH 120/387] "-Synchronized-Data." --- 2018/18xxx/CVE-2018-18246.json | 5 +++ 2018/18xxx/CVE-2018-18247.json | 5 +++ 2018/18xxx/CVE-2018-18248.json | 5 +++ 2018/18xxx/CVE-2018-18249.json | 5 +++ 2018/18xxx/CVE-2018-18250.json | 5 +++ 2019/5xxx/CVE-2019-5126.json | 58 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5130.json | 58 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5131.json | 58 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5145.json | 58 ++++++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7107.json | 5 +++ 2020/7xxx/CVE-2020-7213.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7214.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7215.json | 18 +++++++++++ 13 files changed, 288 insertions(+), 28 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7213.json create mode 100644 2020/7xxx/CVE-2020-7214.json create mode 100644 2020/7xxx/CVE-2020-7215.json diff --git a/2018/18xxx/CVE-2018-18246.json b/2018/18xxx/CVE-2018-18246.json index 738d7e3d74e..e80d4eb5ce7 100644 --- a/2018/18xxx/CVE-2018-18246.json +++ b/2018/18xxx/CVE-2018-18246.json @@ -56,6 +56,11 @@ "name": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180027.txt", "refsource": "MISC", "url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180027.txt" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0067", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00031.html" } ] } diff --git a/2018/18xxx/CVE-2018-18247.json b/2018/18xxx/CVE-2018-18247.json index f16e86c14a9..1955df29ad3 100644 --- a/2018/18xxx/CVE-2018-18247.json +++ b/2018/18xxx/CVE-2018-18247.json @@ -56,6 +56,11 @@ "name": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180029.txt", "refsource": "MISC", "url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180029.txt" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0067", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00031.html" } ] } diff --git a/2018/18xxx/CVE-2018-18248.json b/2018/18xxx/CVE-2018-18248.json index fcaea44e7b8..3011f2855c3 100644 --- a/2018/18xxx/CVE-2018-18248.json +++ b/2018/18xxx/CVE-2018-18248.json @@ -56,6 +56,11 @@ "name": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180028.txt", "refsource": "MISC", "url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180028.txt" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0067", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00031.html" } ] } diff --git a/2018/18xxx/CVE-2018-18249.json b/2018/18xxx/CVE-2018-18249.json index 8b0fc20e3c0..d84db96d41e 100644 --- a/2018/18xxx/CVE-2018-18249.json +++ b/2018/18xxx/CVE-2018-18249.json @@ -56,6 +56,11 @@ "name": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180030.txt", "refsource": "MISC", "url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180030.txt" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0067", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00031.html" } ] } diff --git a/2018/18xxx/CVE-2018-18250.json b/2018/18xxx/CVE-2018-18250.json index b7558e17c00..3950792bb58 100644 --- a/2018/18xxx/CVE-2018-18250.json +++ b/2018/18xxx/CVE-2018-18250.json @@ -56,6 +56,11 @@ "name": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180030.txt", "refsource": "MISC", "url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180030.txt" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0067", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00031.html" } ] } diff --git a/2019/5xxx/CVE-2019-5126.json b/2019/5xxx/CVE-2019-5126.json index ba7bd8a317f..74e5cb0aeb4 100644 --- a/2019/5xxx/CVE-2019-5126.json +++ b/2019/5xxx/CVE-2019-5126.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5126", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5126", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Foxit", + "version": { + "version_data": [ + { + "version_value": "Foxit Software Foxit PDF Reader 9.7.0.29435." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0915", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0915" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." } ] } diff --git a/2019/5xxx/CVE-2019-5130.json b/2019/5xxx/CVE-2019-5130.json index 9fc397aea3a..9485cecfc67 100644 --- a/2019/5xxx/CVE-2019-5130.json +++ b/2019/5xxx/CVE-2019-5130.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5130", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5130", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Foxit", + "version": { + "version_data": [ + { + "version_value": "Foxit Software Foxit PDF Reader 9.7.0.29435" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0935", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0935" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." } ] } diff --git a/2019/5xxx/CVE-2019-5131.json b/2019/5xxx/CVE-2019-5131.json index a3d972a7aea..f39d2b6fc3d 100644 --- a/2019/5xxx/CVE-2019-5131.json +++ b/2019/5xxx/CVE-2019-5131.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5131", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5131", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Foxit", + "version": { + "version_data": [ + { + "version_value": "Foxit Software Foxit PDF Reader 9.7.0.29435." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0920", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0920" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." } ] } diff --git a/2019/5xxx/CVE-2019-5145.json b/2019/5xxx/CVE-2019-5145.json index 729250d66de..de7caf816ea 100644 --- a/2019/5xxx/CVE-2019-5145.json +++ b/2019/5xxx/CVE-2019-5145.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5145", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5145", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Foxit", + "version": { + "version_data": [ + { + "version_value": "Foxit Software Foxit PDF Reader 9.7.0.29435" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0934", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0934" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." } ] } diff --git a/2020/7xxx/CVE-2020-7107.json b/2020/7xxx/CVE-2020-7107.json index 052f42dfaa3..24d5b8b5e9c 100644 --- a/2020/7xxx/CVE-2020-7107.json +++ b/2020/7xxx/CVE-2020-7107.json @@ -57,6 +57,11 @@ "refsource": "MISC", "name": "https://wordpress.org/plugins/ultimate-faqs/#developers" }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10006", + "url": "https://wpvulndb.com/vulnerabilities/10006" + }, { "url": "https://plugins.trac.wordpress.org/changeset/2222959/ultimate-faqs/tags/1.8.30/Shortcodes/DisplayFAQs.php", "refsource": "MISC", diff --git a/2020/7xxx/CVE-2020-7213.json b/2020/7xxx/CVE-2020-7213.json new file mode 100644 index 00000000000..e247fd6d2bb --- /dev/null +++ b/2020/7xxx/CVE-2020-7213.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7213", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7214.json b/2020/7xxx/CVE-2020-7214.json new file mode 100644 index 00000000000..3126a8f68b4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7214.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7214", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7215.json b/2020/7xxx/CVE-2020-7215.json new file mode 100644 index 00000000000..c19b4c8590c --- /dev/null +++ b/2020/7xxx/CVE-2020-7215.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7215", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 60cc3c3a0bb3477c21c575c295a6158ad0c8b62d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 16 Jan 2020 23:01:07 +0000 Subject: [PATCH 121/387] "-Synchronized-Data." --- 2018/16xxx/CVE-2018-16803.json | 5 +++ 2019/14xxx/CVE-2019-14287.json | 5 +++ 2019/3xxx/CVE-2019-3997.json | 58 +++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7039.json | 71 +++++++++++++++++++++++++++++++--- 2020/7xxx/CVE-2020-7108.json | 5 +++ 5 files changed, 131 insertions(+), 13 deletions(-) diff --git a/2018/16xxx/CVE-2018-16803.json b/2018/16xxx/CVE-2018-16803.json index 2c982ecf8c1..03ab98f17a1 100644 --- a/2018/16xxx/CVE-2018-16803.json +++ b/2018/16xxx/CVE-2018-16803.json @@ -61,6 +61,11 @@ "name": "https://twitter.com/DC3VDP/status/1083359509995753473", "refsource": "MISC", "url": "https://twitter.com/DC3VDP/status/1083359509995753473" + }, + { + "refsource": "MISC", + "name": "https://www.websec.nl/news.php", + "url": "https://www.websec.nl/news.php" } ] } diff --git a/2019/14xxx/CVE-2019-14287.json b/2019/14xxx/CVE-2019-14287.json index 87617d5ddbb..679a8b44cd9 100644 --- a/2019/14xxx/CVE-2019-14287.json +++ b/2019/14xxx/CVE-2019-14287.json @@ -216,6 +216,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4191", "url": "https://access.redhat.com/errata/RHSA-2019:4191" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03976en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03976en_us" } ] } diff --git a/2019/3xxx/CVE-2019-3997.json b/2019/3xxx/CVE-2019-3997.json index 8796d374021..5bf17cec38e 100644 --- a/2019/3xxx/CVE-2019-3997.json +++ b/2019/3xxx/CVE-2019-3997.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3997", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3997", + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "SimpliSafe SS3", + "version": { + "version_data": [ + { + "version_value": "1.0-1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthenticated Keypad Pairing Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-03", + "url": "https://www.tenable.com/security/research/tra-2020-03" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.0-1.3 allows a local, unauthenticated attacker to pair a rogue keypad to an armed system." } ] } diff --git a/2020/7xxx/CVE-2020-7039.json b/2020/7xxx/CVE-2020-7039.json index 7c49b055a69..211fc62797c 100644 --- a/2020/7xxx/CVE-2020-7039.json +++ b/2020/7xxx/CVE-2020-7039.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7039", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7039", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9" + }, + { + "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80" + }, + { + "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289" + }, + { + "refsource": "CONFIRM", + "name": "http://www.openwall.com/lists/oss-security/2020/01/16/2", + "url": "http://www.openwall.com/lists/oss-security/2020/01/16/2" } ] } diff --git a/2020/7xxx/CVE-2020-7108.json b/2020/7xxx/CVE-2020-7108.json index 07f69792258..39dc2dd0818 100644 --- a/2020/7xxx/CVE-2020-7108.json +++ b/2020/7xxx/CVE-2020-7108.json @@ -66,6 +66,11 @@ "url": "https://www.getastra.com/blog/911/plugin-exploit/reflected-xss-vulnerability-found-in-learndash-lms-plugin/", "refsource": "MISC", "name": "https://www.getastra.com/blog/911/plugin-exploit/reflected-xss-vulnerability-found-in-learndash-lms-plugin/" + }, + { + "refsource": "MISC", + "name": "https://www.jinsonvarghese.com/reflected-xss-in-learndash-wordpress-plugin/", + "url": "https://www.jinsonvarghese.com/reflected-xss-in-learndash-wordpress-plugin/" } ] } From 825ce9e270ed83bbc856ba5e282236aadd7b4a2f Mon Sep 17 00:00:00 2001 From: Tim Hausler Date: Thu, 16 Jan 2020 15:49:19 -0800 Subject: [PATCH 122/387] Add CVE-2020-5398 Signed-off-by: Steven Locke --- 2020/5xxx/CVE-2020-5398.json | 83 ++++++++++++++++++++++++++++++++++-- 1 file changed, 80 insertions(+), 3 deletions(-) diff --git a/2020/5xxx/CVE-2020-5398.json b/2020/5xxx/CVE-2020-5398.json index a2cd998ba20..07d3c1a59f1 100644 --- a/2020/5xxx/CVE-2020-5398.json +++ b/2020/5xxx/CVE-2020-5398.json @@ -3,16 +3,93 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@pivotal.io", + "DATE_PUBLIC": "2020-01-16T00:00:00.000Z", "ID": "CVE-2020-5398", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "RFD Attack via \"Content-Disposition\" Header Sourced from Request Input by Spring MVC or Spring WebFlux Application" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spring Framework", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "5.0", + "version_value": "v5.0.16.RELEASE" + }, + { + "affected": "<", + "version_name": "5.1", + "version_value": "v5.1.13.RELEASE" + }, + { + "affected": "<", + "version_name": "5.2", + "version_value": "v5.2.3.RELEASE" + } + ] + } + } + ] + }, + "vendor_name": "Spring" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a \"Content-Disposition\" header in the response where the filename attribute is derived from user supplied input." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Cross-site Scripting (XSS) - Reflected" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2020-5398", + "name": "https://pivotal.io/security/cve-2020-5398" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "version": "3.0" + } } } \ No newline at end of file From 3267659a66e7e00dc34017dcba4b2ca9ed70c881 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 17 Jan 2020 00:01:17 +0000 Subject: [PATCH 123/387] "-Synchronized-Data." --- 2018/17xxx/CVE-2018-17942.json | 5 +++ 2019/0xxx/CVE-2019-0205.json | 5 +++ 2019/15xxx/CVE-2019-15742.json | 62 ++++++++++++++++++++++++++++++++++ 3 files changed, 72 insertions(+) create mode 100644 2019/15xxx/CVE-2019-15742.json diff --git a/2018/17xxx/CVE-2018-17942.json b/2018/17xxx/CVE-2018-17942.json index 40ce4a491ed..1ccb0670f6b 100644 --- a/2018/17xxx/CVE-2018-17942.json +++ b/2018/17xxx/CVE-2018-17942.json @@ -66,6 +66,11 @@ "name": "https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00107.html", "refsource": "MISC", "url": "https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00107.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-acac61cfd0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5UQRNQE6XHMD5UYYHAU3VQWAYHIPMQS/" } ] } diff --git a/2019/0xxx/CVE-2019-0205.json b/2019/0xxx/CVE-2019-0205.json index ccf111533b3..77a082a4008 100644 --- a/2019/0xxx/CVE-2019-0205.json +++ b/2019/0xxx/CVE-2019-0205.json @@ -98,6 +98,11 @@ "refsource": "MLIST", "name": "[hive-dev] 20200116 [jira] [Created] (HIVE-22738) CVE-2019-0205", "url": "https://lists.apache.org/thread.html/r50bf84c60867574238d18cdad5da9f303b618114c35566a3a001ae08@%3Cdev.hive.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[hive-issues] 20200116 [jira] [Updated] (HIVE-22738) CVE-2019-0205", + "url": "https://lists.apache.org/thread.html/r73a3c8b80765e3d2430ff51f22b778d0c917919f01815b69ed16cf9d@%3Cissues.hive.apache.org%3E" } ] }, diff --git a/2019/15xxx/CVE-2019-15742.json b/2019/15xxx/CVE-2019-15742.json new file mode 100644 index 00000000000..dff7596edf2 --- /dev/null +++ b/2019/15xxx/CVE-2019-15742.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155952/Plantronics-Hub-SpokesUpdateService-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/155952/Plantronics-Hub-SpokesUpdateService-Privilege-Escalation.html" + } + ] + } +} \ No newline at end of file From 23d96a9545894ddab13cf8a94455ded125a9f16e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 17 Jan 2020 02:01:09 +0000 Subject: [PATCH 124/387] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17361.json | 67 ++++++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19142.json | 56 +++++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19801.json | 56 +++++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19802.json | 56 +++++++++++++++++++++++++--- 4 files changed, 217 insertions(+), 18 deletions(-) create mode 100644 2019/17xxx/CVE-2019-17361.json diff --git a/2019/17xxx/CVE-2019-17361.json b/2019/17xxx/CVE-2019-17361.json new file mode 100644 index 00000000000..fd43bfa286d --- /dev/null +++ b/2019/17xxx/CVE-2019-17361.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In SaltStack Salt through 2019.2.0, the salt-api NEST API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/saltstack/salt/commits/master", + "refsource": "MISC", + "name": "https://github.com/saltstack/salt/commits/master" + }, + { + "refsource": "CONFIRM", + "name": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html#security-fix", + "url": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html#security-fix" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19142.json b/2019/19xxx/CVE-2019-19142.json index 22ce53abd60..bbe0261b7d8 100644 --- a/2019/19xxx/CVE-2019-19142.json +++ b/2019/19xxx/CVE-2019-19142.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19142", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19142", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fireshellsecurity.team/hack-n-routers/", + "refsource": "MISC", + "name": "https://fireshellsecurity.team/hack-n-routers/" } ] } diff --git a/2019/19xxx/CVE-2019-19801.json b/2019/19xxx/CVE-2019-19801.json index 18f22352771..4fa9a2f3270 100644 --- a/2019/19xxx/CVE-2019-19801.json +++ b/2019/19xxx/CVE-2019-19801.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19801", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19801", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.gallagher.com/cve-2019-19801", + "url": "https://security.gallagher.com/cve-2019-19801" } ] } diff --git a/2019/19xxx/CVE-2019-19802.json b/2019/19xxx/CVE-2019-19802.json index 02a57fdc6de..28452f8096d 100644 --- a/2019/19xxx/CVE-2019-19802.json +++ b/2019/19xxx/CVE-2019-19802.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19802", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19802", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.gallagher.com/cve-2019-19802", + "url": "https://security.gallagher.com/cve-2019-19802" } ] } From a9e2b4c30d7a194c9e75b7c395e5e6cf49f8cb5f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 17 Jan 2020 07:01:14 +0000 Subject: [PATCH 125/387] "-Synchronized-Data." --- 2010/0xxx/CVE-2010-0055.json | 5 +++++ 2018/17xxx/CVE-2018-17942.json | 5 +++++ 2019/17xxx/CVE-2019-17632.json | 7 ++++++- 2019/19xxx/CVE-2019-19844.json | 5 +++++ 4 files changed, 21 insertions(+), 1 deletion(-) diff --git a/2010/0xxx/CVE-2010-0055.json b/2010/0xxx/CVE-2010-0055.json index cf240762dee..87ef28944fb 100644 --- a/2010/0xxx/CVE-2010-0055.json +++ b/2010/0xxx/CVE-2010-0055.json @@ -61,6 +61,11 @@ "name": "http://support.apple.com/kb/HT4077", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4077" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-6490123c7c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXQ3NRRTC4A3F3GW2RQNATJHYDIRSCBS/" } ] } diff --git a/2018/17xxx/CVE-2018-17942.json b/2018/17xxx/CVE-2018-17942.json index 1ccb0670f6b..e052ae6afae 100644 --- a/2018/17xxx/CVE-2018-17942.json +++ b/2018/17xxx/CVE-2018-17942.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-acac61cfd0", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5UQRNQE6XHMD5UYYHAU3VQWAYHIPMQS/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-663f619e9c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGHTVYH3KAFN34QXNSGEQDSTV7MCOQW/" } ] } diff --git a/2019/17xxx/CVE-2019-17632.json b/2019/17xxx/CVE-2019-17632.json index d79bede8329..ade50391956 100644 --- a/2019/17xxx/CVE-2019-17632.json +++ b/2019/17xxx/CVE-2019-17632.json @@ -36,7 +36,7 @@ "credit": [ { "lang": "eng", - "value": "This vulnerability was discovered by Jon Are Rakvåg, Security architect, SpareBank 1 Utvikling and Erlend Leiknes, Security Consultant, mnemonic as" + "value": "This vulnerability was discovered by Jon Are Rakv\u00e5g, Security architect, SpareBank 1 Utvikling and Erlend Leiknes, Security Consultant, mnemonic as" } ], "data_format": "MITRE", @@ -68,6 +68,11 @@ "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=553443", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=553443" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4913d43d77", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAITZ27GKPD2CCNHGT2VBT4VWIBUJJNS/" } ] } diff --git a/2019/19xxx/CVE-2019-19844.json b/2019/19xxx/CVE-2019-19844.json index 06497c79b4e..7acefcf5256 100644 --- a/2019/19xxx/CVE-2019-19844.json +++ b/2019/19xxx/CVE-2019-19844.json @@ -91,6 +91,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200110-0003/", "url": "https://security.netapp.com/advisory/ntap-20200110-0003/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-adb4f0143a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/" } ] } From 29de3ae9ce8beda9c3829ca0dfe5b533ed587339 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Fri, 17 Jan 2020 09:23:31 +0100 Subject: [PATCH 126/387] data for CVE-2019-3682 --- 2019/3xxx/CVE-2019-3682.json | 80 ++++++++++++++++++++++++++++++++++-- 1 file changed, 77 insertions(+), 3 deletions(-) diff --git a/2019/3xxx/CVE-2019-3682.json b/2019/3xxx/CVE-2019-3682.json index c397413f667..3126da4f62d 100644 --- a/2019/3xxx/CVE-2019-3682.json +++ b/2019/3xxx/CVE-2019-3682.json @@ -1,8 +1,35 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2019-02-15T00:00:00.000Z", "ID": "CVE-2019-3682", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Insecure API port exposed to all Master Node guest containers" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SUSE CaaS Platform 3.0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "docker-kubic", + "version_value": "17.09.1_ce-7.6.1" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +38,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-668: Exposure of Resource to Wrong Sphere" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1121148", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1121148" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1121148", + "defect": [ + "1121148" + ], + "discovery": "INTERNAL" } } \ No newline at end of file From b235ff6e82482bf1c30767575bedeb2d605c0f0f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 17 Jan 2020 09:01:16 +0000 Subject: [PATCH 127/387] "-Synchronized-Data." --- 2019/3xxx/CVE-2019-3682.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2019/3xxx/CVE-2019-3682.json b/2019/3xxx/CVE-2019-3682.json index 3126da4f62d..a2ebfc7a64d 100644 --- a/2019/3xxx/CVE-2019-3682.json +++ b/2019/3xxx/CVE-2019-3682.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2019-02-15T00:00:00.000Z", "ID": "CVE-2019-3682", "STATE": "PUBLIC", From b9289cc903def63fd043c883cb0002eca87e2992 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 17 Jan 2020 11:01:08 +0000 Subject: [PATCH 128/387] "-Synchronized-Data." --- 2020/0xxx/CVE-2020-0635.json | 5 +++++ 2020/2xxx/CVE-2020-2656.json | 5 +++++ 2020/2xxx/CVE-2020-2696.json | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/2020/0xxx/CVE-2020-0635.json b/2020/0xxx/CVE-2020-0635.json index 792731310c6..50296acf6ef 100644 --- a/2020/0xxx/CVE-2020-0635.json +++ b/2020/0xxx/CVE-2020-0635.json @@ -245,6 +245,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0635", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0635" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-143/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-143/" } ] } diff --git a/2020/2xxx/CVE-2020-2656.json b/2020/2xxx/CVE-2020-2656.json index ac00d42335e..dd9d752255a 100644 --- a/2020/2xxx/CVE-2020-2656.json +++ b/2020/2xxx/CVE-2020-2656.json @@ -61,6 +61,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20200117 CVE-2020-2656 - Low impact information disclosure via Solaris xlock", + "url": "https://seclists.org/bugtraq/2020/Jan/23" } ] } diff --git a/2020/2xxx/CVE-2020-2696.json b/2020/2xxx/CVE-2020-2696.json index 7e326423315..36f83669b44 100644 --- a/2020/2xxx/CVE-2020-2696.json +++ b/2020/2xxx/CVE-2020-2696.json @@ -62,6 +62,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155963/SunOS-5.10-Generic_147148-26-Local-Privilege-Escalation.html", "url": "http://packetstormsecurity.com/files/155963/SunOS-5.10-Generic_147148-26-Local-Privilege-Escalation.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20200117 CVE-2020-2696 - Local privilege escalation via CDE dtsession", + "url": "https://seclists.org/bugtraq/2020/Jan/22" } ] } From 72707325ab459a1b17bec1b826032080f2e414e3 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Fri, 17 Jan 2020 12:05:10 +0100 Subject: [PATCH 129/387] data for CVE-2019-3683 --- 2019/3xxx/CVE-2019-3683.json | 86 ++++++++++++++++++++++++++++++++++-- 1 file changed, 83 insertions(+), 3 deletions(-) diff --git a/2019/3xxx/CVE-2019-3683.json b/2019/3xxx/CVE-2019-3683.json index 782bd245907..d69cf9ce182 100644 --- a/2019/3xxx/CVE-2019-3683.json +++ b/2019/3xxx/CVE-2019-3683.json @@ -1,9 +1,42 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2019-02-18T00:00:00.000Z", "ID": "CVE-2019-3683", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "keystone_json_assignment backend granted access to any project for users in user-project-map.json" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SUSE Openstack Cloud 8", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "keystone-json-assignment", + "version_value": "d7888c75505465490250c00cc0ef4bb1af662f9f" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Kurt Garloff by SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +44,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full \"member\" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732: Incorrect Permission Assignment for Critical Resource" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1124864", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1124864" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1124864", + "defect": [ + "1124864" + ], + "discovery": "INTERNAL" } } \ No newline at end of file From 085902b6c60a0c271ce1778e93bb6424ba3b406e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 17 Jan 2020 12:01:12 +0000 Subject: [PATCH 130/387] "-Synchronized-Data." --- 2019/3xxx/CVE-2019-3683.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2019/3xxx/CVE-2019-3683.json b/2019/3xxx/CVE-2019-3683.json index d69cf9ce182..0c72836ebbb 100644 --- a/2019/3xxx/CVE-2019-3683.json +++ b/2019/3xxx/CVE-2019-3683.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2019-02-18T00:00:00.000Z", "ID": "CVE-2019-3683", "STATE": "PUBLIC", @@ -44,7 +44,7 @@ "description_data": [ { "lang": "eng", - "value": "The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full \"member\" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations." + "value": "The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full \"member\" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations." } ] }, From 7bbbdffb4ecbd4100f91535afb4005bba294aef7 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Fri, 17 Jan 2020 13:35:03 +0100 Subject: [PATCH 131/387] data for CVE-2019-3686 --- 2019/3xxx/CVE-2019-3686.json | 79 ++++++++++++++++++++++++++++++++++-- 1 file changed, 76 insertions(+), 3 deletions(-) diff --git a/2019/3xxx/CVE-2019-3686.json b/2019/3xxx/CVE-2019-3686.json index 3d5c6c14550..ba85685b0b3 100644 --- a/2019/3xxx/CVE-2019-3686.json +++ b/2019/3xxx/CVE-2019-3686.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2019-08-06T00:00:00.000Z", "ID": "CVE-2019-3686", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "XSS in distri and version parameter in openQA" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "openQA", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "c172e8883d8f32fced5e02f9b6faaacc913df27b" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +37,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1142849", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1142849" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1142849", + "defect": [ + "1142849" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file From 9cb69bce747b198c945e7b4549a4a05f1995836d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 17 Jan 2020 13:01:33 +0000 Subject: [PATCH 132/387] "-Synchronized-Data." --- 2019/3xxx/CVE-2019-3686.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2019/3xxx/CVE-2019-3686.json b/2019/3xxx/CVE-2019-3686.json index ba85685b0b3..d7835d92727 100644 --- a/2019/3xxx/CVE-2019-3686.json +++ b/2019/3xxx/CVE-2019-3686.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2019-08-06T00:00:00.000Z", "ID": "CVE-2019-3686", "STATE": "PUBLIC", From 08bd15fe4cd3d90a5f7345de8e112d84fde81f3b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 17 Jan 2020 16:01:07 +0000 Subject: [PATCH 133/387] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20003.json | 61 ++++++++++++++++++++++++++++++---- 1 file changed, 55 insertions(+), 6 deletions(-) diff --git a/2019/20xxx/CVE-2019-20003.json b/2019/20xxx/CVE-2019-20003.json index ef7435b7f3f..7506ca29b02 100644 --- a/2019/20xxx/CVE-2019-20003.json +++ b/2019/20xxx/CVE-2019-20003.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20003", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20003", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components. This could be exploited when an attacker sends an crafted string for FTP authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://easescreen.com/en/", + "refsource": "MISC", + "name": "https://easescreen.com/en/" + }, + { + "refsource": "MISC", + "name": "https://github.com/0xedh/someshit/blob/master/CVE-2019-20003.md", + "url": "https://github.com/0xedh/someshit/blob/master/CVE-2019-20003.md" } ] } From beeb32901bb33d2604801c5ac1bfb857b211820c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 17 Jan 2020 17:01:08 +0000 Subject: [PATCH 134/387] "-Synchronized-Data." --- 2019/15xxx/CVE-2019-15854.json | 62 ++++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15855.json | 62 ++++++++++++++++++++++++++++++++++ 2 files changed, 124 insertions(+) create mode 100644 2019/15xxx/CVE-2019-15854.json create mode 100644 2019/15xxx/CVE-2019-15855.json diff --git a/2019/15xxx/CVE-2019-15854.json b/2019/15xxx/CVE-2019-15854.json new file mode 100644 index 00000000000..cbc952189ff --- /dev/null +++ b/2019/15xxx/CVE-2019-15854.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Maarch RM before 2.5. A privilege escalation vulnerability allows an authenticated user with lowest privileges to give herself highest administration privileges via a crafted PUT request to an unauthorized resource." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://labs.maarch.org/maarch/maarchRM/blob/master/CHANGELOG.md", + "url": "https://labs.maarch.org/maarch/maarchRM/blob/master/CHANGELOG.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15855.json b/2019/15xxx/CVE-2019-15855.json new file mode 100644 index 00000000000..73722d73fb7 --- /dev/null +++ b/2019/15xxx/CVE-2019-15855.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Maarch RM before 2.5. A path traversal vulnerability allows an unauthenticated remote attacker to overwrite any files with a crafted POST request if the default installation procedure was followed. This results in a permanent Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://labs.maarch.org/maarch/maarchRM/blob/master/CHANGELOG.md", + "url": "https://labs.maarch.org/maarch/maarchRM/blob/master/CHANGELOG.md" + } + ] + } +} \ No newline at end of file From 0e60afa62204f19e535eb6320257e5e9efd7d1e5 Mon Sep 17 00:00:00 2001 From: Tausif Siddiqui Date: Fri, 17 Jan 2020 22:36:26 +0530 Subject: [PATCH 135/387] Added CVE-2019-19339 --- 2019/19xxx/CVE-2019-19339.json | 61 +++++++++++++++++++++++++++++++--- 1 file changed, 57 insertions(+), 4 deletions(-) diff --git a/2019/19xxx/CVE-2019-19339.json b/2019/19xxx/CVE-2019-19339.json index c118039fd9c..1ab199d73da 100644 --- a/2019/19xxx/CVE-2019-19339.json +++ b/2019/19xxx/CVE-2019-19339.json @@ -4,15 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19339", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "msiddiqu@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "kpatch:", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-805" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19339", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19339", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor. System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor's Memory Management Unit (MMU) uses Paging structure entries to translate program's virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses. System software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor's TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] } -} \ No newline at end of file +} From 29911e589bb932bd7a1e88dde8273d573c29c045 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 17 Jan 2020 18:01:09 +0000 Subject: [PATCH 136/387] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10956.json | 50 +++++++++++++++++++++++-- 2019/10xxx/CVE-2019-10957.json | 50 +++++++++++++++++++++++-- 2019/10xxx/CVE-2019-10958.json | 50 +++++++++++++++++++++++-- 2019/14xxx/CVE-2019-14596.json | 62 +++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14600.json | 62 +++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14601.json | 62 +++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14613.json | 62 +++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14615.json | 62 +++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14629.json | 62 +++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17125.json | 67 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17127.json | 67 ++++++++++++++++++++++++++++++++++ 2020/3xxx/CVE-2020-3940.json | 50 +++++++++++++++++++++++-- 2020/6xxx/CVE-2020-6862.json | 50 +++++++++++++++++++++++-- 13 files changed, 741 insertions(+), 15 deletions(-) create mode 100644 2019/14xxx/CVE-2019-14596.json create mode 100644 2019/14xxx/CVE-2019-14600.json create mode 100644 2019/14xxx/CVE-2019-14601.json create mode 100644 2019/14xxx/CVE-2019-14613.json create mode 100644 2019/14xxx/CVE-2019-14615.json create mode 100644 2019/14xxx/CVE-2019-14629.json create mode 100644 2019/17xxx/CVE-2019-17125.json create mode 100644 2019/17xxx/CVE-2019-17127.json diff --git a/2019/10xxx/CVE-2019-10956.json b/2019/10xxx/CVE-2019-10956.json index f27efbd3de0..653c3cdc3e5 100644 --- a/2019/10xxx/CVE-2019-10956.json +++ b/2019/10xxx/CVE-2019-10956.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10956", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Geutebruck IP Cameras", + "version": { + "version_data": [ + { + "version_value": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03", + "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root." } ] } diff --git a/2019/10xxx/CVE-2019-10957.json b/2019/10xxx/CVE-2019-10957.json index b1b2a3d2907..79492b5cbe4 100644 --- a/2019/10xxx/CVE-2019-10957.json +++ b/2019/10xxx/CVE-2019-10957.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10957", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Geutebruck IP Cameras", + "version": { + "version_data": [ + { + "version_value": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03", + "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user\u2019s browser." } ] } diff --git a/2019/10xxx/CVE-2019-10958.json b/2019/10xxx/CVE-2019-10958.json index 16529752a14..ddcc60524ac 100644 --- a/2019/10xxx/CVE-2019-10958.json +++ b/2019/10xxx/CVE-2019-10958.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10958", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Geutebruck IP Cameras", + "version": { + "version_data": [ + { + "version_value": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03", + "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root." } ] } diff --git a/2019/14xxx/CVE-2019-14596.json b/2019/14xxx/CVE-2019-14596.json new file mode 100644 index 00000000000..4ed679ce8fa --- /dev/null +++ b/2019/14xxx/CVE-2019-14596.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14596", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Chipset Device Software INF Utility", + "version": { + "version_data": [ + { + "version_value": "before version 10.1.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00306.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00306.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper access control in the installer for Intel(R) Chipset Device Software INF Utility before version 10.1.18 may allow an authenticated user to potentially enable denial of service via local access." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14600.json b/2019/14xxx/CVE-2019-14600.json new file mode 100644 index 00000000000..1d348667fb2 --- /dev/null +++ b/2019/14xxx/CVE-2019-14600.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14600", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) SNMP Subagent Stand-Alone for Windows*", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00300.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00300.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uncontrolled search path element in the installer for Intel(R) SNMP Subagent Stand-Alone for Windows* may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14601.json b/2019/14xxx/CVE-2019-14601.json new file mode 100644 index 00000000000..ca1848306e3 --- /dev/null +++ b/2019/14xxx/CVE-2019-14601.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14601", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) RWC 3 for Windows", + "version": { + "version_data": [ + { + "version_value": "before version 7.010.009.000" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00308.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00308.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper permissions in the installer for Intel(R) RWC 3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14613.json b/2019/14xxx/CVE-2019-14613.json new file mode 100644 index 00000000000..239d6e0584e --- /dev/null +++ b/2019/14xxx/CVE-2019-14613.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14613", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) VTune(TM) Amplifier for Windows*", + "version": { + "version_data": [ + { + "version_value": "before update 8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00325.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00325.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper access control in driver for Intel(R) VTune(TM) Amplifier for Windows* before update 8 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14615.json b/2019/14xxx/CVE-2019-14615.json new file mode 100644 index 00000000000..40f8ddbfeb1 --- /dev/null +++ b/2019/14xxx/CVE-2019-14615.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14615", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Processors", + "version": { + "version_data": [ + { + "version_value": "various" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14629.json b/2019/14xxx/CVE-2019-14629.json new file mode 100644 index 00000000000..a9bd4070c34 --- /dev/null +++ b/2019/14xxx/CVE-2019-14629.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14629", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) DAAL", + "version": { + "version_data": [ + { + "version_value": "before version 2020 Gold" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00332.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00332.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper permissions in Intel(R) DAAL before version 2020 Gold may allow an authenticated user to potentially enable information disclosure via local access." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17125.json b/2019/17xxx/CVE-2019-17125.json new file mode 100644 index 00000000000..01361b845d9 --- /dev/null +++ b/2019/17xxx/CVE-2019-17125.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.solarwinds.com/SuccessCenter/s/orion-platform", + "refsource": "MISC", + "name": "https://support.solarwinds.com/SuccessCenter/s/orion-platform" + }, + { + "refsource": "CONFIRM", + "name": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2019-4-Hotfix-3?ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1&r=116&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1", + "url": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2019-4-Hotfix-3?ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1&r=116&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17127.json b/2019/17xxx/CVE-2019-17127.json new file mode 100644 index 00000000000..8a247c51403 --- /dev/null +++ b/2019/17xxx/CVE-2019-17127.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.solarwinds.com/SuccessCenter/s/orion-platform", + "refsource": "MISC", + "name": "https://support.solarwinds.com/SuccessCenter/s/orion-platform" + }, + { + "refsource": "CONFIRM", + "name": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2019-4-Hotfix-3?ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1&r=116&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1", + "url": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2019-4-Hotfix-3?ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1&r=116&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1" + } + ] + } +} \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3940.json b/2020/3xxx/CVE-2020-3940.json index 5d5f486a58a..1d3087d6520 100644 --- a/2020/3xxx/CVE-2020-3940.json +++ b/2020/3xxx/CVE-2020-3940.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3940", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "VMware", + "product": { + "product_data": [ + { + "product_name": "Workspace ONE SDK", + "version": { + "version_data": [ + { + "version_value": "Workspace ONE SDK for Android prior to 19.11.1 and Workspace ONE SDK for iOS (Objective-C) prior to 5.9.9.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Sensitive information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.vmware.com/security/advisories/VMSA-2020-0001.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2020-0001.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability." } ] } diff --git a/2020/6xxx/CVE-2020-6862.json b/2020/6xxx/CVE-2020-6862.json index 7743768f08c..66162d5c3b1 100644 --- a/2020/6xxx/CVE-2020-6862.json +++ b/2020/6xxx/CVE-2020-6862.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6862", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@zte.com.cn", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ZTE Corporation", + "product": { + "product_data": [ + { + "product_name": "F6x2W", + "version": { + "version_data": [ + { + "version_value": "V6.0.10P2T2?V6.0.10P2T5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012162", + "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012162" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code." } ] } From a0d6b9b9ba592e7635e10f416ff71b7013280331 Mon Sep 17 00:00:00 2001 From: Wayne Beaton Date: Fri, 17 Jan 2020 13:29:12 -0500 Subject: [PATCH 137/387] Two vulnerability reports for Eclipse Memory Analyzer Signed-off-by: Wayne Beaton --- 2019/17xxx/CVE-2019-17634.json | 68 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17635.json | 62 +++++++++++++++++++++++++++++++ 2 files changed, 130 insertions(+) create mode 100644 2019/17xxx/CVE-2019-17634.json create mode 100644 2019/17xxx/CVE-2019-17635.json diff --git a/2019/17xxx/CVE-2019-17634.json b/2019/17xxx/CVE-2019-17634.json new file mode 100644 index 00000000000..2f7d7920e2b --- /dev/null +++ b/2019/17xxx/CVE-2019-17634.json @@ -0,0 +1,68 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@eclipse.org", + "ID": "CVE-2019-17634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Eclipse Foundation", + "product": { + "product_data": [ + { + "product_name": "Eclipse Memory Analyzer", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 1.9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Iassen Minov for reporting the issue." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, open the malicious heap dump and generate an HTML report for the problem to occur. The heap dump could be specially crafted, or could come from a crafted application or from an application processing malicious data. The vulnerability is present whena report is generated and opened from the Memory Analyzer graphical user interface, or when a report generated in batch mode is then opened in Memory Analyzer or by a web browser. The vulnerability could possibly allow code execution on the local system whenthe report is opened in Memory Analyzer. " + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=552542", + "refsource": "CONFIRM", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=552542" + } + ] + } +} diff --git a/2019/17xxx/CVE-2019-17635.json b/2019/17xxx/CVE-2019-17635.json new file mode 100644 index 00000000000..3191bb01ad0 --- /dev/null +++ b/2019/17xxx/CVE-2019-17635.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@eclipse.org", + "ID": "CVE-2019-17635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Eclipse Foundation", + "product": { + "product_data": [ + { + "product_name": "Eclipse Memory Analyzer", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 1.9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted index for the problem to occur. The problem can be averted if the index files from an untrusted source are deleted and the heap dump is opened and reparsed. Also some local configuration data is subject to a deserialization vulnerability if the local data were to be replaced with a malicious version. This can be averted if the local configuration data stored on the file system cannot be changed by an attacker. The vulnerability could possibly allow code execution on the local system. " + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=558633", + "refsource": "CONFIRM", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=558633" + } + ] + } +} From b16bc694cd611af81a6aad23afbd4fb672ccc1d7 Mon Sep 17 00:00:00 2001 From: Steven Locke Date: Fri, 17 Jan 2020 10:40:32 -0800 Subject: [PATCH 138/387] Add CVE-2020-5397 Signed-off-by: Tim Hausler --- 2020/5xxx/CVE-2020-5397.json | 73 ++++++++++++++++++++++++++++++++++-- 1 file changed, 70 insertions(+), 3 deletions(-) diff --git a/2020/5xxx/CVE-2020-5397.json b/2020/5xxx/CVE-2020-5397.json index d405d79102c..e17a9ca855d 100644 --- a/2020/5xxx/CVE-2020-5397.json +++ b/2020/5xxx/CVE-2020-5397.json @@ -3,16 +3,83 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@pivotal.io", + "DATE_PUBLIC": "2020-01-16T00:00:00.000Z", "ID": "CVE-2020-5397", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spring Framework", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "5.2", + "version_value": "v5.2.3.RELEASE" + } + ] + } + } + ] + }, + "vendor_name": "Spring" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints.\n\nOnly non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. \n\nNo HTTP body can be sent or received as a result of this attack." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2020-5397", + "name": "https://pivotal.io/security/cve-2020-5397" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0" + } } } \ No newline at end of file From dac7f3de17c73691b9a572d9a8a32ac541d7cdb8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 17 Jan 2020 19:01:17 +0000 Subject: [PATCH 139/387] "-Synchronized-Data." --- 2007/6xxx/CVE-2007-6070.json | 14 +++++++------- 2019/17xxx/CVE-2019-17634.json | 4 ++-- 2019/17xxx/CVE-2019-17635.json | 4 ++-- 2019/19xxx/CVE-2019-19339.json | 7 ++++--- 2019/20xxx/CVE-2019-20009.json | 5 +++++ 2019/20xxx/CVE-2019-20010.json | 5 +++++ 2019/20xxx/CVE-2019-20011.json | 5 +++++ 2019/20xxx/CVE-2019-20012.json | 5 +++++ 2019/20xxx/CVE-2019-20013.json | 5 +++++ 2019/20xxx/CVE-2019-20014.json | 5 +++++ 2019/20xxx/CVE-2019-20015.json | 5 +++++ 2019/9xxx/CVE-2019-9770.json | 5 +++++ 2019/9xxx/CVE-2019-9771.json | 5 +++++ 2019/9xxx/CVE-2019-9772.json | 5 +++++ 2019/9xxx/CVE-2019-9773.json | 5 +++++ 2019/9xxx/CVE-2019-9774.json | 5 +++++ 2019/9xxx/CVE-2019-9775.json | 5 +++++ 2019/9xxx/CVE-2019-9776.json | 5 +++++ 2019/9xxx/CVE-2019-9777.json | 5 +++++ 2019/9xxx/CVE-2019-9778.json | 5 +++++ 2019/9xxx/CVE-2019-9779.json | 5 +++++ 2020/2xxx/CVE-2020-2656.json | 5 +++++ 2020/2xxx/CVE-2020-2696.json | 5 +++++ 2020/5xxx/CVE-2020-5397.json | 2 +- 24 files changed, 111 insertions(+), 15 deletions(-) diff --git a/2007/6xxx/CVE-2007-6070.json b/2007/6xxx/CVE-2007-6070.json index 62936f29abc..a260ab20734 100644 --- a/2007/6xxx/CVE-2007-6070.json +++ b/2007/6xxx/CVE-2007-6070.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2007-6070", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2007-6070", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1382. Reason: This candidate is a reservation duplicate of CVE-2008-1382. Notes: All CVE users should reference CVE-2008-1382 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2019/17xxx/CVE-2019-17634.json b/2019/17xxx/CVE-2019-17634.json index 2f7d7920e2b..5c00b6ee46c 100644 --- a/2019/17xxx/CVE-2019-17634.json +++ b/2019/17xxx/CVE-2019-17634.json @@ -40,7 +40,7 @@ "description_data": [ { "lang": "eng", - "value": "Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, open the malicious heap dump and generate an HTML report for the problem to occur. The heap dump could be specially crafted, or could come from a crafted application or from an application processing malicious data. The vulnerability is present whena report is generated and opened from the Memory Analyzer graphical user interface, or when a report generated in batch mode is then opened in Memory Analyzer or by a web browser. The vulnerability could possibly allow code execution on the local system whenthe report is opened in Memory Analyzer. " + "value": "Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, open the malicious heap dump and generate an HTML report for the problem to occur. The heap dump could be specially crafted, or could come from a crafted application or from an application processing malicious data. The vulnerability is present whena report is generated and opened from the Memory Analyzer graphical user interface, or when a report generated in batch mode is then opened in Memory Analyzer or by a web browser. The vulnerability could possibly allow code execution on the local system whenthe report is opened in Memory Analyzer." } ] }, @@ -65,4 +65,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17635.json b/2019/17xxx/CVE-2019-17635.json index 3191bb01ad0..61661f895ea 100644 --- a/2019/17xxx/CVE-2019-17635.json +++ b/2019/17xxx/CVE-2019-17635.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted index for the problem to occur. The problem can be averted if the index files from an untrusted source are deleted and the heap dump is opened and reparsed. Also some local configuration data is subject to a deserialization vulnerability if the local data were to be replaced with a malicious version. This can be averted if the local configuration data stored on the file system cannot be changed by an attacker. The vulnerability could possibly allow code execution on the local system. " + "value": "Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted index for the problem to occur. The problem can be averted if the index files from an untrusted source are deleted and the heap dump is opened and reparsed. Also some local configuration data is subject to a deserialization vulnerability if the local data were to be replaced with a malicious version. This can be averted if the local configuration data stored on the file system cannot be changed by an attacker. The vulnerability could possibly allow code execution on the local system." } ] }, @@ -59,4 +59,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19339.json b/2019/19xxx/CVE-2019-19339.json index 1ab199d73da..d1c9073d5b3 100644 --- a/2019/19xxx/CVE-2019-19339.json +++ b/2019/19xxx/CVE-2019-19339.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19339", - "ASSIGNER": "msiddiqu@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -54,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor. System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor's Memory Management Unit (MMU) uses Paging structure entries to translate program's virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses. System software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor's TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change." + "value": "It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor. System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor's Memory Management Unit (MMU) uses Paging structure entries to translate program's virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses. System software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor's TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change." } ] }, @@ -68,4 +69,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20009.json b/2019/20xxx/CVE-2019-20009.json index ab71b458d1a..e819f473c48 100644 --- a/2019/20xxx/CVE-2019-20009.json +++ b/2019/20xxx/CVE-2019-20009.json @@ -66,6 +66,11 @@ "url": "https://github.com/LibreDWG/libredwg/issues/176#issue-541977765", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/176#issue-541977765" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/20xxx/CVE-2019-20010.json b/2019/20xxx/CVE-2019-20010.json index 78d31cb3efc..44deb4afe62 100644 --- a/2019/20xxx/CVE-2019-20010.json +++ b/2019/20xxx/CVE-2019-20010.json @@ -61,6 +61,11 @@ "url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643383", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643383" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/20xxx/CVE-2019-20011.json b/2019/20xxx/CVE-2019-20011.json index a7317d04b02..1eeac942dcc 100644 --- a/2019/20xxx/CVE-2019-20011.json +++ b/2019/20xxx/CVE-2019-20011.json @@ -61,6 +61,11 @@ "url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643439", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643439" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/20xxx/CVE-2019-20012.json b/2019/20xxx/CVE-2019-20012.json index ebdbc17f463..f6c6d6a1846 100644 --- a/2019/20xxx/CVE-2019-20012.json +++ b/2019/20xxx/CVE-2019-20012.json @@ -61,6 +61,11 @@ "url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643088", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643088" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/20xxx/CVE-2019-20013.json b/2019/20xxx/CVE-2019-20013.json index cbde2703701..49d297010fb 100644 --- a/2019/20xxx/CVE-2019-20013.json +++ b/2019/20xxx/CVE-2019-20013.json @@ -66,6 +66,11 @@ "url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643060", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643060" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/20xxx/CVE-2019-20014.json b/2019/20xxx/CVE-2019-20014.json index 8aab4daddb7..17bf25e3839 100644 --- a/2019/20xxx/CVE-2019-20014.json +++ b/2019/20xxx/CVE-2019-20014.json @@ -66,6 +66,11 @@ "url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643172", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643172" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/20xxx/CVE-2019-20015.json b/2019/20xxx/CVE-2019-20015.json index 71c967cef96..396608c2085 100644 --- a/2019/20xxx/CVE-2019-20015.json +++ b/2019/20xxx/CVE-2019-20015.json @@ -61,6 +61,11 @@ "url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643028", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643028" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/9xxx/CVE-2019-9770.json b/2019/9xxx/CVE-2019-9770.json index 2ef3dfbe018..97a9d854372 100644 --- a/2019/9xxx/CVE-2019-9770.json +++ b/2019/9xxx/CVE-2019-9770.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/9xxx/CVE-2019-9771.json b/2019/9xxx/CVE-2019-9771.json index 83d115228be..fa8119ba0e0 100644 --- a/2019/9xxx/CVE-2019-9771.json +++ b/2019/9xxx/CVE-2019-9771.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/9xxx/CVE-2019-9772.json b/2019/9xxx/CVE-2019-9772.json index d149d7b1b9e..ae82e4d292a 100644 --- a/2019/9xxx/CVE-2019-9772.json +++ b/2019/9xxx/CVE-2019-9772.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/9xxx/CVE-2019-9773.json b/2019/9xxx/CVE-2019-9773.json index b6e23fabc95..0fce88e629c 100644 --- a/2019/9xxx/CVE-2019-9773.json +++ b/2019/9xxx/CVE-2019-9773.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/9xxx/CVE-2019-9774.json b/2019/9xxx/CVE-2019-9774.json index 36b21a55c4b..de3e91154e6 100644 --- a/2019/9xxx/CVE-2019-9774.json +++ b/2019/9xxx/CVE-2019-9774.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/9xxx/CVE-2019-9775.json b/2019/9xxx/CVE-2019-9775.json index 2cf68967d0c..eb690c43fa0 100644 --- a/2019/9xxx/CVE-2019-9775.json +++ b/2019/9xxx/CVE-2019-9775.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/9xxx/CVE-2019-9776.json b/2019/9xxx/CVE-2019-9776.json index 2e1cbfe97e3..347d4bbda19 100644 --- a/2019/9xxx/CVE-2019-9776.json +++ b/2019/9xxx/CVE-2019-9776.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/9xxx/CVE-2019-9777.json b/2019/9xxx/CVE-2019-9777.json index 2141fc4a5e9..e92c1c073a9 100644 --- a/2019/9xxx/CVE-2019-9777.json +++ b/2019/9xxx/CVE-2019-9777.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/9xxx/CVE-2019-9778.json b/2019/9xxx/CVE-2019-9778.json index dbbe7dba11d..6ed99cc875a 100644 --- a/2019/9xxx/CVE-2019-9778.json +++ b/2019/9xxx/CVE-2019-9778.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/9xxx/CVE-2019-9779.json b/2019/9xxx/CVE-2019-9779.json index a34f682d59c..2099b340d1e 100644 --- a/2019/9xxx/CVE-2019-9779.json +++ b/2019/9xxx/CVE-2019-9779.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2020/2xxx/CVE-2020-2656.json b/2020/2xxx/CVE-2020-2656.json index dd9d752255a..a86a3bbf880 100644 --- a/2020/2xxx/CVE-2020-2656.json +++ b/2020/2xxx/CVE-2020-2656.json @@ -66,6 +66,11 @@ "refsource": "BUGTRAQ", "name": "20200117 CVE-2020-2656 - Low impact information disclosure via Solaris xlock", "url": "https://seclists.org/bugtraq/2020/Jan/23" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155990/Solaris-xlock-Information-Disclosure.html", + "url": "http://packetstormsecurity.com/files/155990/Solaris-xlock-Information-Disclosure.html" } ] } diff --git a/2020/2xxx/CVE-2020-2696.json b/2020/2xxx/CVE-2020-2696.json index 36f83669b44..f7a148074ed 100644 --- a/2020/2xxx/CVE-2020-2696.json +++ b/2020/2xxx/CVE-2020-2696.json @@ -67,6 +67,11 @@ "refsource": "BUGTRAQ", "name": "20200117 CVE-2020-2696 - Local privilege escalation via CDE dtsession", "url": "https://seclists.org/bugtraq/2020/Jan/22" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155991/Common-Desktop-Environment-2.3.1-Buffer-Overflow.html", + "url": "http://packetstormsecurity.com/files/155991/Common-Desktop-Environment-2.3.1-Buffer-Overflow.html" } ] } diff --git a/2020/5xxx/CVE-2020-5397.json b/2020/5xxx/CVE-2020-5397.json index e17a9ca855d..70e134db460 100644 --- a/2020/5xxx/CVE-2020-5397.json +++ b/2020/5xxx/CVE-2020-5397.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints.\n\nOnly non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. \n\nNo HTTP body can be sent or received as a result of this attack." + "value": "Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack." } ] }, From f76020af12c1545761f385ed450f55b0e60f18b5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 17 Jan 2020 20:01:07 +0000 Subject: [PATCH 140/387] "-Synchronized-Data." --- 2020/2xxx/CVE-2020-2656.json | 5 +++++ 2020/2xxx/CVE-2020-2696.json | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/2020/2xxx/CVE-2020-2656.json b/2020/2xxx/CVE-2020-2656.json index a86a3bbf880..af09c9c089a 100644 --- a/2020/2xxx/CVE-2020-2656.json +++ b/2020/2xxx/CVE-2020-2656.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155990/Solaris-xlock-Information-Disclosure.html", "url": "http://packetstormsecurity.com/files/155990/Solaris-xlock-Information-Disclosure.html" + }, + { + "refsource": "FULLDISC", + "name": "20200117 CVE-2020-2656 - Low impact information disclosure via Solaris xlock", + "url": "http://seclists.org/fulldisclosure/2020/Jan/23" } ] } diff --git a/2020/2xxx/CVE-2020-2696.json b/2020/2xxx/CVE-2020-2696.json index f7a148074ed..84de1891f64 100644 --- a/2020/2xxx/CVE-2020-2696.json +++ b/2020/2xxx/CVE-2020-2696.json @@ -72,6 +72,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155991/Common-Desktop-Environment-2.3.1-Buffer-Overflow.html", "url": "http://packetstormsecurity.com/files/155991/Common-Desktop-Environment-2.3.1-Buffer-Overflow.html" + }, + { + "refsource": "FULLDISC", + "name": "20200117 CVE-2020-2696 - Local privilege escalation via CDE dtsession", + "url": "http://seclists.org/fulldisclosure/2020/Jan/24" } ] } From 7a8902608e02fe211057300e5fb7b5fa7d61be0e Mon Sep 17 00:00:00 2001 From: jpattrendmicro Date: Fri, 17 Jan 2020 13:27:57 -0800 Subject: [PATCH 141/387] Trend Micro submissions for CVE-2019-15625, 19696, 19697, and 20357 Trend Micro submissions for CVE-2019-15625, 19696, 19697, and 20357 --- 2019/15xxx/CVE-2019-15625.json | 69 +++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19696.json | 85 +++++++++++++++++++++++++++------- 2019/19xxx/CVE-2019-19697.json | 79 ++++++++++++++++++++++++------- 2019/20xxx/CVE-2019-20357.json | 79 ++++++++++++++++++++++++------- 4 files changed, 261 insertions(+), 51 deletions(-) create mode 100644 2019/15xxx/CVE-2019-15625.json diff --git a/2019/15xxx/CVE-2019-15625.json b/2019/15xxx/CVE-2019-15625.json new file mode 100644 index 00000000000..8f77b322e4e --- /dev/null +++ b/2019/15xxx/CVE-2019-15625.json @@ -0,0 +1,69 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "security@trendmicro.com", + "ID" : "CVE-2019-15625", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Trend Micro Password Manager", + "version" : { + "version_data" : [ + { + "version_value" : "3.8.0.1103 and below" + } + ] + } + } + ] + }, + "vendor_name" : "Trend Micro" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information. " + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Memory Usage" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123595.aspx" + }, + { + "url" : "https://jvn.jp/en/jp/JVN49593434/index.html" + }, + { + "url" : "https://esupport.trendmicro.com/support/pwm/solution/ja-jp/1123614.aspx" + }, + { + "url" : "https://jvn.jp/jp/JVN49593434/index.html" + } + ] + } +} diff --git a/2019/19xxx/CVE-2019-19696.json b/2019/19xxx/CVE-2019-19696.json index a85ff4c3856..3d16d4dd34f 100644 --- a/2019/19xxx/CVE-2019-19696.json +++ b/2019/19xxx/CVE-2019-19696.json @@ -1,18 +1,69 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-19696", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta" : { + "ASSIGNER" : "security@trendmicro.com", + "ID" : "CVE-2019-19696", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Trend Micro Password Manager", + "version" : { + "version_data" : [ + { + "version_value" : "5.0.0.1076 and below (Windows) and 5.0.1047 and below (macOS)" + } + ] + } + } + ] + }, + "vendor_name" : "Trend Micro" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites. " + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "RootCA Access" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124092.aspx" + }, + { + "url" : "https://jvn.jp/en/jp/JVN37183636/index.html" + }, + { + "url" : "https://esupport.trendmicro.com/support/pwm/solution/ja-jp/1124091.aspx" + }, + { + "url" : "https://jvn.jp/jp/JVN37183636/index.html" + } + ] + } +} diff --git a/2019/19xxx/CVE-2019-19697.json b/2019/19xxx/CVE-2019-19697.json index ed92470ee72..e750cddc7f7 100644 --- a/2019/19xxx/CVE-2019-19697.json +++ b/2019/19xxx/CVE-2019-19697.json @@ -1,18 +1,63 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-19697", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta" : { + "ASSIGNER" : "security@trendmicro.com", + "ID" : "CVE-2019-19697", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Trend Micro Security (Consumer)", + "version" : { + "version_data" : [ + { + "version_value" : "2019 (v15)" + } + ] + } + } + ] + }, + "vendor_name" : "Trend Micro" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Arbitrary Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx" + }, + { + "url" : "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt" + } + ] + } +} diff --git a/2019/20xxx/CVE-2019-20357.json b/2019/20xxx/CVE-2019-20357.json index d937e84c769..e2c06e1e0ed 100644 --- a/2019/20xxx/CVE-2019-20357.json +++ b/2019/20xxx/CVE-2019-20357.json @@ -1,18 +1,63 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-20357", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta" : { + "ASSIGNER" : "security@trendmicro.com", + "ID" : "CVE-2019-20357", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Trend Micro Security (Consumer)", + "version" : { + "version_data" : [ + { + "version_value" : "2019 (v15) and 2020 (v16)" + } + ] + } + } + ] + }, + "vendor_name" : "Trend Micro" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Persistent Arbitrary Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx" + }, + { + "url" : "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt" + } + ] + } +} From 3724012767083f0c523050bca5f2e373fe22c96b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 17 Jan 2020 22:01:05 +0000 Subject: [PATCH 142/387] "-Synchronized-Data." --- 2014/5xxx/CVE-2014-5005.json | 5 ++++ 2014/5xxx/CVE-2014-5006.json | 5 ++++ 2014/5xxx/CVE-2014-5007.json | 53 ++++++++++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7216.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7217.json | 18 ++++++++++++ 5 files changed, 97 insertions(+), 2 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7216.json create mode 100644 2020/7xxx/CVE-2020-7217.json diff --git a/2014/5xxx/CVE-2014-5005.json b/2014/5xxx/CVE-2014-5005.json index 85eaf12bc9c..11b84831af3 100644 --- a/2014/5xxx/CVE-2014-5005.json +++ b/2014/5xxx/CVE-2014-5005.json @@ -57,6 +57,11 @@ "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Aug/88" }, + { + "refsource": "CONFIRM", + "name": "https://www.manageengine.com/products/desktop-central/remote-code-execution.html", + "url": "https://www.manageengine.com/products/desktop-central/remote-code-execution.html" + }, { "name": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc9_file_upload.txt", "refsource": "MISC", diff --git a/2014/5xxx/CVE-2014-5006.json b/2014/5xxx/CVE-2014-5006.json index 973d1b8b388..7504bf3b10f 100644 --- a/2014/5xxx/CVE-2014-5006.json +++ b/2014/5xxx/CVE-2014-5006.json @@ -57,6 +57,11 @@ "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Aug/88" }, + { + "refsource": "CONFIRM", + "name": "https://www.manageengine.com/products/desktop-central/remote-code-execution.html", + "url": "https://www.manageengine.com/products/desktop-central/remote-code-execution.html" + }, { "name": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc9_file_upload.txt", "refsource": "MISC", diff --git a/2014/5xxx/CVE-2014-5007.json b/2014/5xxx/CVE-2014-5007.json index d883374357b..c06e223426c 100644 --- a/2014/5xxx/CVE-2014-5007.json +++ b/2014/5xxx/CVE-2014-5007.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5007", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +11,57 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.manageengine.com/products/desktop-central/remote-code-execution.html", + "url": "https://www.manageengine.com/products/desktop-central/remote-code-execution.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Aug/88", + "url": "http://seclists.org/fulldisclosure/2014/Aug/88" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } } } \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7216.json b/2020/7xxx/CVE-2020-7216.json new file mode 100644 index 00000000000..6bee60a9464 --- /dev/null +++ b/2020/7xxx/CVE-2020-7216.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7216", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7217.json b/2020/7xxx/CVE-2020-7217.json new file mode 100644 index 00000000000..04dada48b1a --- /dev/null +++ b/2020/7xxx/CVE-2020-7217.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7217", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 743e438e7f5eef81a8edf46b22a11697c4f8d095 Mon Sep 17 00:00:00 2001 From: jpattrendmicro Date: Fri, 17 Jan 2020 14:04:27 -0800 Subject: [PATCH 143/387] Trend Micro submissions for CVE-2019-15625, 19696, 19697, and 20357 Trend Micro submissions for CVE-2019-15625, 19696, 19697, and 20357 --- 2019/15xxx/CVE-2019-15625.json | 2 +- 2019/19xxx/CVE-2019-19696.json | 2 +- 2019/19xxx/CVE-2019-19697.json | 2 +- 2019/20xxx/CVE-2019-20357.json | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/2019/15xxx/CVE-2019-15625.json b/2019/15xxx/CVE-2019-15625.json index 8f77b322e4e..b55f350dc88 100644 --- a/2019/15xxx/CVE-2019-15625.json +++ b/2019/15xxx/CVE-2019-15625.json @@ -15,7 +15,7 @@ "version" : { "version_data" : [ { - "version_value" : "3.8.0.1103 and below" + "version_value" : "3.8.0.1103 and below " } ] } diff --git a/2019/19xxx/CVE-2019-19696.json b/2019/19xxx/CVE-2019-19696.json index 3d16d4dd34f..5f95e874446 100644 --- a/2019/19xxx/CVE-2019-19696.json +++ b/2019/19xxx/CVE-2019-19696.json @@ -15,7 +15,7 @@ "version" : { "version_data" : [ { - "version_value" : "5.0.0.1076 and below (Windows) and 5.0.1047 and below (macOS)" + "version_value" : "5.0.0.1076 and below (Windows) and 5.0.1047 and below (Mac)" } ] } diff --git a/2019/19xxx/CVE-2019-19697.json b/2019/19xxx/CVE-2019-19697.json index e750cddc7f7..4b74f4f3d78 100644 --- a/2019/19xxx/CVE-2019-19697.json +++ b/2019/19xxx/CVE-2019-19697.json @@ -15,7 +15,7 @@ "version" : { "version_data" : [ { - "version_value" : "2019 (v15)" + "version_value" : "2019 (v15) " } ] } diff --git a/2019/20xxx/CVE-2019-20357.json b/2019/20xxx/CVE-2019-20357.json index e2c06e1e0ed..3d44dfa6b6c 100644 --- a/2019/20xxx/CVE-2019-20357.json +++ b/2019/20xxx/CVE-2019-20357.json @@ -15,7 +15,7 @@ "version" : { "version_data" : [ { - "version_value" : "2019 (v15) and 2020 (v16)" + "version_value" : "2019 (v15) and 2020 (v16) " } ] } From a0d4bfa71ec088544fd0d59d03244b6f68c34c06 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 17 Jan 2020 23:01:10 +0000 Subject: [PATCH 144/387] "-Synchronized-Data." --- 2019/2xxx/CVE-2019-2745.json | 5 ++++ 2019/2xxx/CVE-2019-2762.json | 5 ++++ 2019/2xxx/CVE-2019-2766.json | 5 ++++ 2019/2xxx/CVE-2019-2769.json | 5 ++++ 2019/2xxx/CVE-2019-2786.json | 5 ++++ 2019/2xxx/CVE-2019-2816.json | 5 ++++ 2019/2xxx/CVE-2019-2842.json | 5 ++++ 2019/7xxx/CVE-2019-7317.json | 5 ++++ 2020/7xxx/CVE-2020-7104.json | 56 ++++++++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7218.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7219.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7220.json | 18 ++++++++++++ 12 files changed, 144 insertions(+), 6 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7218.json create mode 100644 2020/7xxx/CVE-2020-7219.json create mode 100644 2020/7xxx/CVE-2020-7220.json diff --git a/2019/2xxx/CVE-2019-2745.json b/2019/2xxx/CVE-2019-2745.json index 279ceb2c5da..3371b4dcaf9 100644 --- a/2019/2xxx/CVE-2019-2745.json +++ b/2019/2xxx/CVE-2019-2745.json @@ -82,6 +82,11 @@ "refsource": "CONFIRM", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us" } ] } diff --git a/2019/2xxx/CVE-2019-2762.json b/2019/2xxx/CVE-2019-2762.json index 7ab8b95b075..795c73f8236 100644 --- a/2019/2xxx/CVE-2019-2762.json +++ b/2019/2xxx/CVE-2019-2762.json @@ -121,6 +121,11 @@ "refsource": "CONFIRM", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us" } ] } diff --git a/2019/2xxx/CVE-2019-2766.json b/2019/2xxx/CVE-2019-2766.json index 731e0b263c0..0007f20bd74 100644 --- a/2019/2xxx/CVE-2019-2766.json +++ b/2019/2xxx/CVE-2019-2766.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us" } ] } diff --git a/2019/2xxx/CVE-2019-2769.json b/2019/2xxx/CVE-2019-2769.json index ca5039a0205..fdccdc59e86 100644 --- a/2019/2xxx/CVE-2019-2769.json +++ b/2019/2xxx/CVE-2019-2769.json @@ -121,6 +121,11 @@ "refsource": "CONFIRM", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us" } ] } diff --git a/2019/2xxx/CVE-2019-2786.json b/2019/2xxx/CVE-2019-2786.json index ea2aadd3b45..bf39e9f506b 100644 --- a/2019/2xxx/CVE-2019-2786.json +++ b/2019/2xxx/CVE-2019-2786.json @@ -101,6 +101,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2737", "url": "https://access.redhat.com/errata/RHSA-2019:2737" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us" } ] } diff --git a/2019/2xxx/CVE-2019-2816.json b/2019/2xxx/CVE-2019-2816.json index 02311e4c2c6..6b9a9afe5a7 100644 --- a/2019/2xxx/CVE-2019-2816.json +++ b/2019/2xxx/CVE-2019-2816.json @@ -121,6 +121,11 @@ "refsource": "CONFIRM", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us" } ] } diff --git a/2019/2xxx/CVE-2019-2842.json b/2019/2xxx/CVE-2019-2842.json index f8f64acb73d..e0d436373ff 100644 --- a/2019/2xxx/CVE-2019-2842.json +++ b/2019/2xxx/CVE-2019-2842.json @@ -72,6 +72,11 @@ "refsource": "CONFIRM", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us" } ] } diff --git a/2019/7xxx/CVE-2019-7317.json b/2019/7xxx/CVE-2019-7317.json index 9a61650e87a..649aca1e1e8 100644 --- a/2019/7xxx/CVE-2019-7317.json +++ b/2019/7xxx/CVE-2019-7317.json @@ -246,6 +246,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2737", "url": "https://access.redhat.com/errata/RHSA-2019:2737" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us" } ] } diff --git a/2020/7xxx/CVE-2020-7104.json b/2020/7xxx/CVE-2020-7104.json index 4d6e602aca0..466c64f6dbe 100644 --- a/2020/7xxx/CVE-2020-7104.json +++ b/2020/7xxx/CVE-2020-7104.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7104", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7104", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10029", + "url": "https://wpvulndb.com/vulnerabilities/10029" } ] } diff --git a/2020/7xxx/CVE-2020-7218.json b/2020/7xxx/CVE-2020-7218.json new file mode 100644 index 00000000000..b03dad700ed --- /dev/null +++ b/2020/7xxx/CVE-2020-7218.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7218", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7219.json b/2020/7xxx/CVE-2020-7219.json new file mode 100644 index 00000000000..aab3e9a0042 --- /dev/null +++ b/2020/7xxx/CVE-2020-7219.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7219", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7220.json b/2020/7xxx/CVE-2020-7220.json new file mode 100644 index 00000000000..c54742caae0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7220.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7220", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From b56ec8daff93dca66e1ee3f74ff0fa6dca6168a7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 18 Jan 2020 00:01:13 +0000 Subject: [PATCH 145/387] "-Synchronized-Data." --- 2019/15xxx/CVE-2019-15625.json | 144 +++++++++++++++++---------------- 2019/19xxx/CVE-2019-19696.json | 144 +++++++++++++++++---------------- 2019/19xxx/CVE-2019-19697.json | 128 +++++++++++++++-------------- 2019/20xxx/CVE-2019-20357.json | 128 +++++++++++++++-------------- 2020/7xxx/CVE-2020-7221.json | 18 +++++ 2020/7xxx/CVE-2020-7222.json | 62 ++++++++++++++ 2020/7xxx/CVE-2020-7223.json | 18 +++++ 7 files changed, 382 insertions(+), 260 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7221.json create mode 100644 2020/7xxx/CVE-2020-7222.json create mode 100644 2020/7xxx/CVE-2020-7223.json diff --git a/2019/15xxx/CVE-2019-15625.json b/2019/15xxx/CVE-2019-15625.json index b55f350dc88..e556dcfedae 100644 --- a/2019/15xxx/CVE-2019-15625.json +++ b/2019/15xxx/CVE-2019-15625.json @@ -1,69 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2019-15625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Password Manager", - "version" : { - "version_data" : [ - { - "version_value" : "3.8.0.1103 and below " - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information. " - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Usage" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123595.aspx" - }, - { - "url" : "https://jvn.jp/en/jp/JVN49593434/index.html" - }, - { - "url" : "https://esupport.trendmicro.com/support/pwm/solution/ja-jp/1123614.aspx" - }, - { - "url" : "https://jvn.jp/jp/JVN49593434/index.html" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2019-15625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Password Manager", + "version": { + "version_data": [ + { + "version_value": "3.8.0.1103 and below " + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Usage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123595.aspx", + "refsource": "MISC", + "name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123595.aspx" + }, + { + "url": "https://jvn.jp/en/jp/JVN49593434/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN49593434/index.html" + }, + { + "url": "https://esupport.trendmicro.com/support/pwm/solution/ja-jp/1123614.aspx", + "refsource": "MISC", + "name": "https://esupport.trendmicro.com/support/pwm/solution/ja-jp/1123614.aspx" + }, + { + "url": "https://jvn.jp/jp/JVN49593434/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/jp/JVN49593434/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19696.json b/2019/19xxx/CVE-2019-19696.json index 5f95e874446..16111ea2911 100644 --- a/2019/19xxx/CVE-2019-19696.json +++ b/2019/19xxx/CVE-2019-19696.json @@ -1,69 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2019-19696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Password Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.0.1076 and below (Windows) and 5.0.1047 and below (Mac)" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites. " - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "RootCA Access" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124092.aspx" - }, - { - "url" : "https://jvn.jp/en/jp/JVN37183636/index.html" - }, - { - "url" : "https://esupport.trendmicro.com/support/pwm/solution/ja-jp/1124091.aspx" - }, - { - "url" : "https://jvn.jp/jp/JVN37183636/index.html" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2019-19696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Password Manager", + "version": { + "version_data": [ + { + "version_value": "5.0.0.1076 and below (Windows) and 5.0.1047 and below (Mac)" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "RootCA Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124092.aspx", + "refsource": "MISC", + "name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124092.aspx" + }, + { + "url": "https://jvn.jp/en/jp/JVN37183636/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN37183636/index.html" + }, + { + "url": "https://esupport.trendmicro.com/support/pwm/solution/ja-jp/1124091.aspx", + "refsource": "MISC", + "name": "https://esupport.trendmicro.com/support/pwm/solution/ja-jp/1124091.aspx" + }, + { + "url": "https://jvn.jp/jp/JVN37183636/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/jp/JVN37183636/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19697.json b/2019/19xxx/CVE-2019-19697.json index 4b74f4f3d78..316910626e7 100644 --- a/2019/19xxx/CVE-2019-19697.json +++ b/2019/19xxx/CVE-2019-19697.json @@ -1,63 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2019-19697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Security (Consumer)", - "version" : { - "version_data" : [ - { - "version_value" : "2019 (v15) " - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Arbitrary Code Execution" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx" - }, - { - "url" : "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2019-19697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Security (Consumer)", + "version": { + "version_data": [ + { + "version_value": "2019 (v15) " + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx", + "refsource": "MISC", + "name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx" + }, + { + "url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt", + "refsource": "MISC", + "name": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20357.json b/2019/20xxx/CVE-2019-20357.json index 3d44dfa6b6c..c8f0b4aeef6 100644 --- a/2019/20xxx/CVE-2019-20357.json +++ b/2019/20xxx/CVE-2019-20357.json @@ -1,63 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2019-20357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Security (Consumer)", - "version" : { - "version_data" : [ - { - "version_value" : "2019 (v15) and 2020 (v16) " - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Persistent Arbitrary Code Execution" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx" - }, - { - "url" : "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2019-20357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Security (Consumer)", + "version": { + "version_data": [ + { + "version_value": "2019 (v15) and 2020 (v16) " + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Persistent Arbitrary Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx", + "refsource": "MISC", + "name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx" + }, + { + "url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt", + "refsource": "MISC", + "name": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7221.json b/2020/7xxx/CVE-2020-7221.json new file mode 100644 index 00000000000..a7dc9e435e4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7221.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7221", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7222.json b/2020/7xxx/CVE-2020-7222.json new file mode 100644 index 00000000000..511b9c00655 --- /dev/null +++ b/2020/7xxx/CVE-2020-7222.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript when one tries to authenticate. An attacker who changes the result parameter (to true) in this JavaScript code can bypass authentication and achieve limited privileges (ability to see every option but not modify them)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/amcrest-2520ac0018r-login-bypass.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/amcrest-2520ac0018r-login-bypass.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7223.json b/2020/7xxx/CVE-2020-7223.json new file mode 100644 index 00000000000..8d7011afb37 --- /dev/null +++ b/2020/7xxx/CVE-2020-7223.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7223", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 8747a2f253ecc4fc5fcb32c4a4da9a6902d3747f Mon Sep 17 00:00:00 2001 From: Bill Situ Date: Fri, 17 Jan 2020 16:15:42 -0800 Subject: [PATCH 146/387] Bill Situ Update description of two Oracle issued CVEs. On branch cna/Oracle/GraalVMCVEs Changes to be committed: modified: 2019/2xxx/CVE-2019-2989.json modified: 2020/2xxx/CVE-2020-2604.json --- 2019/2xxx/CVE-2019-2989.json | 5 ++--- 2020/2xxx/CVE-2020-2604.json | 4 ++-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/2019/2xxx/CVE-2019-2989.json b/2019/2xxx/CVE-2019-2989.json index c526223ef2c..355d0b5b644 100644 --- a/2019/2xxx/CVE-2019-2989.json +++ b/2019/2xxx/CVE-2019-2989.json @@ -39,8 +39,7 @@ "description_data": [ { "lang": "eng", - "value": "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java). The supported version that is affected is 19.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM Enterprise Edition accessible data. CVSS 3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)." - } + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)."} ] }, "problemtype": { @@ -49,7 +48,7 @@ "description": [ { "lang": "eng", - "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM Enterprise Edition accessible data." + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data." } ] } diff --git a/2020/2xxx/CVE-2020-2604.json b/2020/2xxx/CVE-2020-2604.json index daa7623c3e8..6407da7d845 100644 --- a/2020/2xxx/CVE-2020-2604.json +++ b/2020/2xxx/CVE-2020-2604.json @@ -39,7 +39,7 @@ "description_data": [ { "lang": "eng", - "value": "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java). The supported version that is affected is 19.3.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition. Note: GraalVM Enterprise 19.3 and above includes both Java SE 8 and Java SE 11. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)." + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)." } ] }, @@ -49,7 +49,7 @@ "description": [ { "lang": "eng", - "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition." + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded." } ] } From b45ae5302b5911110a32149d246609bc0554a3ae Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 18 Jan 2020 01:01:13 +0000 Subject: [PATCH 147/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7224.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7225.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7226.json | 18 ++++++++++++++++++ 3 files changed, 54 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7224.json create mode 100644 2020/7xxx/CVE-2020-7225.json create mode 100644 2020/7xxx/CVE-2020-7226.json diff --git a/2020/7xxx/CVE-2020-7224.json b/2020/7xxx/CVE-2020-7224.json new file mode 100644 index 00000000000..71bfe4a64d8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7224.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7224", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7225.json b/2020/7xxx/CVE-2020-7225.json new file mode 100644 index 00000000000..0a78ef357f2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7225.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7225", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7226.json b/2020/7xxx/CVE-2020-7226.json new file mode 100644 index 00000000000..7399af5e290 --- /dev/null +++ b/2020/7xxx/CVE-2020-7226.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7226", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From c56d48a2223e9ebda7522561a4b74926dfc6163e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 18 Jan 2020 07:01:15 +0000 Subject: [PATCH 148/387] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10220.json | 5 +++++ 2019/14xxx/CVE-2019-14895.json | 5 +++++ 2019/14xxx/CVE-2019-14896.json | 5 +++++ 2019/14xxx/CVE-2019-14897.json | 5 +++++ 2019/14xxx/CVE-2019-14901.json | 5 +++++ 2019/15xxx/CVE-2019-15098.json | 5 +++++ 2019/15xxx/CVE-2019-15217.json | 5 +++++ 2019/15xxx/CVE-2019-15291.json | 5 +++++ 2019/15xxx/CVE-2019-15505.json | 5 +++++ 2019/16xxx/CVE-2019-16746.json | 5 +++++ 2019/17xxx/CVE-2019-17052.json | 5 +++++ 2019/17xxx/CVE-2019-17053.json | 5 +++++ 2019/17xxx/CVE-2019-17054.json | 5 +++++ 2019/17xxx/CVE-2019-17055.json | 5 +++++ 2019/17xxx/CVE-2019-17056.json | 5 +++++ 2019/17xxx/CVE-2019-17133.json | 5 +++++ 2019/17xxx/CVE-2019-17666.json | 5 +++++ 2019/19xxx/CVE-2019-19051.json | 5 +++++ 2019/19xxx/CVE-2019-19052.json | 5 +++++ 2019/19xxx/CVE-2019-19056.json | 5 +++++ 2019/19xxx/CVE-2019-19057.json | 5 +++++ 2019/19xxx/CVE-2019-19062.json | 5 +++++ 2019/19xxx/CVE-2019-19066.json | 5 +++++ 2019/19xxx/CVE-2019-19227.json | 5 +++++ 2019/19xxx/CVE-2019-19332.json | 5 +++++ 2019/19xxx/CVE-2019-19523.json | 5 +++++ 2019/19xxx/CVE-2019-19524.json | 5 +++++ 2019/19xxx/CVE-2019-19527.json | 5 +++++ 2019/19xxx/CVE-2019-19530.json | 5 +++++ 2019/19xxx/CVE-2019-19531.json | 5 +++++ 2019/19xxx/CVE-2019-19532.json | 5 +++++ 2019/19xxx/CVE-2019-19533.json | 5 +++++ 2019/19xxx/CVE-2019-19534.json | 5 +++++ 2019/19xxx/CVE-2019-19536.json | 5 +++++ 2019/19xxx/CVE-2019-19537.json | 5 +++++ 2019/19xxx/CVE-2019-19767.json | 5 +++++ 2019/19xxx/CVE-2019-19922.json | 5 +++++ 2019/19xxx/CVE-2019-19947.json | 5 +++++ 2019/19xxx/CVE-2019-19965.json | 5 +++++ 2019/19xxx/CVE-2019-19966.json | 5 +++++ 2019/2xxx/CVE-2019-2215.json | 5 +++++ 41 files changed, 205 insertions(+) diff --git a/2019/10xxx/CVE-2019-10220.json b/2019/10xxx/CVE-2019-10220.json index 79db383d18c..1640900e822 100644 --- a/2019/10xxx/CVE-2019-10220.json +++ b/2019/10xxx/CVE-2019-10220.json @@ -58,6 +58,11 @@ "refsource": "UBUNTU", "name": "USN-4226-1", "url": "https://usn.ubuntu.com/4226-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] }, diff --git a/2019/14xxx/CVE-2019-14895.json b/2019/14xxx/CVE-2019-14895.json index 3c3b4a75565..e663739a87f 100644 --- a/2019/14xxx/CVE-2019-14895.json +++ b/2019/14xxx/CVE-2019-14895.json @@ -103,6 +103,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html", "url": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] }, diff --git a/2019/14xxx/CVE-2019-14896.json b/2019/14xxx/CVE-2019-14896.json index b6c8d169546..64680ea3618 100644 --- a/2019/14xxx/CVE-2019-14896.json +++ b/2019/14xxx/CVE-2019-14896.json @@ -98,6 +98,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html", "url": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] }, diff --git a/2019/14xxx/CVE-2019-14897.json b/2019/14xxx/CVE-2019-14897.json index a64bdbf7888..cb7cb17c078 100644 --- a/2019/14xxx/CVE-2019-14897.json +++ b/2019/14xxx/CVE-2019-14897.json @@ -93,6 +93,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html", "url": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] }, diff --git a/2019/14xxx/CVE-2019-14901.json b/2019/14xxx/CVE-2019-14901.json index b101e3af82c..b2b63069905 100644 --- a/2019/14xxx/CVE-2019-14901.json +++ b/2019/14xxx/CVE-2019-14901.json @@ -106,6 +106,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html", "url": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] }, diff --git a/2019/15xxx/CVE-2019-15098.json b/2019/15xxx/CVE-2019-15098.json index 986a479df14..8a9712b2c3e 100644 --- a/2019/15xxx/CVE-2019-15098.json +++ b/2019/15xxx/CVE-2019-15098.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4186-2", "url": "https://usn.ubuntu.com/4186-2/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/15xxx/CVE-2019-15217.json b/2019/15xxx/CVE-2019-15217.json index 5ce535ccbf8..9e101f255a3 100644 --- a/2019/15xxx/CVE-2019-15217.json +++ b/2019/15xxx/CVE-2019-15217.json @@ -111,6 +111,11 @@ "refsource": "UBUNTU", "name": "USN-4147-1", "url": "https://usn.ubuntu.com/4147-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/15xxx/CVE-2019-15291.json b/2019/15xxx/CVE-2019-15291.json index a1ce61a33e8..c7d5329debc 100644 --- a/2019/15xxx/CVE-2019-15291.json +++ b/2019/15xxx/CVE-2019-15291.json @@ -91,6 +91,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/15xxx/CVE-2019-15505.json b/2019/15xxx/CVE-2019-15505.json index f2e0836b5ed..f276af7e556 100644 --- a/2019/15xxx/CVE-2019-15505.json +++ b/2019/15xxx/CVE-2019-15505.json @@ -131,6 +131,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/16xxx/CVE-2019-16746.json b/2019/16xxx/CVE-2019-16746.json index 501985ae08d..cc5f56b51cf 100644 --- a/2019/16xxx/CVE-2019-16746.json +++ b/2019/16xxx/CVE-2019-16746.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-4210-1", "url": "https://usn.ubuntu.com/4210-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/17xxx/CVE-2019-17052.json b/2019/17xxx/CVE-2019-17052.json index aeb9d5b8dc2..80c24f7fa65 100644 --- a/2019/17xxx/CVE-2019-17052.json +++ b/2019/17xxx/CVE-2019-17052.json @@ -101,6 +101,11 @@ "refsource": "UBUNTU", "name": "USN-4186-2", "url": "https://usn.ubuntu.com/4186-2/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/17xxx/CVE-2019-17053.json b/2019/17xxx/CVE-2019-17053.json index 01dc4a64f66..c533263acb8 100644 --- a/2019/17xxx/CVE-2019-17053.json +++ b/2019/17xxx/CVE-2019-17053.json @@ -101,6 +101,11 @@ "refsource": "UBUNTU", "name": "USN-4186-2", "url": "https://usn.ubuntu.com/4186-2/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/17xxx/CVE-2019-17054.json b/2019/17xxx/CVE-2019-17054.json index 11e706f8d33..a22a40f6f43 100644 --- a/2019/17xxx/CVE-2019-17054.json +++ b/2019/17xxx/CVE-2019-17054.json @@ -101,6 +101,11 @@ "refsource": "UBUNTU", "name": "USN-4186-2", "url": "https://usn.ubuntu.com/4186-2/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/17xxx/CVE-2019-17055.json b/2019/17xxx/CVE-2019-17055.json index 39de85dbaa0..910f70d49ec 100644 --- a/2019/17xxx/CVE-2019-17055.json +++ b/2019/17xxx/CVE-2019-17055.json @@ -111,6 +111,11 @@ "refsource": "UBUNTU", "name": "USN-4186-2", "url": "https://usn.ubuntu.com/4186-2/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/17xxx/CVE-2019-17056.json b/2019/17xxx/CVE-2019-17056.json index 336f107e1c4..76d62da6a93 100644 --- a/2019/17xxx/CVE-2019-17056.json +++ b/2019/17xxx/CVE-2019-17056.json @@ -111,6 +111,11 @@ "refsource": "UBUNTU", "name": "USN-4186-2", "url": "https://usn.ubuntu.com/4186-2/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/17xxx/CVE-2019-17133.json b/2019/17xxx/CVE-2019-17133.json index edd574200a6..2f5c4e4d3d9 100644 --- a/2019/17xxx/CVE-2019-17133.json +++ b/2019/17xxx/CVE-2019-17133.json @@ -106,6 +106,11 @@ "refsource": "UBUNTU", "name": "USN-4226-1", "url": "https://usn.ubuntu.com/4226-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/17xxx/CVE-2019-17666.json b/2019/17xxx/CVE-2019-17666.json index c7651ad862e..8188644b1a7 100644 --- a/2019/17xxx/CVE-2019-17666.json +++ b/2019/17xxx/CVE-2019-17666.json @@ -111,6 +111,11 @@ "refsource": "UBUNTU", "name": "USN-4186-2", "url": "https://usn.ubuntu.com/4186-2/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19051.json b/2019/19xxx/CVE-2019-19051.json index bc4d4cca829..2c57fdb32ce 100644 --- a/2019/19xxx/CVE-2019-19051.json +++ b/2019/19xxx/CVE-2019-19051.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4225-1", "url": "https://usn.ubuntu.com/4225-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19052.json b/2019/19xxx/CVE-2019-19052.json index 7f12b2e780c..c3c8bf73f49 100644 --- a/2019/19xxx/CVE-2019-19052.json +++ b/2019/19xxx/CVE-2019-19052.json @@ -101,6 +101,11 @@ "refsource": "UBUNTU", "name": "USN-4227-2", "url": "https://usn.ubuntu.com/4227-2/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19056.json b/2019/19xxx/CVE-2019-19056.json index ebbedb015ed..4d4618235d6 100644 --- a/2019/19xxx/CVE-2019-19056.json +++ b/2019/19xxx/CVE-2019-19056.json @@ -76,6 +76,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2675", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19057.json b/2019/19xxx/CVE-2019-19057.json index 78a5234d779..55bfee4a1ce 100644 --- a/2019/19xxx/CVE-2019-19057.json +++ b/2019/19xxx/CVE-2019-19057.json @@ -86,6 +86,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19062.json b/2019/19xxx/CVE-2019-19062.json index 42e9ebb3e4b..3a62450758c 100644 --- a/2019/19xxx/CVE-2019-19062.json +++ b/2019/19xxx/CVE-2019-19062.json @@ -86,6 +86,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19066.json b/2019/19xxx/CVE-2019-19066.json index 3d240be536a..3a80a3b7c3d 100644 --- a/2019/19xxx/CVE-2019-19066.json +++ b/2019/19xxx/CVE-2019-19066.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191205-0001/", "url": "https://security.netapp.com/advisory/ntap-20191205-0001/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19227.json b/2019/19xxx/CVE-2019-19227.json index 169d3cc68f2..78774620aef 100644 --- a/2019/19xxx/CVE-2019-19227.json +++ b/2019/19xxx/CVE-2019-19227.json @@ -81,6 +81,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19332.json b/2019/19xxx/CVE-2019-19332.json index 523e9990356..6f5343e2b2f 100644 --- a/2019/19xxx/CVE-2019-19332.json +++ b/2019/19xxx/CVE-2019-19332.json @@ -63,6 +63,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] }, diff --git a/2019/19xxx/CVE-2019-19523.json b/2019/19xxx/CVE-2019-19523.json index 727ed028ff2..f6c689cd2c5 100644 --- a/2019/19xxx/CVE-2019-19523.json +++ b/2019/19xxx/CVE-2019-19523.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3", "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19524.json b/2019/19xxx/CVE-2019-19524.json index bceeab265ca..772c1b585c9 100644 --- a/2019/19xxx/CVE-2019-19524.json +++ b/2019/19xxx/CVE-2019-19524.json @@ -111,6 +111,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19527.json b/2019/19xxx/CVE-2019-19527.json index c42cebd6c07..e146bc5f571 100644 --- a/2019/19xxx/CVE-2019-19527.json +++ b/2019/19xxx/CVE-2019-19527.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3", "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19530.json b/2019/19xxx/CVE-2019-19530.json index 30c5402e426..93bd90d9db3 100644 --- a/2019/19xxx/CVE-2019-19530.json +++ b/2019/19xxx/CVE-2019-19530.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2675", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19531.json b/2019/19xxx/CVE-2019-19531.json index ca958738b28..7eba13e1355 100644 --- a/2019/19xxx/CVE-2019-19531.json +++ b/2019/19xxx/CVE-2019-19531.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2675", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19532.json b/2019/19xxx/CVE-2019-19532.json index bd756cbdedb..1008a7c2d49 100644 --- a/2019/19xxx/CVE-2019-19532.json +++ b/2019/19xxx/CVE-2019-19532.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4226-1", "url": "https://usn.ubuntu.com/4226-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19533.json b/2019/19xxx/CVE-2019-19533.json index f2928d5f37e..9b46eaa870b 100644 --- a/2019/19xxx/CVE-2019-19533.json +++ b/2019/19xxx/CVE-2019-19533.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3", "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19534.json b/2019/19xxx/CVE-2019-19534.json index 726027bef89..cfa9c4a5d9d 100644 --- a/2019/19xxx/CVE-2019-19534.json +++ b/2019/19xxx/CVE-2019-19534.json @@ -101,6 +101,11 @@ "refsource": "UBUNTU", "name": "USN-4227-2", "url": "https://usn.ubuntu.com/4227-2/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19536.json b/2019/19xxx/CVE-2019-19536.json index 385b75e8a40..672623d1064 100644 --- a/2019/19xxx/CVE-2019-19536.json +++ b/2019/19xxx/CVE-2019-19536.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2675", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19537.json b/2019/19xxx/CVE-2019-19537.json index 56d5284d080..4984c595131 100644 --- a/2019/19xxx/CVE-2019-19537.json +++ b/2019/19xxx/CVE-2019-19537.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3", "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19767.json b/2019/19xxx/CVE-2019-19767.json index 2837195719d..a4e723eed0d 100644 --- a/2019/19xxx/CVE-2019-19767.json +++ b/2019/19xxx/CVE-2019-19767.json @@ -81,6 +81,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200103-0001/", "url": "https://security.netapp.com/advisory/ntap-20200103-0001/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19922.json b/2019/19xxx/CVE-2019-19922.json index 84e358f44f5..1622e47f9c2 100644 --- a/2019/19xxx/CVE-2019-19922.json +++ b/2019/19xxx/CVE-2019-19922.json @@ -81,6 +81,11 @@ "refsource": "UBUNTU", "name": "USN-4226-1", "url": "https://usn.ubuntu.com/4226-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19947.json b/2019/19xxx/CVE-2019-19947.json index 0114fb7935d..ffcaaf51d77 100644 --- a/2019/19xxx/CVE-2019-19947.json +++ b/2019/19xxx/CVE-2019-19947.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191224 CVE-2019-19947: Linux kernel can: kvaser_usb: kvaser_usb_leaf: some info-leaks vulnerabilities", "url": "http://www.openwall.com/lists/oss-security/2019/12/24/1" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19965.json b/2019/19xxx/CVE-2019-19965.json index 089c9fcd22b..63402dc786f 100644 --- a/2019/19xxx/CVE-2019-19965.json +++ b/2019/19xxx/CVE-2019-19965.json @@ -56,6 +56,11 @@ "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f70267f379b5e5e11bdc5d72a56bf17e5feed01f", "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f70267f379b5e5e11bdc5d72a56bf17e5feed01f" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19966.json b/2019/19xxx/CVE-2019-19966.json index 561ada597e3..050a18239f5 100644 --- a/2019/19xxx/CVE-2019-19966.json +++ b/2019/19xxx/CVE-2019-19966.json @@ -61,6 +61,11 @@ "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dea37a97265588da604c6ba80160a287b72c7bfd", "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dea37a97265588da604c6ba80160a287b72c7bfd" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/2xxx/CVE-2019-2215.json b/2019/2xxx/CVE-2019-2215.json index b889ed2f856..666012bd671 100644 --- a/2019/2xxx/CVE-2019-2215.json +++ b/2019/2xxx/CVE-2019-2215.json @@ -83,6 +83,11 @@ "refsource": "UBUNTU", "name": "USN-4186-1", "url": "https://usn.ubuntu.com/4186-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] }, From cee3a0bb6d4edb83fc79a834bda4153e1f1b5f40 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 18 Jan 2020 12:01:08 +0000 Subject: [PATCH 149/387] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17016.json | 5 +++++ 2019/17xxx/CVE-2019-17017.json | 5 +++++ 2019/17xxx/CVE-2019-17022.json | 5 +++++ 2019/17xxx/CVE-2019-17024.json | 5 +++++ 4 files changed, 20 insertions(+) diff --git a/2019/17xxx/CVE-2019-17016.json b/2019/17xxx/CVE-2019-17016.json index 883b9e8daaa..50fc3c6ecaa 100644 --- a/2019/17xxx/CVE-2019-17016.json +++ b/2019/17xxx/CVE-2019-17016.json @@ -138,6 +138,11 @@ "refsource": "UBUNTU", "name": "USN-4241-1", "url": "https://usn.ubuntu.com/4241-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4603", + "url": "https://www.debian.org/security/2020/dsa-4603" } ] }, diff --git a/2019/17xxx/CVE-2019-17017.json b/2019/17xxx/CVE-2019-17017.json index 36d62b36c8b..d0a55958218 100644 --- a/2019/17xxx/CVE-2019-17017.json +++ b/2019/17xxx/CVE-2019-17017.json @@ -138,6 +138,11 @@ "refsource": "UBUNTU", "name": "USN-4241-1", "url": "https://usn.ubuntu.com/4241-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4603", + "url": "https://www.debian.org/security/2020/dsa-4603" } ] }, diff --git a/2019/17xxx/CVE-2019-17022.json b/2019/17xxx/CVE-2019-17022.json index c6629e5e5cc..fe8e17362a8 100644 --- a/2019/17xxx/CVE-2019-17022.json +++ b/2019/17xxx/CVE-2019-17022.json @@ -138,6 +138,11 @@ "refsource": "UBUNTU", "name": "USN-4241-1", "url": "https://usn.ubuntu.com/4241-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4603", + "url": "https://www.debian.org/security/2020/dsa-4603" } ] }, diff --git a/2019/17xxx/CVE-2019-17024.json b/2019/17xxx/CVE-2019-17024.json index 93ef8be30f2..b8fd9c72449 100644 --- a/2019/17xxx/CVE-2019-17024.json +++ b/2019/17xxx/CVE-2019-17024.json @@ -138,6 +138,11 @@ "refsource": "UBUNTU", "name": "USN-4241-1", "url": "https://usn.ubuntu.com/4241-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4603", + "url": "https://www.debian.org/security/2020/dsa-4603" } ] }, From 3897ecd238238d088e9a71d3b95f6d5e61453b40 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 18 Jan 2020 16:01:03 +0000 Subject: [PATCH 150/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7106.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2020/7xxx/CVE-2020-7106.json b/2020/7xxx/CVE-2020-7106.json index 22abc15978c..f0c7f1ae1d8 100644 --- a/2020/7xxx/CVE-2020-7106.json +++ b/2020/7xxx/CVE-2020-7106.json @@ -56,6 +56,11 @@ "url": "https://github.com/Cacti/cacti/issues/3191", "refsource": "MISC", "name": "https://github.com/Cacti/cacti/issues/3191" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2069-1] cacti security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00014.html" } ] } From 9fb83b929769de7be18e1a191b84c8d0781f75d0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 18 Jan 2020 19:01:09 +0000 Subject: [PATCH 151/387] "-Synchronized-Data." --- 2020/5xxx/CVE-2020-5204.json | 5 +++ 2020/7xxx/CVE-2020-7227.json | 62 ++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7227.json diff --git a/2020/5xxx/CVE-2020-5204.json b/2020/5xxx/CVE-2020-5204.json index e0206afe98a..c5583dff36e 100644 --- a/2020/5xxx/CVE-2020-5204.json +++ b/2020/5xxx/CVE-2020-5204.json @@ -78,6 +78,11 @@ "name": "https://github.com/troglobit/uftpd/commit/0fb2c031ce0ace07cc19cd2cb2143c4b5a63c9dd", "refsource": "MISC", "url": "https://github.com/troglobit/uftpd/commit/0fb2c031ce0ace07cc19cd2cb2143c4b5a63c9dd" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0069", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00034.html" } ] }, diff --git a/2020/7xxx/CVE-2020-7227.json b/2020/7xxx/CVE-2020-7227.json new file mode 100644 index 00000000000..e6efafa4417 --- /dev/null +++ b/2020/7xxx/CVE-2020-7227.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, backup.asp, sys-power.asp, ifaces-wls.asp, ifaces-wls-pkt.asp, and ifaces-wls-pkt-adv.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/westermo-source-code-disclousure-in.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/westermo-source-code-disclousure-in.html" + } + ] + } +} \ No newline at end of file From 07d9c19fe612cff10430062208bdf66d619c6b8c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 18 Jan 2020 21:01:08 +0000 Subject: [PATCH 152/387] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17571.json | 30 ++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20330.json | 15 +++++++++++++++ 2019/3xxx/CVE-2019-3826.json | 15 +++++++++++++++ 3 files changed, 60 insertions(+) diff --git a/2019/17xxx/CVE-2019-17571.json b/2019/17xxx/CVE-2019-17571.json index 0cc132fb3de..7c18ce7f8ae 100644 --- a/2019/17xxx/CVE-2019-17571.json +++ b/2019/17xxx/CVE-2019-17571.json @@ -198,6 +198,36 @@ "refsource": "MLIST", "name": "[tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", "url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-commits] 20200118 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url": "https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-dev] 20200118 Build failed in Jenkins: zookeeper-master-maven-owasp #329", + "url": "https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d@%3Cdev.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-commits] 20200118 [zookeeper] branch master updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url": "https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20200118 [GitHub] [zookeeper] asfgit closed pull request #1209: ZOOKEEPER-3677 owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url": "https://lists.apache.org/thread.html/rc17d8491beee51607693019857e41e769795366b85be00aa2f4b3159@%3Cnotifications.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-commits] 20200118 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url": "https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200118 [jira] [Resolved] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url": "https://lists.apache.org/thread.html/rd6254837403e8cbfc7018baa9be29705f3f06bd007c83708f9a97679@%3Cissues.zookeeper.apache.org%3E" } ] }, diff --git a/2019/20xxx/CVE-2019-20330.json b/2019/20xxx/CVE-2019-20330.json index b58459f1bb6..0344fbf0d28 100644 --- a/2019/20xxx/CVE-2019-20330.json +++ b/2019/20xxx/CVE-2019-20330.json @@ -86,6 +86,21 @@ "refsource": "MLIST", "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-dev] 20200118 Build failed in Jenkins: zookeeper-master-maven-owasp #329", + "url": "https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d@%3Cdev.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-dev] 20200118 [jira] [Created] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393@%3Cdev.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200118 [jira] [Created] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95@%3Cissues.zookeeper.apache.org%3E" } ] } diff --git a/2019/3xxx/CVE-2019-3826.json b/2019/3xxx/CVE-2019-3826.json index 0118b9b660d..9047460d827 100644 --- a/2019/3xxx/CVE-2019-3826.json +++ b/2019/3xxx/CVE-2019-3826.json @@ -63,6 +63,21 @@ "refsource": "REDHAT", "name": "RHBA-2019:0327", "url": "https://access.redhat.com/errata/RHBA-2019:0327" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-commits] 20200118 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url": "https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-commits] 20200118 [zookeeper] branch master updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url": "https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-commits] 20200118 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url": "https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E" } ] }, From e4c37e796d2deb1ce5f7b374d30da648193dffdc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 18 Jan 2020 23:01:05 +0000 Subject: [PATCH 153/387] "-Synchronized-Data." --- 2019/16xxx/CVE-2019-16782.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/16xxx/CVE-2019-16782.json b/2019/16xxx/CVE-2019-16782.json index 787399bca0e..15b5c03f102 100644 --- a/2019/16xxx/CVE-2019-16782.json +++ b/2019/16xxx/CVE-2019-16782.json @@ -93,6 +93,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191218 Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack", "url": "http://www.openwall.com/lists/oss-security/2019/12/19/3" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-57fc0d0156", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX/" } ] }, From 1e86eefe5ff6779a4e24283e0bb6c7ca0c56d8cc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 19 Jan 2020 00:01:05 +0000 Subject: [PATCH 154/387] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20330.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/20xxx/CVE-2019-20330.json b/2019/20xxx/CVE-2019-20330.json index 0344fbf0d28..334ba3642ed 100644 --- a/2019/20xxx/CVE-2019-20330.json +++ b/2019/20xxx/CVE-2019-20330.json @@ -101,6 +101,11 @@ "refsource": "MLIST", "name": "[zookeeper-issues] 20200118 [jira] [Created] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330", "url": "https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200118 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f@%3Cissues.zookeeper.apache.org%3E" } ] } From 75bf03b054b1d304cb95addcd2834041f49cb7b3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 19 Jan 2020 03:01:04 +0000 Subject: [PATCH 155/387] "-Synchronized-Data." --- 2019/13xxx/CVE-2019-13725.json | 5 +++++ 2019/13xxx/CVE-2019-13726.json | 5 +++++ 2019/13xxx/CVE-2019-13727.json | 5 +++++ 2019/13xxx/CVE-2019-13728.json | 5 +++++ 2019/13xxx/CVE-2019-13729.json | 5 +++++ 2019/13xxx/CVE-2019-13730.json | 5 +++++ 2019/13xxx/CVE-2019-13732.json | 5 +++++ 2019/13xxx/CVE-2019-13734.json | 5 +++++ 2019/13xxx/CVE-2019-13735.json | 5 +++++ 2019/13xxx/CVE-2019-13736.json | 5 +++++ 2019/13xxx/CVE-2019-13737.json | 5 +++++ 2019/13xxx/CVE-2019-13738.json | 5 +++++ 2019/13xxx/CVE-2019-13739.json | 5 +++++ 2019/13xxx/CVE-2019-13740.json | 5 +++++ 2019/13xxx/CVE-2019-13741.json | 5 +++++ 2019/13xxx/CVE-2019-13742.json | 5 +++++ 2019/13xxx/CVE-2019-13743.json | 5 +++++ 2019/13xxx/CVE-2019-13744.json | 5 +++++ 2019/13xxx/CVE-2019-13745.json | 5 +++++ 2019/13xxx/CVE-2019-13746.json | 5 +++++ 2019/13xxx/CVE-2019-13747.json | 5 +++++ 2019/13xxx/CVE-2019-13748.json | 5 +++++ 2019/13xxx/CVE-2019-13749.json | 5 +++++ 2019/13xxx/CVE-2019-13750.json | 5 +++++ 2019/13xxx/CVE-2019-13751.json | 5 +++++ 2019/13xxx/CVE-2019-13752.json | 5 +++++ 2019/13xxx/CVE-2019-13753.json | 5 +++++ 2019/13xxx/CVE-2019-13754.json | 5 +++++ 2019/13xxx/CVE-2019-13755.json | 5 +++++ 2019/13xxx/CVE-2019-13756.json | 5 +++++ 2019/13xxx/CVE-2019-13757.json | 5 +++++ 2019/13xxx/CVE-2019-13758.json | 5 +++++ 2019/13xxx/CVE-2019-13759.json | 5 +++++ 2019/13xxx/CVE-2019-13761.json | 5 +++++ 2019/13xxx/CVE-2019-13762.json | 5 +++++ 2019/13xxx/CVE-2019-13763.json | 5 +++++ 2019/13xxx/CVE-2019-13764.json | 5 +++++ 2019/13xxx/CVE-2019-13767.json | 5 +++++ 2020/6xxx/CVE-2020-6377.json | 5 +++++ 39 files changed, 195 insertions(+) diff --git a/2019/13xxx/CVE-2019-13725.json b/2019/13xxx/CVE-2019-13725.json index e7c96c26435..2a537500954 100644 --- a/2019/13xxx/CVE-2019-13725.json +++ b/2019/13xxx/CVE-2019-13725.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13726.json b/2019/13xxx/CVE-2019-13726.json index 942c52b697e..0ee63f06830 100644 --- a/2019/13xxx/CVE-2019-13726.json +++ b/2019/13xxx/CVE-2019-13726.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13727.json b/2019/13xxx/CVE-2019-13727.json index 74f24951fc7..445b84bae61 100644 --- a/2019/13xxx/CVE-2019-13727.json +++ b/2019/13xxx/CVE-2019-13727.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13728.json b/2019/13xxx/CVE-2019-13728.json index 7440141299e..a0ffdf37021 100644 --- a/2019/13xxx/CVE-2019-13728.json +++ b/2019/13xxx/CVE-2019-13728.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13729.json b/2019/13xxx/CVE-2019-13729.json index e44ec606fa6..463d6e25803 100644 --- a/2019/13xxx/CVE-2019-13729.json +++ b/2019/13xxx/CVE-2019-13729.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13730.json b/2019/13xxx/CVE-2019-13730.json index c5970bd4b7c..509bfd0afac 100644 --- a/2019/13xxx/CVE-2019-13730.json +++ b/2019/13xxx/CVE-2019-13730.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13732.json b/2019/13xxx/CVE-2019-13732.json index 211a4105cd6..b773153cb22 100644 --- a/2019/13xxx/CVE-2019-13732.json +++ b/2019/13xxx/CVE-2019-13732.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13734.json b/2019/13xxx/CVE-2019-13734.json index 9741e46255a..30e1653debb 100644 --- a/2019/13xxx/CVE-2019-13734.json +++ b/2019/13xxx/CVE-2019-13734.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13735.json b/2019/13xxx/CVE-2019-13735.json index f23ba985e89..e070f1f63ed 100644 --- a/2019/13xxx/CVE-2019-13735.json +++ b/2019/13xxx/CVE-2019-13735.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13736.json b/2019/13xxx/CVE-2019-13736.json index b9ced606afa..425b352fe3c 100644 --- a/2019/13xxx/CVE-2019-13736.json +++ b/2019/13xxx/CVE-2019-13736.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13737.json b/2019/13xxx/CVE-2019-13737.json index c55479d1a52..13870742e04 100644 --- a/2019/13xxx/CVE-2019-13737.json +++ b/2019/13xxx/CVE-2019-13737.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13738.json b/2019/13xxx/CVE-2019-13738.json index bcd71623e11..afcca5f1c35 100644 --- a/2019/13xxx/CVE-2019-13738.json +++ b/2019/13xxx/CVE-2019-13738.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13739.json b/2019/13xxx/CVE-2019-13739.json index 12f3c33a0fa..23d541bb9b8 100644 --- a/2019/13xxx/CVE-2019-13739.json +++ b/2019/13xxx/CVE-2019-13739.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13740.json b/2019/13xxx/CVE-2019-13740.json index 781063fda6d..50372274d5c 100644 --- a/2019/13xxx/CVE-2019-13740.json +++ b/2019/13xxx/CVE-2019-13740.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13741.json b/2019/13xxx/CVE-2019-13741.json index 68e4339cb6e..9f376288577 100644 --- a/2019/13xxx/CVE-2019-13741.json +++ b/2019/13xxx/CVE-2019-13741.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13742.json b/2019/13xxx/CVE-2019-13742.json index 1ac8839d8d2..6d888d3aabb 100644 --- a/2019/13xxx/CVE-2019-13742.json +++ b/2019/13xxx/CVE-2019-13742.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13743.json b/2019/13xxx/CVE-2019-13743.json index 7eb57a6f214..f9aa49fc589 100644 --- a/2019/13xxx/CVE-2019-13743.json +++ b/2019/13xxx/CVE-2019-13743.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13744.json b/2019/13xxx/CVE-2019-13744.json index 910a3aeeb06..b14d78ce4e5 100644 --- a/2019/13xxx/CVE-2019-13744.json +++ b/2019/13xxx/CVE-2019-13744.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13745.json b/2019/13xxx/CVE-2019-13745.json index 7393e4d408d..4fed4182a87 100644 --- a/2019/13xxx/CVE-2019-13745.json +++ b/2019/13xxx/CVE-2019-13745.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13746.json b/2019/13xxx/CVE-2019-13746.json index 5bad199d1ff..4841c468fb6 100644 --- a/2019/13xxx/CVE-2019-13746.json +++ b/2019/13xxx/CVE-2019-13746.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13747.json b/2019/13xxx/CVE-2019-13747.json index 959794f6214..f1243da0be9 100644 --- a/2019/13xxx/CVE-2019-13747.json +++ b/2019/13xxx/CVE-2019-13747.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13748.json b/2019/13xxx/CVE-2019-13748.json index c12543b9840..2168fa1882e 100644 --- a/2019/13xxx/CVE-2019-13748.json +++ b/2019/13xxx/CVE-2019-13748.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13749.json b/2019/13xxx/CVE-2019-13749.json index f081cf5f378..7dbae38c122 100644 --- a/2019/13xxx/CVE-2019-13749.json +++ b/2019/13xxx/CVE-2019-13749.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13750.json b/2019/13xxx/CVE-2019-13750.json index 4cc45a03d49..42a5fe4f1f5 100644 --- a/2019/13xxx/CVE-2019-13750.json +++ b/2019/13xxx/CVE-2019-13750.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13751.json b/2019/13xxx/CVE-2019-13751.json index 3c5d43c345a..1aea5a082bb 100644 --- a/2019/13xxx/CVE-2019-13751.json +++ b/2019/13xxx/CVE-2019-13751.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13752.json b/2019/13xxx/CVE-2019-13752.json index 8beca7b1be7..59a966e3192 100644 --- a/2019/13xxx/CVE-2019-13752.json +++ b/2019/13xxx/CVE-2019-13752.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13753.json b/2019/13xxx/CVE-2019-13753.json index 1c53e8cfa2b..fb242931605 100644 --- a/2019/13xxx/CVE-2019-13753.json +++ b/2019/13xxx/CVE-2019-13753.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13754.json b/2019/13xxx/CVE-2019-13754.json index 54c9a9052f8..a48d8af63e9 100644 --- a/2019/13xxx/CVE-2019-13754.json +++ b/2019/13xxx/CVE-2019-13754.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13755.json b/2019/13xxx/CVE-2019-13755.json index 26a33102892..236ffdc502c 100644 --- a/2019/13xxx/CVE-2019-13755.json +++ b/2019/13xxx/CVE-2019-13755.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13756.json b/2019/13xxx/CVE-2019-13756.json index dba43f55065..fe485fd5cbe 100644 --- a/2019/13xxx/CVE-2019-13756.json +++ b/2019/13xxx/CVE-2019-13756.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13757.json b/2019/13xxx/CVE-2019-13757.json index 899b6c51250..b826fe46dad 100644 --- a/2019/13xxx/CVE-2019-13757.json +++ b/2019/13xxx/CVE-2019-13757.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13758.json b/2019/13xxx/CVE-2019-13758.json index 2b52c3829fd..e64d953987d 100644 --- a/2019/13xxx/CVE-2019-13758.json +++ b/2019/13xxx/CVE-2019-13758.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13759.json b/2019/13xxx/CVE-2019-13759.json index fb691b12757..86c80b4757b 100644 --- a/2019/13xxx/CVE-2019-13759.json +++ b/2019/13xxx/CVE-2019-13759.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13761.json b/2019/13xxx/CVE-2019-13761.json index b66349dbe0a..c37d0ab3129 100644 --- a/2019/13xxx/CVE-2019-13761.json +++ b/2019/13xxx/CVE-2019-13761.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13762.json b/2019/13xxx/CVE-2019-13762.json index f45562ee8c0..bc52e36f4eb 100644 --- a/2019/13xxx/CVE-2019-13762.json +++ b/2019/13xxx/CVE-2019-13762.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13763.json b/2019/13xxx/CVE-2019-13763.json index 20bd2fe117f..814a431804c 100644 --- a/2019/13xxx/CVE-2019-13763.json +++ b/2019/13xxx/CVE-2019-13763.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13764.json b/2019/13xxx/CVE-2019-13764.json index fe507925e24..37942bec611 100644 --- a/2019/13xxx/CVE-2019-13764.json +++ b/2019/13xxx/CVE-2019-13764.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2019/13xxx/CVE-2019-13767.json b/2019/13xxx/CVE-2019-13767.json index e5fe6777c86..4a04985d580 100644 --- a/2019/13xxx/CVE-2019-13767.json +++ b/2019/13xxx/CVE-2019-13767.json @@ -59,6 +59,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0007", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00005.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, diff --git a/2020/6xxx/CVE-2020-6377.json b/2020/6xxx/CVE-2020-6377.json index 3d495d4219d..846d0c9cb44 100644 --- a/2020/6xxx/CVE-2020-6377.json +++ b/2020/6xxx/CVE-2020-6377.json @@ -79,6 +79,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0053", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" } ] }, From eb55ac16bb7d59748460ac2f5487a80e4c338f68 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 19 Jan 2020 05:01:08 +0000 Subject: [PATCH 156/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7228.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7228.json diff --git a/2020/7xxx/CVE-2020-7228.json b/2020/7xxx/CVE-2020-7228.json new file mode 100644 index 00000000000..ecc96b9c58c --- /dev/null +++ b/2020/7xxx/CVE-2020-7228.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7228", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 938eadc6ee1b542d2c0b599caf1b37751e82b964 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 19 Jan 2020 06:01:05 +0000 Subject: [PATCH 157/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7229.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7230.json | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7229.json create mode 100644 2020/7xxx/CVE-2020-7230.json diff --git a/2020/7xxx/CVE-2020-7229.json b/2020/7xxx/CVE-2020-7229.json new file mode 100644 index 00000000000..dd41e2d48c1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7229.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7229", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7230.json b/2020/7xxx/CVE-2020-7230.json new file mode 100644 index 00000000000..5cf623c4684 --- /dev/null +++ b/2020/7xxx/CVE-2020-7230.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7230", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 3e810205bdde6a5ea6b4d409e92abb6b26aee807 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 19 Jan 2020 15:01:03 +0000 Subject: [PATCH 158/387] "-Synchronized-Data." --- 2019/16xxx/CVE-2019-16779.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/16xxx/CVE-2019-16779.json b/2019/16xxx/CVE-2019-16779.json index a50c5476d6a..be2a303a113 100644 --- a/2019/16xxx/CVE-2019-16779.json +++ b/2019/16xxx/CVE-2019-16779.json @@ -85,6 +85,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0036", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00021.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200119 [SECURITY] [DLA 2070-1] ruby-excon security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00015.html" } ] }, From 5fe9d0238b18d10cf19df60441b3685064ea675c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 19 Jan 2020 20:01:03 +0000 Subject: [PATCH 159/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7231.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7232.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7233.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7234.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7235.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7236.json | 18 +++++++++++ 6 files changed, 240 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7231.json create mode 100644 2020/7xxx/CVE-2020-7232.json create mode 100644 2020/7xxx/CVE-2020-7233.json create mode 100644 2020/7xxx/CVE-2020-7234.json create mode 100644 2020/7xxx/CVE-2020-7235.json create mode 100644 2020/7xxx/CVE-2020-7236.json diff --git a/2020/7xxx/CVE-2020-7231.json b/2020/7xxx/CVE-2020-7231.json new file mode 100644 index 00000000000..63525ba2a3c --- /dev/null +++ b/2020/7xxx/CVE-2020-7231.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/evoko-otra-sala-por-favor.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/evoko-otra-sala-por-favor.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7232.json b/2020/7xxx/CVE-2020-7232.json new file mode 100644 index 00000000000..928a366d130 --- /dev/null +++ b/2020/7xxx/CVE-2020-7232.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Evoko Home 1.31 devices allow remote attackers to obtain sensitive information (such as usernames and password hashes) via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/evoko-otra-sala-por-favor.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/evoko-otra-sala-por-favor.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7233.json b/2020/7xxx/CVE-2020-7233.json new file mode 100644 index 00000000000..dfc7989a69b --- /dev/null +++ b/2020/7xxx/CVE-2020-7233.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME variable in the BC_Logon.swf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/kms-controls-backdoor-in-bacnet.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/kms-controls-backdoor-in-bacnet.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7234.json b/2020/7xxx/CVE-2020-7234.json new file mode 100644 index 00000000000..ffa30cb3949 --- /dev/null +++ b/2020/7xxx/CVE-2020-7234.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7234", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7235.json b/2020/7xxx/CVE-2020-7235.json new file mode 100644 index 00000000000..a964520962d --- /dev/null +++ b/2020/7xxx/CVE-2020-7235.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7235", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7236.json b/2020/7xxx/CVE-2020-7236.json new file mode 100644 index 00000000000..8e9cd0f467a --- /dev/null +++ b/2020/7xxx/CVE-2020-7236.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7236", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 316b6944056502019cdb986558b0cdda71ea970f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 19 Jan 2020 21:01:03 +0000 Subject: [PATCH 160/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7234.json | 56 ++++++++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7235.json | 56 ++++++++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7236.json | 56 ++++++++++++++++++++++++++++++++---- 3 files changed, 150 insertions(+), 18 deletions(-) diff --git a/2020/7xxx/CVE-2020-7234.json b/2020/7xxx/CVE-2020-7234.json index ffa30cb3949..478c9623e9d 100644 --- a/2020/7xxx/CVE-2020-7234.json +++ b/2020/7xxx/CVE-2020-7234.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7234", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7234", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration > Radio 2.4G > Wireless X screen (after a successful login to the super account)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/ruckus-wireless-authenticated-stored.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/ruckus-wireless-authenticated-stored.html" } ] } diff --git a/2020/7xxx/CVE-2020-7235.json b/2020/7xxx/CVE-2020-7235.json index a964520962d..9db110f6b59 100644 --- a/2020/7xxx/CVE-2020-7235.json +++ b/2020/7xxx/CVE-2020-7235.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7235", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7235", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cB3?ta= (profile title)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/uhp-networks-multiple-reflected-xss-in.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/uhp-networks-multiple-reflected-xss-in.html" } ] } diff --git a/2020/7xxx/CVE-2020-7236.json b/2020/7xxx/CVE-2020-7236.json index 8e9cd0f467a..ec434a27d3c 100644 --- a/2020/7xxx/CVE-2020-7236.json +++ b/2020/7xxx/CVE-2020-7236.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7236", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7236", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= (Site Name field of the Site Setup section)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/uhp-networks-multiple-reflected-xss-in.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/uhp-networks-multiple-reflected-xss-in.html" } ] } From 731ad2f5cdb4280701909d06f0fd5d3f7e5974c0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 20 Jan 2020 05:01:05 +0000 Subject: [PATCH 161/387] "-Synchronized-Data." --- 2016/11xxx/CVE-2016-11018.json | 18 ++++++++++ 2019/11xxx/CVE-2019-11236.json | 5 +++ 2019/11xxx/CVE-2019-11324.json | 5 +++ 2020/7xxx/CVE-2020-7237.json | 62 ++++++++++++++++++++++++++++++++++ 4 files changed, 90 insertions(+) create mode 100644 2016/11xxx/CVE-2016-11018.json create mode 100644 2020/7xxx/CVE-2020-7237.json diff --git a/2016/11xxx/CVE-2016-11018.json b/2016/11xxx/CVE-2016-11018.json new file mode 100644 index 00000000000..210bb4103cb --- /dev/null +++ b/2016/11xxx/CVE-2016-11018.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-11018", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11236.json b/2019/11xxx/CVE-2019-11236.json index 7962226e231..7bebc10abe3 100644 --- a/2019/11xxx/CVE-2019-11236.json +++ b/2019/11xxx/CVE-2019-11236.json @@ -111,6 +111,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-6148c44137", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-d0d9ad17d8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/" } ] } diff --git a/2019/11xxx/CVE-2019-11324.json b/2019/11xxx/CVE-2019-11324.json index 736892882dd..70d18ce2514 100644 --- a/2019/11xxx/CVE-2019-11324.json +++ b/2019/11xxx/CVE-2019-11324.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-6148c44137", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-d0d9ad17d8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/" } ] } diff --git a/2020/7xxx/CVE-2020-7237.json b/2020/7xxx/CVE-2020-7237.json new file mode 100644 index 00000000000..9e634f6385e --- /dev/null +++ b/2020/7xxx/CVE-2020-7237.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Cacti/cacti/issues/3201", + "refsource": "MISC", + "name": "https://github.com/Cacti/cacti/issues/3201" + } + ] + } +} \ No newline at end of file From 91bda910775581bf70731b6218ec4720bf4a3408 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 20 Jan 2020 06:01:06 +0000 Subject: [PATCH 162/387] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20381.json | 72 ++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7215.json | 56 +++++++++++++++++++++++--- 2020/7xxx/CVE-2020-7238.json | 18 +++++++++ 3 files changed, 140 insertions(+), 6 deletions(-) create mode 100644 2019/20xxx/CVE-2019-20381.json create mode 100644 2020/7xxx/CVE-2020-7238.json diff --git a/2019/20xxx/CVE-2019-20381.json b/2019/20xxx/CVE-2019-20381.json new file mode 100644 index 00000000000..3001c615e42 --- /dev/null +++ b/2019/20xxx/CVE-2019-20381.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://mantis.testlink.org/view.php?id=8808", + "refsource": "MISC", + "name": "http://mantis.testlink.org/view.php?id=8808" + }, + { + "url": "https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/cde692895e425731e6951d265a01ca6425a7c26e", + "refsource": "MISC", + "name": "https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/cde692895e425731e6951d265a01ca6425a7c26e" + }, + { + "url": "https://github.com/TestLinkOpenSourceTRMS/testlink-code/compare/1.9.19...1.9.20", + "refsource": "MISC", + "name": "https://github.com/TestLinkOpenSourceTRMS/testlink-code/compare/1.9.19...1.9.20" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7215.json b/2020/7xxx/CVE-2020-7215.json index c19b4c8590c..b02cf16dd64 100644 --- a/2020/7xxx/CVE-2020-7215.json +++ b/2020/7xxx/CVE-2020-7215.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7215", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7215", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.1134(MR4). External system configuration data (used for third party integrations such as DVR systems) were logged in the Command Centre event trail. Any authenticated operator with the 'view events' privilege could see the full configuration, including cleartext usernames and passwords, under the event details of a Modified DVR System event." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security.gallagher.com/cve-2020-7215", + "refsource": "MISC", + "name": "https://security.gallagher.com/cve-2020-7215" } ] } diff --git a/2020/7xxx/CVE-2020-7238.json b/2020/7xxx/CVE-2020-7238.json new file mode 100644 index 00000000000..d8611ad257f --- /dev/null +++ b/2020/7xxx/CVE-2020-7238.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7238", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 8ea4d62b901e70996bf45503f5dabb2165ebeebe Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 20 Jan 2020 07:01:10 +0000 Subject: [PATCH 163/387] "-Synchronized-Data." --- 2018/10xxx/CVE-2018-10904.json | 5 +++++ 2018/10xxx/CVE-2018-10907.json | 5 +++++ 2018/10xxx/CVE-2018-10911.json | 5 +++++ 2018/10xxx/CVE-2018-10913.json | 5 +++++ 2018/10xxx/CVE-2018-10914.json | 5 +++++ 2018/10xxx/CVE-2018-10923.json | 5 +++++ 2018/10xxx/CVE-2018-10924.json | 5 +++++ 2018/10xxx/CVE-2018-10926.json | 5 +++++ 2018/10xxx/CVE-2018-10927.json | 5 +++++ 2018/10xxx/CVE-2018-10928.json | 5 +++++ 2018/10xxx/CVE-2018-10929.json | 5 +++++ 2018/10xxx/CVE-2018-10930.json | 5 +++++ 2018/1xxx/CVE-2018-1088.json | 5 +++++ 2018/1xxx/CVE-2018-1112.json | 5 +++++ 14 files changed, 70 insertions(+) diff --git a/2018/10xxx/CVE-2018-10904.json b/2018/10xxx/CVE-2018-10904.json index 0ed40b429ef..fc733df07a0 100644 --- a/2018/10xxx/CVE-2018-10904.json +++ b/2018/10xxx/CVE-2018-10904.json @@ -96,6 +96,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/10xxx/CVE-2018-10907.json b/2018/10xxx/CVE-2018-10907.json index 94a12cd57e7..11d42733591 100644 --- a/2018/10xxx/CVE-2018-10907.json +++ b/2018/10xxx/CVE-2018-10907.json @@ -96,6 +96,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/10xxx/CVE-2018-10911.json b/2018/10xxx/CVE-2018-10911.json index fef471bc95d..0851fde7ddd 100644 --- a/2018/10xxx/CVE-2018-10911.json +++ b/2018/10xxx/CVE-2018-10911.json @@ -122,6 +122,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/10xxx/CVE-2018-10913.json b/2018/10xxx/CVE-2018-10913.json index 3a666478c44..e9cdd357896 100644 --- a/2018/10xxx/CVE-2018-10913.json +++ b/2018/10xxx/CVE-2018-10913.json @@ -96,6 +96,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/10xxx/CVE-2018-10914.json b/2018/10xxx/CVE-2018-10914.json index 6a0e39c86b6..09130e6e3e1 100644 --- a/2018/10xxx/CVE-2018-10914.json +++ b/2018/10xxx/CVE-2018-10914.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/10xxx/CVE-2018-10923.json b/2018/10xxx/CVE-2018-10923.json index bc384b9fe6a..77b322e8b11 100644 --- a/2018/10xxx/CVE-2018-10923.json +++ b/2018/10xxx/CVE-2018-10923.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/10xxx/CVE-2018-10924.json b/2018/10xxx/CVE-2018-10924.json index 7355d71d535..17a73033a14 100644 --- a/2018/10xxx/CVE-2018-10924.json +++ b/2018/10xxx/CVE-2018-10924.json @@ -76,6 +76,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/10xxx/CVE-2018-10926.json b/2018/10xxx/CVE-2018-10926.json index d384fc3044f..d26681170e5 100644 --- a/2018/10xxx/CVE-2018-10926.json +++ b/2018/10xxx/CVE-2018-10926.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/10xxx/CVE-2018-10927.json b/2018/10xxx/CVE-2018-10927.json index a8267c10725..faaf6c410eb 100644 --- a/2018/10xxx/CVE-2018-10927.json +++ b/2018/10xxx/CVE-2018-10927.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/10xxx/CVE-2018-10928.json b/2018/10xxx/CVE-2018-10928.json index 8cdb8cdd8e2..3d5090a49ee 100644 --- a/2018/10xxx/CVE-2018-10928.json +++ b/2018/10xxx/CVE-2018-10928.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/10xxx/CVE-2018-10929.json b/2018/10xxx/CVE-2018-10929.json index 1ca4a73bd07..9dcf0e5c9f9 100644 --- a/2018/10xxx/CVE-2018-10929.json +++ b/2018/10xxx/CVE-2018-10929.json @@ -96,6 +96,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/10xxx/CVE-2018-10930.json b/2018/10xxx/CVE-2018-10930.json index 8815c5a9e0f..cbf8b8b5484 100644 --- a/2018/10xxx/CVE-2018-10930.json +++ b/2018/10xxx/CVE-2018-10930.json @@ -96,6 +96,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/1xxx/CVE-2018-1088.json b/2018/1xxx/CVE-2018-1088.json index 9958c60e010..be487188fcd 100644 --- a/2018/1xxx/CVE-2018-1088.json +++ b/2018/1xxx/CVE-2018-1088.json @@ -82,6 +82,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/1xxx/CVE-2018-1112.json b/2018/1xxx/CVE-2018-1112.json index 54c7d74a0cb..61dee02a19e 100644 --- a/2018/1xxx/CVE-2018-1112.json +++ b/2018/1xxx/CVE-2018-1112.json @@ -89,6 +89,11 @@ "name": "RHSA-2018:1269", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1269" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } From 1f1f89a098d6a1ec10e99eea19c6c75c89f7e965 Mon Sep 17 00:00:00 2001 From: "mrehak@redhat.com" Date: Mon, 20 Jan 2020 12:37:13 +0100 Subject: [PATCH 164/387] CVE-2019-3864 init --- 2019/3xxx/CVE-2019-3864.json | 69 +++++++++++++++++++++++++++++++----- 1 file changed, 61 insertions(+), 8 deletions(-) diff --git a/2019/3xxx/CVE-2019-3864.json b/2019/3xxx/CVE-2019-3864.json index 316f8b8268b..de0fff5ba43 100644 --- a/2019/3xxx/CVE-2019-3864.json +++ b/2019/3xxx/CVE-2019-3864.json @@ -1,18 +1,71 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3864", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3864", + "ASSIGNER": "mrehak@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "quay", + "version": { + "version_data": [ + { + "version_value": "all quay-2 versions before quay-3.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3864", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3864", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed for every request or when a user logged out and in again. An attacker could use a leaked token to gain access to the system using the user's account." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.0" + } + ] + ] } -} \ No newline at end of file +} From 437d24f8ea5b67ceb3e65d135d1fe1a6b98f1bbd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 20 Jan 2020 13:01:15 +0000 Subject: [PATCH 165/387] "-Synchronized-Data." --- 2018/10xxx/CVE-2018-10103.json | 5 +++++ 2018/10xxx/CVE-2018-10105.json | 5 +++++ 2018/14xxx/CVE-2018-14461.json | 5 +++++ 2018/14xxx/CVE-2018-14462.json | 5 +++++ 2018/14xxx/CVE-2018-14463.json | 5 +++++ 2018/14xxx/CVE-2018-14464.json | 5 +++++ 2018/14xxx/CVE-2018-14465.json | 5 +++++ 2018/14xxx/CVE-2018-14466.json | 5 +++++ 2018/14xxx/CVE-2018-14467.json | 5 +++++ 2018/14xxx/CVE-2018-14468.json | 5 +++++ 2018/14xxx/CVE-2018-14469.json | 5 +++++ 2018/14xxx/CVE-2018-14470.json | 5 +++++ 2018/14xxx/CVE-2018-14879.json | 5 +++++ 2018/14xxx/CVE-2018-14880.json | 5 +++++ 2018/14xxx/CVE-2018-14881.json | 5 +++++ 2018/14xxx/CVE-2018-14882.json | 5 +++++ 2018/16xxx/CVE-2018-16227.json | 5 +++++ 2018/16xxx/CVE-2018-16228.json | 5 +++++ 2018/16xxx/CVE-2018-16229.json | 5 +++++ 2018/16xxx/CVE-2018-16230.json | 5 +++++ 2018/16xxx/CVE-2018-16300.json | 5 +++++ 2018/16xxx/CVE-2018-16451.json | 5 +++++ 2018/16xxx/CVE-2018-16452.json | 5 +++++ 2018/17xxx/CVE-2018-17358.json | 5 +++++ 2019/15xxx/CVE-2019-15166.json | 5 +++++ 2019/16xxx/CVE-2019-16723.json | 10 ++++++++++ 2019/17xxx/CVE-2019-17016.json | 5 +++++ 2019/17xxx/CVE-2019-17017.json | 5 +++++ 2019/17xxx/CVE-2019-17022.json | 5 +++++ 2019/17xxx/CVE-2019-17024.json | 5 +++++ 2019/17xxx/CVE-2019-17358.json | 10 ++++++++++ 2020/2xxx/CVE-2020-2583.json | 10 ++++++++++ 2020/2xxx/CVE-2020-2590.json | 10 ++++++++++ 2020/2xxx/CVE-2020-2593.json | 10 ++++++++++ 2020/2xxx/CVE-2020-2601.json | 10 ++++++++++ 2020/2xxx/CVE-2020-2604.json | 10 ++++++++++ 2020/2xxx/CVE-2020-2654.json | 10 ++++++++++ 2020/2xxx/CVE-2020-2655.json | 10 ++++++++++ 2020/2xxx/CVE-2020-2656.json | 5 +++++ 2020/2xxx/CVE-2020-2696.json | 5 +++++ 40 files changed, 245 insertions(+) diff --git a/2018/10xxx/CVE-2018-10103.json b/2018/10xxx/CVE-2018-10103.json index 98ce3279968..7ad6fb7ec7a 100644 --- a/2018/10xxx/CVE-2018-10103.json +++ b/2018/10xxx/CVE-2018-10103.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/10xxx/CVE-2018-10105.json b/2018/10xxx/CVE-2018-10105.json index ce4799757a2..83f3594dc8a 100644 --- a/2018/10xxx/CVE-2018-10105.json +++ b/2018/10xxx/CVE-2018-10105.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14461.json b/2018/14xxx/CVE-2018-14461.json index 9970171685e..6b614cfea6d 100644 --- a/2018/14xxx/CVE-2018-14461.json +++ b/2018/14xxx/CVE-2018-14461.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14462.json b/2018/14xxx/CVE-2018-14462.json index 26ee2e9c5b8..7c8386cc0f5 100644 --- a/2018/14xxx/CVE-2018-14462.json +++ b/2018/14xxx/CVE-2018-14462.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14463.json b/2018/14xxx/CVE-2018-14463.json index 2a26eda8b65..5145e0ca49c 100644 --- a/2018/14xxx/CVE-2018-14463.json +++ b/2018/14xxx/CVE-2018-14463.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14464.json b/2018/14xxx/CVE-2018-14464.json index f947c6f1221..0fb92c0657e 100644 --- a/2018/14xxx/CVE-2018-14464.json +++ b/2018/14xxx/CVE-2018-14464.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14465.json b/2018/14xxx/CVE-2018-14465.json index b58d6240f0e..27b2efe9110 100644 --- a/2018/14xxx/CVE-2018-14465.json +++ b/2018/14xxx/CVE-2018-14465.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14466.json b/2018/14xxx/CVE-2018-14466.json index dcb8d417d9c..482e782e680 100644 --- a/2018/14xxx/CVE-2018-14466.json +++ b/2018/14xxx/CVE-2018-14466.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14467.json b/2018/14xxx/CVE-2018-14467.json index bc745fc65d3..7ff95c30af6 100644 --- a/2018/14xxx/CVE-2018-14467.json +++ b/2018/14xxx/CVE-2018-14467.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14468.json b/2018/14xxx/CVE-2018-14468.json index 4e4940eb8ec..36e0ced091b 100644 --- a/2018/14xxx/CVE-2018-14468.json +++ b/2018/14xxx/CVE-2018-14468.json @@ -121,6 +121,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14469.json b/2018/14xxx/CVE-2018-14469.json index f24d7e13e5b..3756bde8b28 100644 --- a/2018/14xxx/CVE-2018-14469.json +++ b/2018/14xxx/CVE-2018-14469.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14470.json b/2018/14xxx/CVE-2018-14470.json index f5c65fc675e..53864fc152d 100644 --- a/2018/14xxx/CVE-2018-14470.json +++ b/2018/14xxx/CVE-2018-14470.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14879.json b/2018/14xxx/CVE-2018-14879.json index 2df53d96950..03009e2c190 100644 --- a/2018/14xxx/CVE-2018-14879.json +++ b/2018/14xxx/CVE-2018-14879.json @@ -121,6 +121,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14880.json b/2018/14xxx/CVE-2018-14880.json index 01324c2c240..42525f7c26a 100644 --- a/2018/14xxx/CVE-2018-14880.json +++ b/2018/14xxx/CVE-2018-14880.json @@ -121,6 +121,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14881.json b/2018/14xxx/CVE-2018-14881.json index f3a71b8421b..a84ade04b82 100644 --- a/2018/14xxx/CVE-2018-14881.json +++ b/2018/14xxx/CVE-2018-14881.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14882.json b/2018/14xxx/CVE-2018-14882.json index 6aec0690a46..d8894e306af 100644 --- a/2018/14xxx/CVE-2018-14882.json +++ b/2018/14xxx/CVE-2018-14882.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/16xxx/CVE-2018-16227.json b/2018/16xxx/CVE-2018-16227.json index fc065328e5b..f9070b836a7 100644 --- a/2018/16xxx/CVE-2018-16227.json +++ b/2018/16xxx/CVE-2018-16227.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/16xxx/CVE-2018-16228.json b/2018/16xxx/CVE-2018-16228.json index ee46e81c760..f5582ee5645 100644 --- a/2018/16xxx/CVE-2018-16228.json +++ b/2018/16xxx/CVE-2018-16228.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/16xxx/CVE-2018-16229.json b/2018/16xxx/CVE-2018-16229.json index 3b02c7086cd..9a3e2fdb5ea 100644 --- a/2018/16xxx/CVE-2018-16229.json +++ b/2018/16xxx/CVE-2018-16229.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/16xxx/CVE-2018-16230.json b/2018/16xxx/CVE-2018-16230.json index 04326d51f97..8b108bfafdd 100644 --- a/2018/16xxx/CVE-2018-16230.json +++ b/2018/16xxx/CVE-2018-16230.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/16xxx/CVE-2018-16300.json b/2018/16xxx/CVE-2018-16300.json index b1ffd793bde..5e7172dd0fb 100644 --- a/2018/16xxx/CVE-2018-16300.json +++ b/2018/16xxx/CVE-2018-16300.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/16xxx/CVE-2018-16451.json b/2018/16xxx/CVE-2018-16451.json index e76432cf61a..fcd311c4c73 100644 --- a/2018/16xxx/CVE-2018-16451.json +++ b/2018/16xxx/CVE-2018-16451.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/16xxx/CVE-2018-16452.json b/2018/16xxx/CVE-2018-16452.json index 536cf0b28a8..c9dd1af56e9 100644 --- a/2018/16xxx/CVE-2018-16452.json +++ b/2018/16xxx/CVE-2018-16452.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/17xxx/CVE-2018-17358.json b/2018/17xxx/CVE-2018-17358.json index c3b2c83647c..3f15d776cc7 100644 --- a/2018/17xxx/CVE-2018-17358.json +++ b/2018/17xxx/CVE-2018-17358.json @@ -66,6 +66,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2432", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4604-1] cacti security update", + "url": "https://seclists.org/bugtraq/2020/Jan/25" } ] } diff --git a/2019/15xxx/CVE-2019-15166.json b/2019/15xxx/CVE-2019-15166.json index 466c9ec25e3..255acb40873 100644 --- a/2019/15xxx/CVE-2019-15166.json +++ b/2019/15xxx/CVE-2019-15166.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2019/16xxx/CVE-2019-16723.json b/2019/16xxx/CVE-2019-16723.json index 54d01fc2d68..fbb39787413 100644 --- a/2019/16xxx/CVE-2019-16723.json +++ b/2019/16xxx/CVE-2019-16723.json @@ -66,6 +66,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-362f0e9710", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZO3ROHHPKLH2JRW7ES5FYSQTWIPNVLQB/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4604-1] cacti security update", + "url": "https://seclists.org/bugtraq/2020/Jan/25" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4604", + "url": "https://www.debian.org/security/2020/dsa-4604" } ] } diff --git a/2019/17xxx/CVE-2019-17016.json b/2019/17xxx/CVE-2019-17016.json index 50fc3c6ecaa..267b3a43cce 100644 --- a/2019/17xxx/CVE-2019-17016.json +++ b/2019/17xxx/CVE-2019-17016.json @@ -143,6 +143,11 @@ "refsource": "DEBIAN", "name": "DSA-4603", "url": "https://www.debian.org/security/2020/dsa-4603" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4603-1] thunderbird security update", + "url": "https://seclists.org/bugtraq/2020/Jan/26" } ] }, diff --git a/2019/17xxx/CVE-2019-17017.json b/2019/17xxx/CVE-2019-17017.json index d0a55958218..c74156dc8df 100644 --- a/2019/17xxx/CVE-2019-17017.json +++ b/2019/17xxx/CVE-2019-17017.json @@ -143,6 +143,11 @@ "refsource": "DEBIAN", "name": "DSA-4603", "url": "https://www.debian.org/security/2020/dsa-4603" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4603-1] thunderbird security update", + "url": "https://seclists.org/bugtraq/2020/Jan/26" } ] }, diff --git a/2019/17xxx/CVE-2019-17022.json b/2019/17xxx/CVE-2019-17022.json index fe8e17362a8..c755ac76692 100644 --- a/2019/17xxx/CVE-2019-17022.json +++ b/2019/17xxx/CVE-2019-17022.json @@ -143,6 +143,11 @@ "refsource": "DEBIAN", "name": "DSA-4603", "url": "https://www.debian.org/security/2020/dsa-4603" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4603-1] thunderbird security update", + "url": "https://seclists.org/bugtraq/2020/Jan/26" } ] }, diff --git a/2019/17xxx/CVE-2019-17024.json b/2019/17xxx/CVE-2019-17024.json index b8fd9c72449..c3d7ce5cfdf 100644 --- a/2019/17xxx/CVE-2019-17024.json +++ b/2019/17xxx/CVE-2019-17024.json @@ -143,6 +143,11 @@ "refsource": "DEBIAN", "name": "DSA-4603", "url": "https://www.debian.org/security/2020/dsa-4603" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4603-1] thunderbird security update", + "url": "https://seclists.org/bugtraq/2020/Jan/26" } ] }, diff --git a/2019/17xxx/CVE-2019-17358.json b/2019/17xxx/CVE-2019-17358.json index 9af991ec84e..52fc8565b84 100644 --- a/2019/17xxx/CVE-2019-17358.json +++ b/2019/17xxx/CVE-2019-17358.json @@ -86,6 +86,16 @@ "refsource": "MISC", "name": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17358.html", "url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17358.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4604-1] cacti security update", + "url": "https://seclists.org/bugtraq/2020/Jan/25" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4604", + "url": "https://www.debian.org/security/2020/dsa-4604" } ] }, diff --git a/2020/2xxx/CVE-2020-2583.json b/2020/2xxx/CVE-2020-2583.json index 844bcaa51c3..41312aa22d2 100644 --- a/2020/2xxx/CVE-2020-2583.json +++ b/2020/2xxx/CVE-2020-2583.json @@ -71,6 +71,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0122", "url": "https://access.redhat.com/errata/RHSA-2020:0122" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4605", + "url": "https://www.debian.org/security/2020/dsa-4605" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", + "url": "https://seclists.org/bugtraq/2020/Jan/24" } ] } diff --git a/2020/2xxx/CVE-2020-2590.json b/2020/2xxx/CVE-2020-2590.json index 7db513d0713..49d0ae123ad 100644 --- a/2020/2xxx/CVE-2020-2590.json +++ b/2020/2xxx/CVE-2020-2590.json @@ -71,6 +71,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0122", "url": "https://access.redhat.com/errata/RHSA-2020:0122" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4605", + "url": "https://www.debian.org/security/2020/dsa-4605" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", + "url": "https://seclists.org/bugtraq/2020/Jan/24" } ] } diff --git a/2020/2xxx/CVE-2020-2593.json b/2020/2xxx/CVE-2020-2593.json index 6a155a0dd10..5f192b5c044 100644 --- a/2020/2xxx/CVE-2020-2593.json +++ b/2020/2xxx/CVE-2020-2593.json @@ -71,6 +71,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0122", "url": "https://access.redhat.com/errata/RHSA-2020:0122" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4605", + "url": "https://www.debian.org/security/2020/dsa-4605" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", + "url": "https://seclists.org/bugtraq/2020/Jan/24" } ] } diff --git a/2020/2xxx/CVE-2020-2601.json b/2020/2xxx/CVE-2020-2601.json index 16b36c5da45..d51f55adc5a 100644 --- a/2020/2xxx/CVE-2020-2601.json +++ b/2020/2xxx/CVE-2020-2601.json @@ -71,6 +71,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0122", "url": "https://access.redhat.com/errata/RHSA-2020:0122" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4605", + "url": "https://www.debian.org/security/2020/dsa-4605" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", + "url": "https://seclists.org/bugtraq/2020/Jan/24" } ] } diff --git a/2020/2xxx/CVE-2020-2604.json b/2020/2xxx/CVE-2020-2604.json index daa7623c3e8..4a0be4de370 100644 --- a/2020/2xxx/CVE-2020-2604.json +++ b/2020/2xxx/CVE-2020-2604.json @@ -71,6 +71,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0122", "url": "https://access.redhat.com/errata/RHSA-2020:0122" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4605", + "url": "https://www.debian.org/security/2020/dsa-4605" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", + "url": "https://seclists.org/bugtraq/2020/Jan/24" } ] } diff --git a/2020/2xxx/CVE-2020-2654.json b/2020/2xxx/CVE-2020-2654.json index e012ccfb4c9..cb4050058cd 100644 --- a/2020/2xxx/CVE-2020-2654.json +++ b/2020/2xxx/CVE-2020-2654.json @@ -67,6 +67,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0122", "url": "https://access.redhat.com/errata/RHSA-2020:0122" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4605", + "url": "https://www.debian.org/security/2020/dsa-4605" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", + "url": "https://seclists.org/bugtraq/2020/Jan/24" } ] } diff --git a/2020/2xxx/CVE-2020-2655.json b/2020/2xxx/CVE-2020-2655.json index 43f970f3205..06078099b78 100644 --- a/2020/2xxx/CVE-2020-2655.json +++ b/2020/2xxx/CVE-2020-2655.json @@ -67,6 +67,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0122", "url": "https://access.redhat.com/errata/RHSA-2020:0122" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4605", + "url": "https://www.debian.org/security/2020/dsa-4605" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", + "url": "https://seclists.org/bugtraq/2020/Jan/24" } ] } diff --git a/2020/2xxx/CVE-2020-2656.json b/2020/2xxx/CVE-2020-2656.json index af09c9c089a..e3ab24e9edb 100644 --- a/2020/2xxx/CVE-2020-2656.json +++ b/2020/2xxx/CVE-2020-2656.json @@ -76,6 +76,11 @@ "refsource": "FULLDISC", "name": "20200117 CVE-2020-2656 - Low impact information disclosure via Solaris xlock", "url": "http://seclists.org/fulldisclosure/2020/Jan/23" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200120 CVE-2020-2656, CVE-2020-2696 - Multiple vulnerabilities in Oracle Solaris", + "url": "http://www.openwall.com/lists/oss-security/2020/01/20/2" } ] } diff --git a/2020/2xxx/CVE-2020-2696.json b/2020/2xxx/CVE-2020-2696.json index 84de1891f64..0bb050bb23a 100644 --- a/2020/2xxx/CVE-2020-2696.json +++ b/2020/2xxx/CVE-2020-2696.json @@ -77,6 +77,11 @@ "refsource": "FULLDISC", "name": "20200117 CVE-2020-2696 - Local privilege escalation via CDE dtsession", "url": "http://seclists.org/fulldisclosure/2020/Jan/24" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200120 CVE-2020-2656, CVE-2020-2696 - Multiple vulnerabilities in Oracle Solaris", + "url": "http://www.openwall.com/lists/oss-security/2020/01/20/2" } ] } From 3bc7e77d92562a2a0596731bb3265043c34bb862 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 20 Jan 2020 14:01:10 +0000 Subject: [PATCH 166/387] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17016.json | 5 +++++ 2019/17xxx/CVE-2019-17017.json | 5 +++++ 2019/17xxx/CVE-2019-17022.json | 5 +++++ 2019/17xxx/CVE-2019-17024.json | 5 +++++ 4 files changed, 20 insertions(+) diff --git a/2019/17xxx/CVE-2019-17016.json b/2019/17xxx/CVE-2019-17016.json index 267b3a43cce..4dda9947338 100644 --- a/2019/17xxx/CVE-2019-17016.json +++ b/2019/17xxx/CVE-2019-17016.json @@ -148,6 +148,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4603-1] thunderbird security update", "url": "https://seclists.org/bugtraq/2020/Jan/26" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2071-1] thunderbird security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17017.json b/2019/17xxx/CVE-2019-17017.json index c74156dc8df..e0f89fee1f6 100644 --- a/2019/17xxx/CVE-2019-17017.json +++ b/2019/17xxx/CVE-2019-17017.json @@ -148,6 +148,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4603-1] thunderbird security update", "url": "https://seclists.org/bugtraq/2020/Jan/26" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2071-1] thunderbird security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17022.json b/2019/17xxx/CVE-2019-17022.json index c755ac76692..e759fbccaf0 100644 --- a/2019/17xxx/CVE-2019-17022.json +++ b/2019/17xxx/CVE-2019-17022.json @@ -148,6 +148,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4603-1] thunderbird security update", "url": "https://seclists.org/bugtraq/2020/Jan/26" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2071-1] thunderbird security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17024.json b/2019/17xxx/CVE-2019-17024.json index c3d7ce5cfdf..8f55d5b36ff 100644 --- a/2019/17xxx/CVE-2019-17024.json +++ b/2019/17xxx/CVE-2019-17024.json @@ -148,6 +148,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4603-1] thunderbird security update", "url": "https://seclists.org/bugtraq/2020/Jan/26" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2071-1] thunderbird security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html" } ] }, From 52c9718ff75fac4579bd2219a346de32ad73c2f2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 20 Jan 2020 16:01:10 +0000 Subject: [PATCH 167/387] "-Synchronized-Data." --- 2018/21xxx/CVE-2018-21015.json | 5 +++++ 2018/21xxx/CVE-2018-21016.json | 5 +++++ 2019/13xxx/CVE-2019-13618.json | 5 +++++ 2019/13xxx/CVE-2019-13725.json | 5 +++++ 2019/13xxx/CVE-2019-13726.json | 5 +++++ 2019/13xxx/CVE-2019-13727.json | 5 +++++ 2019/13xxx/CVE-2019-13728.json | 5 +++++ 2019/13xxx/CVE-2019-13729.json | 5 +++++ 2019/13xxx/CVE-2019-13730.json | 5 +++++ 2019/13xxx/CVE-2019-13732.json | 5 +++++ 2019/13xxx/CVE-2019-13734.json | 5 +++++ 2019/13xxx/CVE-2019-13735.json | 5 +++++ 2019/13xxx/CVE-2019-13736.json | 5 +++++ 2019/13xxx/CVE-2019-13737.json | 5 +++++ 2019/13xxx/CVE-2019-13738.json | 5 +++++ 2019/13xxx/CVE-2019-13739.json | 5 +++++ 2019/13xxx/CVE-2019-13740.json | 5 +++++ 2019/13xxx/CVE-2019-13741.json | 5 +++++ 2019/13xxx/CVE-2019-13742.json | 5 +++++ 2019/13xxx/CVE-2019-13743.json | 5 +++++ 2019/13xxx/CVE-2019-13744.json | 5 +++++ 2019/13xxx/CVE-2019-13745.json | 5 +++++ 2019/13xxx/CVE-2019-13746.json | 5 +++++ 2019/13xxx/CVE-2019-13747.json | 5 +++++ 2019/13xxx/CVE-2019-13748.json | 5 +++++ 2019/13xxx/CVE-2019-13749.json | 5 +++++ 2019/13xxx/CVE-2019-13750.json | 5 +++++ 2019/13xxx/CVE-2019-13751.json | 5 +++++ 2019/13xxx/CVE-2019-13752.json | 5 +++++ 2019/13xxx/CVE-2019-13753.json | 5 +++++ 2019/13xxx/CVE-2019-13754.json | 5 +++++ 2019/13xxx/CVE-2019-13755.json | 5 +++++ 2019/13xxx/CVE-2019-13756.json | 5 +++++ 2019/13xxx/CVE-2019-13757.json | 5 +++++ 2019/13xxx/CVE-2019-13758.json | 5 +++++ 2019/13xxx/CVE-2019-13759.json | 5 +++++ 2019/13xxx/CVE-2019-13761.json | 5 +++++ 2019/13xxx/CVE-2019-13762.json | 5 +++++ 2019/13xxx/CVE-2019-13763.json | 5 +++++ 2019/13xxx/CVE-2019-13764.json | 5 +++++ 2019/13xxx/CVE-2019-13767.json | 5 +++++ 2019/20xxx/CVE-2019-20161.json | 5 +++++ 2019/20xxx/CVE-2019-20162.json | 5 +++++ 2019/20xxx/CVE-2019-20163.json | 5 +++++ 2019/20xxx/CVE-2019-20165.json | 5 +++++ 2019/20xxx/CVE-2019-20170.json | 5 +++++ 2019/20xxx/CVE-2019-20171.json | 5 +++++ 2019/20xxx/CVE-2019-20208.json | 5 +++++ 2020/6xxx/CVE-2020-6377.json | 5 +++++ 49 files changed, 245 insertions(+) diff --git a/2018/21xxx/CVE-2018-21015.json b/2018/21xxx/CVE-2018-21015.json index 89b9aadfcec..948c9794296 100644 --- a/2018/21xxx/CVE-2018-21015.json +++ b/2018/21xxx/CVE-2018-21015.json @@ -56,6 +56,11 @@ "url": "https://github.com/gpac/gpac/issues/1179", "refsource": "MISC", "name": "https://github.com/gpac/gpac/issues/1179" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html" } ] } diff --git a/2018/21xxx/CVE-2018-21016.json b/2018/21xxx/CVE-2018-21016.json index 605952c733b..2298dbb1013 100644 --- a/2018/21xxx/CVE-2018-21016.json +++ b/2018/21xxx/CVE-2018-21016.json @@ -56,6 +56,11 @@ "url": "https://github.com/gpac/gpac/issues/1180", "refsource": "MISC", "name": "https://github.com/gpac/gpac/issues/1180" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html" } ] } diff --git a/2019/13xxx/CVE-2019-13618.json b/2019/13xxx/CVE-2019-13618.json index b7cdfcf3e2f..f4579373053 100644 --- a/2019/13xxx/CVE-2019-13618.json +++ b/2019/13xxx/CVE-2019-13618.json @@ -61,6 +61,11 @@ "url": "https://github.com/gpac/gpac/compare/440d475...6b4ab40", "refsource": "MISC", "name": "https://github.com/gpac/gpac/compare/440d475...6b4ab40" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html" } ] } diff --git a/2019/13xxx/CVE-2019-13725.json b/2019/13xxx/CVE-2019-13725.json index 2a537500954..1f2a942d5f2 100644 --- a/2019/13xxx/CVE-2019-13725.json +++ b/2019/13xxx/CVE-2019-13725.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13726.json b/2019/13xxx/CVE-2019-13726.json index 0ee63f06830..d03b5a4d5cc 100644 --- a/2019/13xxx/CVE-2019-13726.json +++ b/2019/13xxx/CVE-2019-13726.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13727.json b/2019/13xxx/CVE-2019-13727.json index 445b84bae61..cd2ecdab9d9 100644 --- a/2019/13xxx/CVE-2019-13727.json +++ b/2019/13xxx/CVE-2019-13727.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13728.json b/2019/13xxx/CVE-2019-13728.json index a0ffdf37021..b199c4d91a4 100644 --- a/2019/13xxx/CVE-2019-13728.json +++ b/2019/13xxx/CVE-2019-13728.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13729.json b/2019/13xxx/CVE-2019-13729.json index 463d6e25803..393bbf30358 100644 --- a/2019/13xxx/CVE-2019-13729.json +++ b/2019/13xxx/CVE-2019-13729.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13730.json b/2019/13xxx/CVE-2019-13730.json index 509bfd0afac..a64c8befc02 100644 --- a/2019/13xxx/CVE-2019-13730.json +++ b/2019/13xxx/CVE-2019-13730.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13732.json b/2019/13xxx/CVE-2019-13732.json index b773153cb22..6d17f395ab3 100644 --- a/2019/13xxx/CVE-2019-13732.json +++ b/2019/13xxx/CVE-2019-13732.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13734.json b/2019/13xxx/CVE-2019-13734.json index 30e1653debb..b1e6fda2b5e 100644 --- a/2019/13xxx/CVE-2019-13734.json +++ b/2019/13xxx/CVE-2019-13734.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13735.json b/2019/13xxx/CVE-2019-13735.json index e070f1f63ed..c91e32764d3 100644 --- a/2019/13xxx/CVE-2019-13735.json +++ b/2019/13xxx/CVE-2019-13735.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13736.json b/2019/13xxx/CVE-2019-13736.json index 425b352fe3c..d67b26842ba 100644 --- a/2019/13xxx/CVE-2019-13736.json +++ b/2019/13xxx/CVE-2019-13736.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13737.json b/2019/13xxx/CVE-2019-13737.json index 13870742e04..662eeabfff8 100644 --- a/2019/13xxx/CVE-2019-13737.json +++ b/2019/13xxx/CVE-2019-13737.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13738.json b/2019/13xxx/CVE-2019-13738.json index afcca5f1c35..d9dba863357 100644 --- a/2019/13xxx/CVE-2019-13738.json +++ b/2019/13xxx/CVE-2019-13738.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13739.json b/2019/13xxx/CVE-2019-13739.json index 23d541bb9b8..ad066cc79df 100644 --- a/2019/13xxx/CVE-2019-13739.json +++ b/2019/13xxx/CVE-2019-13739.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13740.json b/2019/13xxx/CVE-2019-13740.json index 50372274d5c..81af630ecf1 100644 --- a/2019/13xxx/CVE-2019-13740.json +++ b/2019/13xxx/CVE-2019-13740.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13741.json b/2019/13xxx/CVE-2019-13741.json index 9f376288577..ee7b3eeab3e 100644 --- a/2019/13xxx/CVE-2019-13741.json +++ b/2019/13xxx/CVE-2019-13741.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13742.json b/2019/13xxx/CVE-2019-13742.json index 6d888d3aabb..9c6ba5f2422 100644 --- a/2019/13xxx/CVE-2019-13742.json +++ b/2019/13xxx/CVE-2019-13742.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13743.json b/2019/13xxx/CVE-2019-13743.json index f9aa49fc589..e042c7c8f99 100644 --- a/2019/13xxx/CVE-2019-13743.json +++ b/2019/13xxx/CVE-2019-13743.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13744.json b/2019/13xxx/CVE-2019-13744.json index b14d78ce4e5..514002c583a 100644 --- a/2019/13xxx/CVE-2019-13744.json +++ b/2019/13xxx/CVE-2019-13744.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13745.json b/2019/13xxx/CVE-2019-13745.json index 4fed4182a87..deaaaef28b3 100644 --- a/2019/13xxx/CVE-2019-13745.json +++ b/2019/13xxx/CVE-2019-13745.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13746.json b/2019/13xxx/CVE-2019-13746.json index 4841c468fb6..4ebfa39747a 100644 --- a/2019/13xxx/CVE-2019-13746.json +++ b/2019/13xxx/CVE-2019-13746.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13747.json b/2019/13xxx/CVE-2019-13747.json index f1243da0be9..f0f7f4f4550 100644 --- a/2019/13xxx/CVE-2019-13747.json +++ b/2019/13xxx/CVE-2019-13747.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13748.json b/2019/13xxx/CVE-2019-13748.json index 2168fa1882e..b05ad9cd749 100644 --- a/2019/13xxx/CVE-2019-13748.json +++ b/2019/13xxx/CVE-2019-13748.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13749.json b/2019/13xxx/CVE-2019-13749.json index 7dbae38c122..059085f9c8f 100644 --- a/2019/13xxx/CVE-2019-13749.json +++ b/2019/13xxx/CVE-2019-13749.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13750.json b/2019/13xxx/CVE-2019-13750.json index 42a5fe4f1f5..4f01b345be6 100644 --- a/2019/13xxx/CVE-2019-13750.json +++ b/2019/13xxx/CVE-2019-13750.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13751.json b/2019/13xxx/CVE-2019-13751.json index 1aea5a082bb..a09fc7e2557 100644 --- a/2019/13xxx/CVE-2019-13751.json +++ b/2019/13xxx/CVE-2019-13751.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13752.json b/2019/13xxx/CVE-2019-13752.json index 59a966e3192..2b2d1b02abc 100644 --- a/2019/13xxx/CVE-2019-13752.json +++ b/2019/13xxx/CVE-2019-13752.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13753.json b/2019/13xxx/CVE-2019-13753.json index fb242931605..9f015e7596f 100644 --- a/2019/13xxx/CVE-2019-13753.json +++ b/2019/13xxx/CVE-2019-13753.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13754.json b/2019/13xxx/CVE-2019-13754.json index a48d8af63e9..0086d1942cb 100644 --- a/2019/13xxx/CVE-2019-13754.json +++ b/2019/13xxx/CVE-2019-13754.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13755.json b/2019/13xxx/CVE-2019-13755.json index 236ffdc502c..db0502702be 100644 --- a/2019/13xxx/CVE-2019-13755.json +++ b/2019/13xxx/CVE-2019-13755.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13756.json b/2019/13xxx/CVE-2019-13756.json index fe485fd5cbe..c3076d84d88 100644 --- a/2019/13xxx/CVE-2019-13756.json +++ b/2019/13xxx/CVE-2019-13756.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13757.json b/2019/13xxx/CVE-2019-13757.json index b826fe46dad..634beba427f 100644 --- a/2019/13xxx/CVE-2019-13757.json +++ b/2019/13xxx/CVE-2019-13757.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13758.json b/2019/13xxx/CVE-2019-13758.json index e64d953987d..fc98689a0cd 100644 --- a/2019/13xxx/CVE-2019-13758.json +++ b/2019/13xxx/CVE-2019-13758.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13759.json b/2019/13xxx/CVE-2019-13759.json index 86c80b4757b..b658d692155 100644 --- a/2019/13xxx/CVE-2019-13759.json +++ b/2019/13xxx/CVE-2019-13759.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13761.json b/2019/13xxx/CVE-2019-13761.json index c37d0ab3129..acdf545ea25 100644 --- a/2019/13xxx/CVE-2019-13761.json +++ b/2019/13xxx/CVE-2019-13761.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13762.json b/2019/13xxx/CVE-2019-13762.json index bc52e36f4eb..de42b89570e 100644 --- a/2019/13xxx/CVE-2019-13762.json +++ b/2019/13xxx/CVE-2019-13762.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13763.json b/2019/13xxx/CVE-2019-13763.json index 814a431804c..b78383fec4c 100644 --- a/2019/13xxx/CVE-2019-13763.json +++ b/2019/13xxx/CVE-2019-13763.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13764.json b/2019/13xxx/CVE-2019-13764.json index 37942bec611..c30b2071ac6 100644 --- a/2019/13xxx/CVE-2019-13764.json +++ b/2019/13xxx/CVE-2019-13764.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/13xxx/CVE-2019-13767.json b/2019/13xxx/CVE-2019-13767.json index 4a04985d580..ab0f0b952ae 100644 --- a/2019/13xxx/CVE-2019-13767.json +++ b/2019/13xxx/CVE-2019-13767.json @@ -64,6 +64,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, diff --git a/2019/20xxx/CVE-2019-20161.json b/2019/20xxx/CVE-2019-20161.json index 9075239bb06..7e172c23d03 100644 --- a/2019/20xxx/CVE-2019-20161.json +++ b/2019/20xxx/CVE-2019-20161.json @@ -56,6 +56,11 @@ "url": "https://github.com/gpac/gpac/issues/1320", "refsource": "MISC", "name": "https://github.com/gpac/gpac/issues/1320" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html" } ] } diff --git a/2019/20xxx/CVE-2019-20162.json b/2019/20xxx/CVE-2019-20162.json index 8b41273b012..57f1a8e0564 100644 --- a/2019/20xxx/CVE-2019-20162.json +++ b/2019/20xxx/CVE-2019-20162.json @@ -56,6 +56,11 @@ "url": "https://github.com/gpac/gpac/issues/1327", "refsource": "MISC", "name": "https://github.com/gpac/gpac/issues/1327" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html" } ] } diff --git a/2019/20xxx/CVE-2019-20163.json b/2019/20xxx/CVE-2019-20163.json index 3d09633f087..b2719819377 100644 --- a/2019/20xxx/CVE-2019-20163.json +++ b/2019/20xxx/CVE-2019-20163.json @@ -56,6 +56,11 @@ "url": "https://github.com/gpac/gpac/issues/1335", "refsource": "MISC", "name": "https://github.com/gpac/gpac/issues/1335" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html" } ] } diff --git a/2019/20xxx/CVE-2019-20165.json b/2019/20xxx/CVE-2019-20165.json index 1bb6b3a99cc..32cd6dfd721 100644 --- a/2019/20xxx/CVE-2019-20165.json +++ b/2019/20xxx/CVE-2019-20165.json @@ -56,6 +56,11 @@ "url": "https://github.com/gpac/gpac/issues/1338", "refsource": "MISC", "name": "https://github.com/gpac/gpac/issues/1338" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html" } ] } diff --git a/2019/20xxx/CVE-2019-20170.json b/2019/20xxx/CVE-2019-20170.json index 19d008702ff..eb4c1eaeb02 100644 --- a/2019/20xxx/CVE-2019-20170.json +++ b/2019/20xxx/CVE-2019-20170.json @@ -56,6 +56,11 @@ "url": "https://github.com/gpac/gpac/issues/1328", "refsource": "MISC", "name": "https://github.com/gpac/gpac/issues/1328" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html" } ] } diff --git a/2019/20xxx/CVE-2019-20171.json b/2019/20xxx/CVE-2019-20171.json index eee0c759512..0f93c2bb0d1 100644 --- a/2019/20xxx/CVE-2019-20171.json +++ b/2019/20xxx/CVE-2019-20171.json @@ -56,6 +56,11 @@ "url": "https://github.com/gpac/gpac/issues/1337", "refsource": "MISC", "name": "https://github.com/gpac/gpac/issues/1337" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html" } ] } diff --git a/2019/20xxx/CVE-2019-20208.json b/2019/20xxx/CVE-2019-20208.json index 631a5deed55..ae50740c2f6 100644 --- a/2019/20xxx/CVE-2019-20208.json +++ b/2019/20xxx/CVE-2019-20208.json @@ -56,6 +56,11 @@ "url": "https://github.com/gpac/gpac/issues/1348", "refsource": "MISC", "name": "https://github.com/gpac/gpac/issues/1348" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html" } ] } diff --git a/2020/6xxx/CVE-2020-6377.json b/2020/6xxx/CVE-2020-6377.json index 846d0c9cb44..3696867028f 100644 --- a/2020/6xxx/CVE-2020-6377.json +++ b/2020/6xxx/CVE-2020-6377.json @@ -84,6 +84,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4355ea258e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" } ] }, From b0f28662d6f00f0a1ede9b3d29bc33c39e3eca5b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 20 Jan 2020 19:01:07 +0000 Subject: [PATCH 168/387] "-Synchronized-Data." --- 2019/11xxx/CVE-2019-11045.json | 5 +++++ 2019/11xxx/CVE-2019-11046.json | 5 +++++ 2019/11xxx/CVE-2019-11047.json | 5 +++++ 2019/11xxx/CVE-2019-11050.json | 5 +++++ 4 files changed, 20 insertions(+) diff --git a/2019/11xxx/CVE-2019-11045.json b/2019/11xxx/CVE-2019-11045.json index 5e429eade35..9d3c5a5a8f7 100644 --- a/2019/11xxx/CVE-2019-11045.json +++ b/2019/11xxx/CVE-2019-11045.json @@ -120,6 +120,11 @@ "refsource": "UBUNTU", "name": "USN-4239-1", "url": "https://usn.ubuntu.com/4239-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0080", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html" } ] }, diff --git a/2019/11xxx/CVE-2019-11046.json b/2019/11xxx/CVE-2019-11046.json index bffdb4abf80..d9f80ab7229 100644 --- a/2019/11xxx/CVE-2019-11046.json +++ b/2019/11xxx/CVE-2019-11046.json @@ -125,6 +125,11 @@ "refsource": "UBUNTU", "name": "USN-4239-1", "url": "https://usn.ubuntu.com/4239-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0080", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html" } ] }, diff --git a/2019/11xxx/CVE-2019-11047.json b/2019/11xxx/CVE-2019-11047.json index 173f2fa95a6..b25134ec273 100644 --- a/2019/11xxx/CVE-2019-11047.json +++ b/2019/11xxx/CVE-2019-11047.json @@ -120,6 +120,11 @@ "refsource": "UBUNTU", "name": "USN-4239-1", "url": "https://usn.ubuntu.com/4239-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0080", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html" } ] }, diff --git a/2019/11xxx/CVE-2019-11050.json b/2019/11xxx/CVE-2019-11050.json index 4909f97cd34..6b441068e0f 100644 --- a/2019/11xxx/CVE-2019-11050.json +++ b/2019/11xxx/CVE-2019-11050.json @@ -120,6 +120,11 @@ "refsource": "UBUNTU", "name": "USN-4239-1", "url": "https://usn.ubuntu.com/4239-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0080", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html" } ] }, From cb379511fbbad4cbea555e0822760e60ad79f76b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 20 Jan 2020 20:01:04 +0000 Subject: [PATCH 169/387] "-Synchronized-Data." --- 2018/10xxx/CVE-2018-10899.json | 5 +++ 2019/16xxx/CVE-2019-16405.json | 5 +++ 2019/19xxx/CVE-2019-19031.json | 5 +++ 2019/20xxx/CVE-2019-20382.json | 18 +++++++++ 2019/20xxx/CVE-2019-20383.json | 18 +++++++++ 2020/7xxx/CVE-2020-7239.json | 18 +++++++++ 2020/7xxx/CVE-2020-7240.json | 67 ++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7241.json | 67 ++++++++++++++++++++++++++++++++++ 8 files changed, 203 insertions(+) create mode 100644 2019/20xxx/CVE-2019-20382.json create mode 100644 2019/20xxx/CVE-2019-20383.json create mode 100644 2020/7xxx/CVE-2020-7239.json create mode 100644 2020/7xxx/CVE-2020-7240.json create mode 100644 2020/7xxx/CVE-2020-7241.json diff --git a/2018/10xxx/CVE-2018-10899.json b/2018/10xxx/CVE-2018-10899.json index 6f0e05e847f..6449c3346c7 100644 --- a/2018/10xxx/CVE-2018-10899.json +++ b/2018/10xxx/CVE-2018-10899.json @@ -68,6 +68,11 @@ "refsource": "MLIST", "name": "[activemq-issues] 20200102 [jira] [Created] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899", "url": "https://lists.apache.org/thread.html/1392fbebb4fbbec379a40d16e1288fe1e4c0289d257e5206051a3793@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200120 [jira] [Work logged] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899", + "url": "https://lists.apache.org/thread.html/rc169dac018d07e8ddf2a3bb2fd1efc6cbda4f83f1bbf7a8c798e7f4f@%3Cissues.activemq.apache.org%3E" } ] }, diff --git a/2019/16xxx/CVE-2019-16405.json b/2019/16xxx/CVE-2019-16405.json index 5d86c2298e4..781d5ee01a6 100644 --- a/2019/16xxx/CVE-2019-16405.json +++ b/2019/16xxx/CVE-2019-16405.json @@ -96,6 +96,11 @@ "refsource": "CONFIRM", "name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html", "url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155999/Centreon-19.04-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/155999/Centreon-19.04-Remote-Code-Execution.html" } ] } diff --git a/2019/19xxx/CVE-2019-19031.json b/2019/19xxx/CVE-2019-19031.json index 2e86aff4df5..c131663d88d 100644 --- a/2019/19xxx/CVE-2019-19031.json +++ b/2019/19xxx/CVE-2019-19031.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://hackpuntes.com/cve-2019-19031-easy-xml-editor-1-7-8-inyeccion-xml/", "url": "https://hackpuntes.com/cve-2019-19031-easy-xml-editor-1-7-8-inyeccion-xml/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155996/Easy-XML-Editor-1.7.8-XML-Injection.html", + "url": "http://packetstormsecurity.com/files/155996/Easy-XML-Editor-1.7.8-XML-Injection.html" } ] } diff --git a/2019/20xxx/CVE-2019-20382.json b/2019/20xxx/CVE-2019-20382.json new file mode 100644 index 00000000000..2305dcf0dcf --- /dev/null +++ b/2019/20xxx/CVE-2019-20382.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20382", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20383.json b/2019/20xxx/CVE-2019-20383.json new file mode 100644 index 00000000000..c84eb28de0e --- /dev/null +++ b/2019/20xxx/CVE-2019-20383.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20383", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7239.json b/2020/7xxx/CVE-2020-7239.json new file mode 100644 index 00000000000..0cb2705c289 --- /dev/null +++ b/2020/7xxx/CVE-2020-7239.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7239", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7240.json b/2020/7xxx/CVE-2020-7240.json new file mode 100644 index 00000000000..b93df28473c --- /dev/null +++ b/2020/7xxx/CVE-2020-7240.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/heinberg-lantime-m1000-rce.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/heinberg-lantime-m1000-rce.html" + }, + { + "url": "https://sku11army.blogspot.com/2020/01/meinberg-lantime-m1000-rce.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/meinberg-lantime-m1000-rce.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7241.json b/2020/7xxx/CVE-2020-7241.json new file mode 100644 index 00000000000..6dfcebe69c4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7241.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wp-database-backup/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-database-backup/#developers" + }, + { + "url": "https://github.com/V1n1v131r4/Exploiting-WP-Database-Backup-WordPress-Plugin/blob/master/README.md", + "refsource": "MISC", + "name": "https://github.com/V1n1v131r4/Exploiting-WP-Database-Backup-WordPress-Plugin/blob/master/README.md" + } + ] + } +} \ No newline at end of file From c58a9ad90fd57ec3d14e696648d67cbca268878e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 20 Jan 2020 22:01:09 +0000 Subject: [PATCH 170/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7242.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7243.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7244.json | 62 ++++++++++++++++++++++++++++++++++++ 3 files changed, 186 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7242.json create mode 100644 2020/7xxx/CVE-2020-7243.json create mode 100644 2020/7xxx/CVE-2020-7244.json diff --git a/2020/7xxx/CVE-2020-7242.json b/2020/7xxx/CVE-2020-7242.json new file mode 100644 index 00000000000..fc2e3662da4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7242.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Diagnostics Trace Route page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/comtech-authenticated-rce-on-comtech.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/comtech-authenticated-rce-on-comtech.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7243.json b/2020/7xxx/CVE-2020-7243.json new file mode 100644 index 00000000000..daa7357efe2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7243.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/comtech-multiple-authenticated-rce-on.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/comtech-multiple-authenticated-rce-on.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7244.json b/2020/7xxx/CVE-2020-7244.json new file mode 100644 index 00000000000..4bcf72604b5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7244.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router IP Address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/comtech-multiple-authenticated-rce-on.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/comtech-multiple-authenticated-rce-on.html" + } + ] + } +} \ No newline at end of file From 8b179ee13f62712bddb40557de84a4cacf7eec87 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 20 Jan 2020 23:01:05 +0000 Subject: [PATCH 171/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7245.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7246.json | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7245.json create mode 100644 2020/7xxx/CVE-2020-7246.json diff --git a/2020/7xxx/CVE-2020-7245.json b/2020/7xxx/CVE-2020-7245.json new file mode 100644 index 00000000000..97a3b1d7b7c --- /dev/null +++ b/2020/7xxx/CVE-2020-7245.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7245", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7246.json b/2020/7xxx/CVE-2020-7246.json new file mode 100644 index 00000000000..5e8bee34dae --- /dev/null +++ b/2020/7xxx/CVE-2020-7246.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7246", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 9fdc3ea773f1c25c26d53f59eeb469087ddeea24 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 00:01:10 +0000 Subject: [PATCH 172/387] "-Synchronized-Data." --- 2019/13xxx/CVE-2019-13725.json | 5 +++ 2019/13xxx/CVE-2019-13726.json | 5 +++ 2019/13xxx/CVE-2019-13727.json | 5 +++ 2019/13xxx/CVE-2019-13728.json | 5 +++ 2019/13xxx/CVE-2019-13729.json | 5 +++ 2019/13xxx/CVE-2019-13730.json | 5 +++ 2019/13xxx/CVE-2019-13732.json | 5 +++ 2019/13xxx/CVE-2019-13734.json | 5 +++ 2019/13xxx/CVE-2019-13735.json | 5 +++ 2019/13xxx/CVE-2019-13736.json | 5 +++ 2019/13xxx/CVE-2019-13737.json | 5 +++ 2019/13xxx/CVE-2019-13738.json | 5 +++ 2019/13xxx/CVE-2019-13739.json | 5 +++ 2019/13xxx/CVE-2019-13740.json | 5 +++ 2019/13xxx/CVE-2019-13741.json | 5 +++ 2019/13xxx/CVE-2019-13742.json | 5 +++ 2019/13xxx/CVE-2019-13743.json | 5 +++ 2019/13xxx/CVE-2019-13744.json | 5 +++ 2019/13xxx/CVE-2019-13745.json | 5 +++ 2019/13xxx/CVE-2019-13746.json | 5 +++ 2019/13xxx/CVE-2019-13747.json | 5 +++ 2019/13xxx/CVE-2019-13748.json | 5 +++ 2019/13xxx/CVE-2019-13749.json | 5 +++ 2019/13xxx/CVE-2019-13750.json | 5 +++ 2019/13xxx/CVE-2019-13751.json | 5 +++ 2019/13xxx/CVE-2019-13752.json | 5 +++ 2019/13xxx/CVE-2019-13753.json | 5 +++ 2019/13xxx/CVE-2019-13754.json | 5 +++ 2019/13xxx/CVE-2019-13755.json | 5 +++ 2019/13xxx/CVE-2019-13756.json | 5 +++ 2019/13xxx/CVE-2019-13757.json | 5 +++ 2019/13xxx/CVE-2019-13758.json | 5 +++ 2019/13xxx/CVE-2019-13759.json | 5 +++ 2019/13xxx/CVE-2019-13761.json | 5 +++ 2019/13xxx/CVE-2019-13762.json | 5 +++ 2019/13xxx/CVE-2019-13763.json | 5 +++ 2019/13xxx/CVE-2019-13764.json | 5 +++ 2019/13xxx/CVE-2019-13767.json | 5 +++ 2019/20xxx/CVE-2019-20384.json | 62 ++++++++++++++++++++++++++++++++++ 2020/6xxx/CVE-2020-6377.json | 5 +++ 2020/7xxx/CVE-2020-7247.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7248.json | 18 ++++++++++ 42 files changed, 293 insertions(+) create mode 100644 2019/20xxx/CVE-2019-20384.json create mode 100644 2020/7xxx/CVE-2020-7247.json create mode 100644 2020/7xxx/CVE-2020-7248.json diff --git a/2019/13xxx/CVE-2019-13725.json b/2019/13xxx/CVE-2019-13725.json index 1f2a942d5f2..16a43184f67 100644 --- a/2019/13xxx/CVE-2019-13725.json +++ b/2019/13xxx/CVE-2019-13725.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13726.json b/2019/13xxx/CVE-2019-13726.json index d03b5a4d5cc..df796d4c41e 100644 --- a/2019/13xxx/CVE-2019-13726.json +++ b/2019/13xxx/CVE-2019-13726.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13727.json b/2019/13xxx/CVE-2019-13727.json index cd2ecdab9d9..87bc23523b3 100644 --- a/2019/13xxx/CVE-2019-13727.json +++ b/2019/13xxx/CVE-2019-13727.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13728.json b/2019/13xxx/CVE-2019-13728.json index b199c4d91a4..b6afa0dba09 100644 --- a/2019/13xxx/CVE-2019-13728.json +++ b/2019/13xxx/CVE-2019-13728.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13729.json b/2019/13xxx/CVE-2019-13729.json index 393bbf30358..d1cc2c82711 100644 --- a/2019/13xxx/CVE-2019-13729.json +++ b/2019/13xxx/CVE-2019-13729.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13730.json b/2019/13xxx/CVE-2019-13730.json index a64c8befc02..f957d756e80 100644 --- a/2019/13xxx/CVE-2019-13730.json +++ b/2019/13xxx/CVE-2019-13730.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13732.json b/2019/13xxx/CVE-2019-13732.json index 6d17f395ab3..80482add2bc 100644 --- a/2019/13xxx/CVE-2019-13732.json +++ b/2019/13xxx/CVE-2019-13732.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13734.json b/2019/13xxx/CVE-2019-13734.json index b1e6fda2b5e..775b709fcbf 100644 --- a/2019/13xxx/CVE-2019-13734.json +++ b/2019/13xxx/CVE-2019-13734.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13735.json b/2019/13xxx/CVE-2019-13735.json index c91e32764d3..9271f39466f 100644 --- a/2019/13xxx/CVE-2019-13735.json +++ b/2019/13xxx/CVE-2019-13735.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13736.json b/2019/13xxx/CVE-2019-13736.json index d67b26842ba..ac55f651ead 100644 --- a/2019/13xxx/CVE-2019-13736.json +++ b/2019/13xxx/CVE-2019-13736.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13737.json b/2019/13xxx/CVE-2019-13737.json index 662eeabfff8..6a750f11537 100644 --- a/2019/13xxx/CVE-2019-13737.json +++ b/2019/13xxx/CVE-2019-13737.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13738.json b/2019/13xxx/CVE-2019-13738.json index d9dba863357..c869cfd9ade 100644 --- a/2019/13xxx/CVE-2019-13738.json +++ b/2019/13xxx/CVE-2019-13738.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13739.json b/2019/13xxx/CVE-2019-13739.json index ad066cc79df..c6144d58682 100644 --- a/2019/13xxx/CVE-2019-13739.json +++ b/2019/13xxx/CVE-2019-13739.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13740.json b/2019/13xxx/CVE-2019-13740.json index 81af630ecf1..5b49dd76439 100644 --- a/2019/13xxx/CVE-2019-13740.json +++ b/2019/13xxx/CVE-2019-13740.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13741.json b/2019/13xxx/CVE-2019-13741.json index ee7b3eeab3e..8a7b272fde5 100644 --- a/2019/13xxx/CVE-2019-13741.json +++ b/2019/13xxx/CVE-2019-13741.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13742.json b/2019/13xxx/CVE-2019-13742.json index 9c6ba5f2422..6b2cbb227ec 100644 --- a/2019/13xxx/CVE-2019-13742.json +++ b/2019/13xxx/CVE-2019-13742.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13743.json b/2019/13xxx/CVE-2019-13743.json index e042c7c8f99..8608ebe5c96 100644 --- a/2019/13xxx/CVE-2019-13743.json +++ b/2019/13xxx/CVE-2019-13743.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13744.json b/2019/13xxx/CVE-2019-13744.json index 514002c583a..f85071ec2f6 100644 --- a/2019/13xxx/CVE-2019-13744.json +++ b/2019/13xxx/CVE-2019-13744.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13745.json b/2019/13xxx/CVE-2019-13745.json index deaaaef28b3..6042d6d525e 100644 --- a/2019/13xxx/CVE-2019-13745.json +++ b/2019/13xxx/CVE-2019-13745.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13746.json b/2019/13xxx/CVE-2019-13746.json index 4ebfa39747a..097991c8027 100644 --- a/2019/13xxx/CVE-2019-13746.json +++ b/2019/13xxx/CVE-2019-13746.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13747.json b/2019/13xxx/CVE-2019-13747.json index f0f7f4f4550..bb8d2a5564c 100644 --- a/2019/13xxx/CVE-2019-13747.json +++ b/2019/13xxx/CVE-2019-13747.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13748.json b/2019/13xxx/CVE-2019-13748.json index b05ad9cd749..f871619cabd 100644 --- a/2019/13xxx/CVE-2019-13748.json +++ b/2019/13xxx/CVE-2019-13748.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13749.json b/2019/13xxx/CVE-2019-13749.json index 059085f9c8f..436d6e67f49 100644 --- a/2019/13xxx/CVE-2019-13749.json +++ b/2019/13xxx/CVE-2019-13749.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13750.json b/2019/13xxx/CVE-2019-13750.json index 4f01b345be6..dc9b759193c 100644 --- a/2019/13xxx/CVE-2019-13750.json +++ b/2019/13xxx/CVE-2019-13750.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13751.json b/2019/13xxx/CVE-2019-13751.json index a09fc7e2557..edd00762e89 100644 --- a/2019/13xxx/CVE-2019-13751.json +++ b/2019/13xxx/CVE-2019-13751.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13752.json b/2019/13xxx/CVE-2019-13752.json index 2b2d1b02abc..cac068e03eb 100644 --- a/2019/13xxx/CVE-2019-13752.json +++ b/2019/13xxx/CVE-2019-13752.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13753.json b/2019/13xxx/CVE-2019-13753.json index 9f015e7596f..db7d31993ff 100644 --- a/2019/13xxx/CVE-2019-13753.json +++ b/2019/13xxx/CVE-2019-13753.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13754.json b/2019/13xxx/CVE-2019-13754.json index 0086d1942cb..e9b22b56227 100644 --- a/2019/13xxx/CVE-2019-13754.json +++ b/2019/13xxx/CVE-2019-13754.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13755.json b/2019/13xxx/CVE-2019-13755.json index db0502702be..d41bb69371e 100644 --- a/2019/13xxx/CVE-2019-13755.json +++ b/2019/13xxx/CVE-2019-13755.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13756.json b/2019/13xxx/CVE-2019-13756.json index c3076d84d88..5dc723bc96e 100644 --- a/2019/13xxx/CVE-2019-13756.json +++ b/2019/13xxx/CVE-2019-13756.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13757.json b/2019/13xxx/CVE-2019-13757.json index 634beba427f..c8fec6e6ba4 100644 --- a/2019/13xxx/CVE-2019-13757.json +++ b/2019/13xxx/CVE-2019-13757.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13758.json b/2019/13xxx/CVE-2019-13758.json index fc98689a0cd..3ee5742bfcd 100644 --- a/2019/13xxx/CVE-2019-13758.json +++ b/2019/13xxx/CVE-2019-13758.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13759.json b/2019/13xxx/CVE-2019-13759.json index b658d692155..d049432dbd7 100644 --- a/2019/13xxx/CVE-2019-13759.json +++ b/2019/13xxx/CVE-2019-13759.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13761.json b/2019/13xxx/CVE-2019-13761.json index acdf545ea25..2bf751c339e 100644 --- a/2019/13xxx/CVE-2019-13761.json +++ b/2019/13xxx/CVE-2019-13761.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13762.json b/2019/13xxx/CVE-2019-13762.json index de42b89570e..71614f0e43e 100644 --- a/2019/13xxx/CVE-2019-13762.json +++ b/2019/13xxx/CVE-2019-13762.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13763.json b/2019/13xxx/CVE-2019-13763.json index b78383fec4c..753ee2b9807 100644 --- a/2019/13xxx/CVE-2019-13763.json +++ b/2019/13xxx/CVE-2019-13763.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13764.json b/2019/13xxx/CVE-2019-13764.json index c30b2071ac6..eb9239db2b7 100644 --- a/2019/13xxx/CVE-2019-13764.json +++ b/2019/13xxx/CVE-2019-13764.json @@ -84,6 +84,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13767.json b/2019/13xxx/CVE-2019-13767.json index ab0f0b952ae..4b4ca849514 100644 --- a/2019/13xxx/CVE-2019-13767.json +++ b/2019/13xxx/CVE-2019-13767.json @@ -69,6 +69,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/20xxx/CVE-2019-20384.json b/2019/20xxx/CVE-2019-20384.json new file mode 100644 index 00000000000..ea1641eadd6 --- /dev/null +++ b/2019/20xxx/CVE-2019-20384.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.gentoo.org/692492", + "refsource": "MISC", + "name": "https://bugs.gentoo.org/692492" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6377.json b/2020/6xxx/CVE-2020-6377.json index 3696867028f..e29546eabb1 100644 --- a/2020/6xxx/CVE-2020-6377.json +++ b/2020/6xxx/CVE-2020-6377.json @@ -89,6 +89,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2020/7xxx/CVE-2020-7247.json b/2020/7xxx/CVE-2020-7247.json new file mode 100644 index 00000000000..7795c5ec6f8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7247.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7247", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7248.json b/2020/7xxx/CVE-2020-7248.json new file mode 100644 index 00000000000..3d6777b0b8e --- /dev/null +++ b/2020/7xxx/CVE-2020-7248.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7248", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 749ea5a0b55ea010259db31958d77c6b1c28fbd5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 01:01:07 +0000 Subject: [PATCH 173/387] "-Synchronized-Data." --- 2019/19xxx/CVE-2019-19126.json | 5 +++ 2019/20xxx/CVE-2019-20385.json | 62 ++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7249.json | 62 ++++++++++++++++++++++++++++++++++ 3 files changed, 129 insertions(+) create mode 100644 2019/20xxx/CVE-2019-20385.json create mode 100644 2020/7xxx/CVE-2020-7249.json diff --git a/2019/19xxx/CVE-2019-19126.json b/2019/19xxx/CVE-2019-19126.json index 8fde04650d7..377066117ab 100644 --- a/2019/19xxx/CVE-2019-19126.json +++ b/2019/19xxx/CVE-2019-19126.json @@ -56,6 +56,11 @@ "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25204", "refsource": "MISC", "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-1a3bdfde17", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/" } ] } diff --git a/2019/20xxx/CVE-2019-20385.json b/2019/20xxx/CVE-2019-20385.json new file mode 100644 index 00000000000..9b36bd65331 --- /dev/null +++ b/2019/20xxx/CVE-2019-20385.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CSV upload feature in /supervisor/procesa_carga.php on Logaritmo Aware CallManager 2012 devices allows upload of .php files with a text/* content type. The PHP code can then be executed by visiting a /supervisor/csv/ URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://xpl0ited.blogspot.com/2019/11/unrestricted-file-upload-at-logaritmo.html", + "refsource": "MISC", + "name": "https://xpl0ited.blogspot.com/2019/11/unrestricted-file-upload-at-logaritmo.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7249.json b/2020/7xxx/CVE-2020-7249.json new file mode 100644 index 00000000000..4926da11a16 --- /dev/null +++ b/2020/7xxx/CVE-2020-7249.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on the WiFi Network Configuration page (after a successful login to the admin account)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/smc-networks-stored-cross-site.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/smc-networks-stored-cross-site.html" + } + ] + } +} \ No newline at end of file From e815d89442aa7f46311ade0e845f1c11acc65210 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 04:01:07 +0000 Subject: [PATCH 174/387] "-Synchronized-Data." --- 2019/16xxx/CVE-2019-16239.json | 5 +++++ 2019/5xxx/CVE-2019-5094.json | 5 +++++ 2019/5xxx/CVE-2019-5188.json | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/2019/16xxx/CVE-2019-16239.json b/2019/16xxx/CVE-2019-16239.json index ca05ac62456..21ebca701c7 100644 --- a/2019/16xxx/CVE-2019-16239.json +++ b/2019/16xxx/CVE-2019-16239.json @@ -91,6 +91,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2388", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00061.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4607", + "url": "https://www.debian.org/security/2020/dsa-4607" } ] } diff --git a/2019/5xxx/CVE-2019-5094.json b/2019/5xxx/CVE-2019-5094.json index e6abbd57a29..e8f1a304057 100644 --- a/2019/5xxx/CVE-2019-5094.json +++ b/2019/5xxx/CVE-2019-5094.json @@ -78,6 +78,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200115-0002/", "url": "https://security.netapp.com/advisory/ntap-20200115-0002/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a724cc7926", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/" } ] }, diff --git a/2019/5xxx/CVE-2019-5188.json b/2019/5xxx/CVE-2019-5188.json index 80361dd80ff..b683d3e4e5a 100644 --- a/2019/5xxx/CVE-2019-5188.json +++ b/2019/5xxx/CVE-2019-5188.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a724cc7926", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/" } ] }, From 756b9036e42a89fea823b766a9829077252d39a0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 05:01:06 +0000 Subject: [PATCH 175/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7239.json | 61 ++++++++++++++++++++++++++++++++---- 1 file changed, 55 insertions(+), 6 deletions(-) diff --git a/2020/7xxx/CVE-2020-7239.json b/2020/7xxx/CVE-2020-7239.json index 0cb2705c289..eefb4357ba7 100644 --- a/2020/7xxx/CVE-2020-7239.json +++ b/2020/7xxx/CVE-2020-7239.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7239", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7239", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/conversation-watson/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/conversation-watson/#developers" + }, + { + "refsource": "MISC", + "name": "https://www.hooperlabs.xyz/disclosures/cve-2020-7239.php", + "url": "https://www.hooperlabs.xyz/disclosures/cve-2020-7239.php" } ] } From ecc051f24cb0b404e26ae46d04e1742055d2e308 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 06:01:07 +0000 Subject: [PATCH 176/387] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10219.json | 5 +++ 2019/14xxx/CVE-2019-14540.json | 5 +++ 2019/16xxx/CVE-2019-16335.json | 10 ++++++ 2019/16xxx/CVE-2019-16869.json | 10 ++++++ 2019/16xxx/CVE-2019-16942.json | 5 +++ 2019/16xxx/CVE-2019-16943.json | 5 +++ 2019/17xxx/CVE-2019-17267.json | 5 +++ 2019/17xxx/CVE-2019-17531.json | 10 ++++++ 2019/20xxx/CVE-2019-20386.json | 62 ++++++++++++++++++++++++++++++++++ 2020/2xxx/CVE-2020-2583.json | 5 +++ 2020/2xxx/CVE-2020-2590.json | 5 +++ 2020/2xxx/CVE-2020-2593.json | 5 +++ 2020/2xxx/CVE-2020-2601.json | 5 +++ 2020/2xxx/CVE-2020-2604.json | 5 +++ 2020/2xxx/CVE-2020-2654.json | 5 +++ 2020/2xxx/CVE-2020-2659.json | 5 +++ 16 files changed, 152 insertions(+) create mode 100644 2019/20xxx/CVE-2019-20386.json diff --git a/2019/10xxx/CVE-2019-10219.json b/2019/10xxx/CVE-2019-10219.json index fa3a29cff98..bcf654979f8 100644 --- a/2019/10xxx/CVE-2019-10219.json +++ b/2019/10xxx/CVE-2019-10219.json @@ -63,6 +63,11 @@ "refsource": "MLIST", "name": "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime commented on issue #1469: Update hibernate-validator. Fixes CVE-2019-10219", "url": "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d@%3Cnotifications.accumulo.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0164", + "url": "https://access.redhat.com/errata/RHSA-2020:0164" } ] }, diff --git a/2019/14xxx/CVE-2019-14540.json b/2019/14xxx/CVE-2019-14540.json index c94708b43ab..9cc045ec046 100644 --- a/2019/14xxx/CVE-2019-14540.json +++ b/2019/14xxx/CVE-2019-14540.json @@ -166,6 +166,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0164", + "url": "https://access.redhat.com/errata/RHSA-2020:0164" } ] } diff --git a/2019/16xxx/CVE-2019-16335.json b/2019/16xxx/CVE-2019-16335.json index 80d2b3819cf..649ffe75072 100644 --- a/2019/16xxx/CVE-2019-16335.json +++ b/2019/16xxx/CVE-2019-16335.json @@ -151,6 +151,16 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0164", + "url": "https://access.redhat.com/errata/RHSA-2020:0164" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0159", + "url": "https://access.redhat.com/errata/RHSA-2020:0159" } ] } diff --git a/2019/16xxx/CVE-2019-16869.json b/2019/16xxx/CVE-2019-16869.json index 9f8345092ae..b3e12c8d485 100644 --- a/2019/16xxx/CVE-2019-16869.json +++ b/2019/16xxx/CVE-2019-16869.json @@ -271,6 +271,16 @@ "refsource": "BUGTRAQ", "name": "20200105 [SECURITY] [DSA 4597-1] netty security update", "url": "https://seclists.org/bugtraq/2020/Jan/6" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0164", + "url": "https://access.redhat.com/errata/RHSA-2020:0164" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0159", + "url": "https://access.redhat.com/errata/RHSA-2020:0159" } ] } diff --git a/2019/16xxx/CVE-2019-16942.json b/2019/16xxx/CVE-2019-16942.json index 5d0691bf3be..183060d5bf1 100644 --- a/2019/16xxx/CVE-2019-16942.json +++ b/2019/16xxx/CVE-2019-16942.json @@ -136,6 +136,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0164", + "url": "https://access.redhat.com/errata/RHSA-2020:0164" } ] } diff --git a/2019/16xxx/CVE-2019-16943.json b/2019/16xxx/CVE-2019-16943.json index e6bbda5371e..ca6ded206b5 100644 --- a/2019/16xxx/CVE-2019-16943.json +++ b/2019/16xxx/CVE-2019-16943.json @@ -131,6 +131,11 @@ "refsource": "MLIST", "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0164", + "url": "https://access.redhat.com/errata/RHSA-2020:0164" } ] } diff --git a/2019/17xxx/CVE-2019-17267.json b/2019/17xxx/CVE-2019-17267.json index 5d4039877cc..e9c819d5bc0 100644 --- a/2019/17xxx/CVE-2019-17267.json +++ b/2019/17xxx/CVE-2019-17267.json @@ -101,6 +101,11 @@ "refsource": "MLIST", "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0164", + "url": "https://access.redhat.com/errata/RHSA-2020:0164" } ] } diff --git a/2019/17xxx/CVE-2019-17531.json b/2019/17xxx/CVE-2019-17531.json index 136db72193d..31021403fde 100644 --- a/2019/17xxx/CVE-2019-17531.json +++ b/2019/17xxx/CVE-2019-17531.json @@ -91,6 +91,16 @@ "refsource": "MLIST", "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0164", + "url": "https://access.redhat.com/errata/RHSA-2020:0164" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0159", + "url": "https://access.redhat.com/errata/RHSA-2020:0159" } ] } diff --git a/2019/20xxx/CVE-2019-20386.json b/2019/20xxx/CVE-2019-20386.json new file mode 100644 index 00000000000..4c791281cda --- /dev/null +++ b/2019/20xxx/CVE-2019-20386.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", + "refsource": "MISC", + "name": "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad" + } + ] + } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2583.json b/2020/2xxx/CVE-2020-2583.json index 41312aa22d2..b470d474f92 100644 --- a/2020/2xxx/CVE-2020-2583.json +++ b/2020/2xxx/CVE-2020-2583.json @@ -81,6 +81,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", "url": "https://seclists.org/bugtraq/2020/Jan/24" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0157", + "url": "https://access.redhat.com/errata/RHSA-2020:0157" } ] } diff --git a/2020/2xxx/CVE-2020-2590.json b/2020/2xxx/CVE-2020-2590.json index 49d0ae123ad..2bc6d5c1ad1 100644 --- a/2020/2xxx/CVE-2020-2590.json +++ b/2020/2xxx/CVE-2020-2590.json @@ -81,6 +81,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", "url": "https://seclists.org/bugtraq/2020/Jan/24" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0157", + "url": "https://access.redhat.com/errata/RHSA-2020:0157" } ] } diff --git a/2020/2xxx/CVE-2020-2593.json b/2020/2xxx/CVE-2020-2593.json index 5f192b5c044..d3a5a84a904 100644 --- a/2020/2xxx/CVE-2020-2593.json +++ b/2020/2xxx/CVE-2020-2593.json @@ -81,6 +81,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", "url": "https://seclists.org/bugtraq/2020/Jan/24" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0157", + "url": "https://access.redhat.com/errata/RHSA-2020:0157" } ] } diff --git a/2020/2xxx/CVE-2020-2601.json b/2020/2xxx/CVE-2020-2601.json index d51f55adc5a..9a7ee49eedb 100644 --- a/2020/2xxx/CVE-2020-2601.json +++ b/2020/2xxx/CVE-2020-2601.json @@ -81,6 +81,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", "url": "https://seclists.org/bugtraq/2020/Jan/24" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0157", + "url": "https://access.redhat.com/errata/RHSA-2020:0157" } ] } diff --git a/2020/2xxx/CVE-2020-2604.json b/2020/2xxx/CVE-2020-2604.json index 4a0be4de370..6a4c5e89cdc 100644 --- a/2020/2xxx/CVE-2020-2604.json +++ b/2020/2xxx/CVE-2020-2604.json @@ -81,6 +81,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", "url": "https://seclists.org/bugtraq/2020/Jan/24" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0157", + "url": "https://access.redhat.com/errata/RHSA-2020:0157" } ] } diff --git a/2020/2xxx/CVE-2020-2654.json b/2020/2xxx/CVE-2020-2654.json index cb4050058cd..b5527885c7f 100644 --- a/2020/2xxx/CVE-2020-2654.json +++ b/2020/2xxx/CVE-2020-2654.json @@ -77,6 +77,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", "url": "https://seclists.org/bugtraq/2020/Jan/24" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0157", + "url": "https://access.redhat.com/errata/RHSA-2020:0157" } ] } diff --git a/2020/2xxx/CVE-2020-2659.json b/2020/2xxx/CVE-2020-2659.json index 6c5b233aee5..391d37e1559 100644 --- a/2020/2xxx/CVE-2020-2659.json +++ b/2020/2xxx/CVE-2020-2659.json @@ -61,6 +61,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0157", + "url": "https://access.redhat.com/errata/RHSA-2020:0157" } ] } From b94fc50435ca7aa672820ae29d1d29be61de0986 Mon Sep 17 00:00:00 2001 From: Sameesh Mukundan Date: Tue, 21 Jan 2020 11:57:18 +0530 Subject: [PATCH 177/387] Qualcomm_1-21-2020_CVEs --- 2019/10xxx/CVE-2019-10532.json | 72 +++++++++++++++++++++++++++------- 2019/10xxx/CVE-2019-10548.json | 72 +++++++++++++++++++++++++++------- 2019/10xxx/CVE-2019-10558.json | 72 +++++++++++++++++++++++++++------- 2019/10xxx/CVE-2019-10561.json | 72 +++++++++++++++++++++++++++------- 2019/10xxx/CVE-2019-10578.json | 72 +++++++++++++++++++++++++++------- 2019/10xxx/CVE-2019-10579.json | 72 +++++++++++++++++++++++++++------- 2019/10xxx/CVE-2019-10581.json | 72 +++++++++++++++++++++++++++------- 2019/10xxx/CVE-2019-10582.json | 72 +++++++++++++++++++++++++++------- 2019/10xxx/CVE-2019-10583.json | 72 +++++++++++++++++++++++++++------- 2019/10xxx/CVE-2019-10585.json | 72 +++++++++++++++++++++++++++------- 2019/10xxx/CVE-2019-10602.json | 72 +++++++++++++++++++++++++++------- 2019/10xxx/CVE-2019-10606.json | 72 +++++++++++++++++++++++++++------- 2019/10xxx/CVE-2019-10611.json | 72 +++++++++++++++++++++++++++------- 2019/14xxx/CVE-2019-14003.json | 62 +++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14004.json | 62 +++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14005.json | 62 +++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14006.json | 62 +++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14008.json | 62 +++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14010.json | 62 +++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14013.json | 62 +++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14014.json | 62 +++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14016.json | 62 +++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14017.json | 62 +++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14023.json | 62 +++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14024.json | 62 +++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14034.json | 62 +++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14036.json | 62 +++++++++++++++++++++++++++++ 2019/2xxx/CVE-2019-2267.json | 72 +++++++++++++++++++++++++++------- 28 files changed, 1680 insertions(+), 196 deletions(-) create mode 100644 2019/14xxx/CVE-2019-14003.json create mode 100644 2019/14xxx/CVE-2019-14004.json create mode 100644 2019/14xxx/CVE-2019-14005.json create mode 100644 2019/14xxx/CVE-2019-14006.json create mode 100644 2019/14xxx/CVE-2019-14008.json create mode 100644 2019/14xxx/CVE-2019-14010.json create mode 100644 2019/14xxx/CVE-2019-14013.json create mode 100644 2019/14xxx/CVE-2019-14014.json create mode 100644 2019/14xxx/CVE-2019-14016.json create mode 100644 2019/14xxx/CVE-2019-14017.json create mode 100644 2019/14xxx/CVE-2019-14023.json create mode 100644 2019/14xxx/CVE-2019-14024.json create mode 100644 2019/14xxx/CVE-2019-14034.json create mode 100644 2019/14xxx/CVE-2019-14036.json diff --git a/2019/10xxx/CVE-2019-10532.json b/2019/10xxx/CVE-2019-10532.json index 1b9b58b1ff5..2b9b3458bce 100644 --- a/2019/10xxx/CVE-2019-10532.json +++ b/2019/10xxx/CVE-2019-10532.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10532", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Null-pointer dereference issue can occur while calculating string length when source string length is zero in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Over-read Issue in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10548.json b/2019/10xxx/CVE-2019-10548.json index ddcb28ee9ca..5ef59551fc7 100644 --- a/2019/10xxx/CVE-2019-10548.json +++ b/2019/10xxx/CVE-2019-10548.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10548", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8053, APQ8096AU, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SXR1130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "While trying to obtain datad ipc handle during DPL initialization, Heap use-after-free issue can occur if modem SSR occurs at same time in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SXR1130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-After-Free Issue in HLOS Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10558.json b/2019/10xxx/CVE-2019-10558.json index 4cb622a4042..19a522c3e98 100644 --- a/2019/10xxx/CVE-2019-10558.json +++ b/2019/10xxx/CVE-2019-10558.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10558", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "While transferring data from APPS to DSP, Out of bound in FastRPC HLOS Driver due to the data buffer which can be controlled by DSP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of Operation Within the Bounds of a Memory Buffer in DSP Services" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10561.json b/2019/10xxx/CVE-2019-10561.json index 0da707984a0..a70dc8ced21 100644 --- a/2019/10xxx/CVE-2019-10561.json +++ b/2019/10xxx/CVE-2019-10561.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10561", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper initialization of local variables which are parameters to sfs api may cause invalid pointer dereference and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Configuration Issue in Content Protection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10578.json b/2019/10xxx/CVE-2019-10578.json index 9a1ef887f38..e4960bff7dd 100644 --- a/2019/10xxx/CVE-2019-10578.json +++ b/2019/10xxx/CVE-2019-10578.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10578", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Null pointer dereference can occur while parsing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10579.json b/2019/10xxx/CVE-2019-10579.json index 4b3e89ce6d5..912cb149e2d 100644 --- a/2019/10xxx/CVE-2019-10579.json +++ b/2019/10xxx/CVE-2019-10579.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10579", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer over-read can occur while playing the video clip which is not standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Over-read in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10581.json b/2019/10xxx/CVE-2019-10581.json index 53a8b351a27..deec07b26e0 100644 --- a/2019/10xxx/CVE-2019-10581.json +++ b/2019/10xxx/CVE-2019-10581.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10581", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8053, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8998, Nicobar, QCS605, Rennell, SA6155P, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NULL is assigned to local instance of audio device pointer after free instead of global static pointer and can lead to use after free issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8998, Nicobar, QCS605, Rennell, SA6155P, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free Issue in Audio" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10582.json b/2019/10xxx/CVE-2019-10582.json index 6df8b8addfd..12d0f5d812e 100644 --- a/2019/10xxx/CVE-2019-10582.json +++ b/2019/10xxx/CVE-2019-10582.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10582", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8096AU, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use after free issue due to using of invalidated iterator to delete an object in sensors HAL in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free Issue in Sensors HAL" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10583.json b/2019/10xxx/CVE-2019-10583.json index 510d60e3085..319906a7ef7 100644 --- a/2019/10xxx/CVE-2019-10583.json +++ b/2019/10xxx/CVE-2019-10583.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10583", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8096AU, MDM9607, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use after free issue occurs when camera access sensors data through direct report mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, MDM9607, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free Issue in Camera" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10585.json b/2019/10xxx/CVE-2019-10585.json index bdc59ea5d78..e5e3271f0fc 100644 --- a/2019/10xxx/CVE-2019-10585.json +++ b/2019/10xxx/CVE-2019-10585.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10585", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8053, MDM9607, MDM9640, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Possible integer overflow happens when mmap find function will increment refcount every time when it invokes and can lead to use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, MDM9607, MDM9640, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free issue in DSP Services" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10602.json b/2019/10xxx/CVE-2019-10602.json index 886c18f0384..9121720fc69 100644 --- a/2019/10xxx/CVE-2019-10602.json +++ b/2019/10xxx/CVE-2019-10602.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10602", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCS605, SDA660, SDM845, SDX20, SM8150" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Potential use-after-free heap error during Validate/Present calls on display HW composer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCS605, SDA660, SDM845, SDX20, SM8150" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free Issue in Display" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10606.json b/2019/10xxx/CVE-2019-10606.json index f3d36f342a6..12062de2feb 100644 --- a/2019/10xxx/CVE-2019-10606.json +++ b/2019/10xxx/CVE-2019-10606.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10606", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, QCS605, SDX24" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Out-of-bound access will occur in USB driver due to lack of check to validate the frame size passed by user in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, QCS605, SDX24" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in USB" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10611.json b/2019/10xxx/CVE-2019-10611.json index af357e1857f..ed7c40d3872 100644 --- a/2019/10xxx/CVE-2019-10611.json +++ b/2019/10xxx/CVE-2019-10611.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10611", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow can occur while processing clip due to lack of check of object size before parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow to Buffer Overflow Issue in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14003.json b/2019/14xxx/CVE-2019-14003.json new file mode 100644 index 00000000000..33841f279aa --- /dev/null +++ b/2019/14xxx/CVE-2019-14003.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Null pointer exception can happen while parsing invalid MKV clip where cue information is parsed before segment information in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14004.json b/2019/14xxx/CVE-2019-14004.json new file mode 100644 index 00000000000..68470f467b6 --- /dev/null +++ b/2019/14xxx/CVE-2019-14004.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow occurs while processing invalid MKV clip, which has invalid EBML size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14005.json b/2019/14xxx/CVE-2019-14005.json new file mode 100644 index 00000000000..ec4032ad1b5 --- /dev/null +++ b/2019/14xxx/CVE-2019-14005.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow occur while playing the clip which is nonstandard due to lack of check of size duration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14006.json b/2019/14xxx/CVE-2019-14006.json new file mode 100644 index 00000000000..e42c15e00b4 --- /dev/null +++ b/2019/14xxx/CVE-2019-14006.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow occur while playing the clip which is nonstandard due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14008.json b/2019/14xxx/CVE-2019-14008.json new file mode 100644 index 00000000000..2940078c58d --- /dev/null +++ b/2019/14xxx/CVE-2019-14008.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Possible null pointer dereference issue in location assistance data processing due to missing null check on resources before using it in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Null Pointer Dereference Issue in GPS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14010.json b/2019/14xxx/CVE-2019-14010.json new file mode 100644 index 00000000000..b715e618f10 --- /dev/null +++ b/2019/14xxx/CVE-2019-14010.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music", + "version": { + "version_data": [ + { + "version_value": "MDM9607, Nicobar, Rennell, SA6155P, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The device may enter into error state when some tool or application gets failure at 1st buffer map all and performs 2nd buffer map which happens to be at same physical address in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, Rennell, SA6155P, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in Audio" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14013.json b/2019/14xxx/CVE-2019-14013.json new file mode 100644 index 00000000000..951ed663c0c --- /dev/null +++ b/2019/14xxx/CVE-2019-14013.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "While parsing invalid super index table, elements within super index table may exceed total chunk size and invalid data is read into the table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14014.json b/2019/14xxx/CVE-2019-14014.json new file mode 100644 index 00000000000..9aa029730d7 --- /dev/null +++ b/2019/14xxx/CVE-2019-14014.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "Nicobar, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Possible buffer overflow when byte array receives incorrect input from reading source as array is not null terminated in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Nicobar, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14016.json b/2019/14xxx/CVE-2019-14016.json new file mode 100644 index 00000000000..9aff596e62a --- /dev/null +++ b/2019/14xxx/CVE-2019-14016.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow occurs while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow to Buffer Overflow in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14017.json b/2019/14xxx/CVE-2019-14017.json new file mode 100644 index 00000000000..23cc1a3b338 --- /dev/null +++ b/2019/14xxx/CVE-2019-14017.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap buffer overflow can occur while parsing invalid MKV clip which is not standard and have invalid vorbis codec data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14023.json b/2019/14xxx/CVE-2019-14023.json new file mode 100644 index 00000000000..f9572aefb06 --- /dev/null +++ b/2019/14xxx/CVE-2019-14023.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music", + "version": { + "version_data": [ + { + "version_value": "MDM9607, Nicobar, Rennell, SA6155P, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "String format issue will occur while processing HLOS data as there is no user input validation to ensure inputs are properly NULL terminated before string copy in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, Rennell, SA6155P, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "String format Issue in HLOS Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14024.json b/2019/14xxx/CVE-2019-14024.json new file mode 100644 index 00000000000..697f4c4760d --- /dev/null +++ b/2019/14xxx/CVE-2019-14024.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "MSM8917, MSM8953, Nicobar, QM215, Rennell, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Possible stack-use-after-scope issue in NFC usecase for card emulation in Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile in MSM8917, MSM8953, Nicobar, QM215, Rennell, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free Issue in NFC Module" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14034.json b/2019/14xxx/CVE-2019-14034.json new file mode 100644 index 00000000000..1e46f2ee75b --- /dev/null +++ b/2019/14xxx/CVE-2019-14034.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8053, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use after free while processing eeprom query as there is a chance to not unlock mutex after error occurs in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free Issue in Multimedia" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14036.json b/2019/14xxx/CVE-2019-14036.json new file mode 100644 index 00000000000..ea8b240554a --- /dev/null +++ b/2019/14xxx/CVE-2019-14036.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking", + "version": { + "version_data": [ + { + "version_value": "APQ8064, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MDM9615, MDM9640, MSM8996AU, QCN7605" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Possible buffer overflow issue in error processing due to improper validation of array index value in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8064, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MDM9615, MDM9640, MSM8996AU, QCN7605" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Validation of Array Index in WLAN Host" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2267.json b/2019/2xxx/CVE-2019-2267.json index 1e76d97404f..ec3f91cfe2d 100644 --- a/2019/2xxx/CVE-2019-2267.json +++ b/2019/2xxx/CVE-2019-2267.json @@ -1,18 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2267", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-2267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking", + "version": { + "version_data": [ + { + "version_value": "MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Locked regions may be modified through other interfaces in secure boot loader image due to improper access control. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Permissions, Privileges and Access Control in Boot" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file From 937e98b9294d19baff2b353865cd8edcce6c83e0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 08:01:07 +0000 Subject: [PATCH 178/387] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10219.json | 15 +++++++++++++++ 2019/14xxx/CVE-2019-14540.json | 15 +++++++++++++++ 2019/16xxx/CVE-2019-16335.json | 10 ++++++++++ 2019/16xxx/CVE-2019-16869.json | 10 ++++++++++ 2019/16xxx/CVE-2019-16942.json | 15 +++++++++++++++ 2019/16xxx/CVE-2019-16943.json | 15 +++++++++++++++ 2019/17xxx/CVE-2019-17267.json | 15 +++++++++++++++ 2019/17xxx/CVE-2019-17531.json | 10 ++++++++++ 8 files changed, 105 insertions(+) diff --git a/2019/10xxx/CVE-2019-10219.json b/2019/10xxx/CVE-2019-10219.json index bcf654979f8..bb6e6db2633 100644 --- a/2019/10xxx/CVE-2019-10219.json +++ b/2019/10xxx/CVE-2019-10219.json @@ -68,6 +68,21 @@ "refsource": "REDHAT", "name": "RHSA-2020:0164", "url": "https://access.redhat.com/errata/RHSA-2020:0164" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0159", + "url": "https://access.redhat.com/errata/RHSA-2020:0159" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0160", + "url": "https://access.redhat.com/errata/RHSA-2020:0160" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0161", + "url": "https://access.redhat.com/errata/RHSA-2020:0161" } ] }, diff --git a/2019/14xxx/CVE-2019-14540.json b/2019/14xxx/CVE-2019-14540.json index 9cc045ec046..0ca30658c8b 100644 --- a/2019/14xxx/CVE-2019-14540.json +++ b/2019/14xxx/CVE-2019-14540.json @@ -171,6 +171,21 @@ "refsource": "REDHAT", "name": "RHSA-2020:0164", "url": "https://access.redhat.com/errata/RHSA-2020:0164" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0159", + "url": "https://access.redhat.com/errata/RHSA-2020:0159" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0160", + "url": "https://access.redhat.com/errata/RHSA-2020:0160" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0161", + "url": "https://access.redhat.com/errata/RHSA-2020:0161" } ] } diff --git a/2019/16xxx/CVE-2019-16335.json b/2019/16xxx/CVE-2019-16335.json index 649ffe75072..ff7dee966f0 100644 --- a/2019/16xxx/CVE-2019-16335.json +++ b/2019/16xxx/CVE-2019-16335.json @@ -161,6 +161,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0159", "url": "https://access.redhat.com/errata/RHSA-2020:0159" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0160", + "url": "https://access.redhat.com/errata/RHSA-2020:0160" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0161", + "url": "https://access.redhat.com/errata/RHSA-2020:0161" } ] } diff --git a/2019/16xxx/CVE-2019-16869.json b/2019/16xxx/CVE-2019-16869.json index b3e12c8d485..285e4fac878 100644 --- a/2019/16xxx/CVE-2019-16869.json +++ b/2019/16xxx/CVE-2019-16869.json @@ -281,6 +281,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0159", "url": "https://access.redhat.com/errata/RHSA-2020:0159" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0160", + "url": "https://access.redhat.com/errata/RHSA-2020:0160" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0161", + "url": "https://access.redhat.com/errata/RHSA-2020:0161" } ] } diff --git a/2019/16xxx/CVE-2019-16942.json b/2019/16xxx/CVE-2019-16942.json index 183060d5bf1..d55caf1c105 100644 --- a/2019/16xxx/CVE-2019-16942.json +++ b/2019/16xxx/CVE-2019-16942.json @@ -141,6 +141,21 @@ "refsource": "REDHAT", "name": "RHSA-2020:0164", "url": "https://access.redhat.com/errata/RHSA-2020:0164" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0159", + "url": "https://access.redhat.com/errata/RHSA-2020:0159" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0160", + "url": "https://access.redhat.com/errata/RHSA-2020:0160" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0161", + "url": "https://access.redhat.com/errata/RHSA-2020:0161" } ] } diff --git a/2019/16xxx/CVE-2019-16943.json b/2019/16xxx/CVE-2019-16943.json index ca6ded206b5..14bc54c2e7d 100644 --- a/2019/16xxx/CVE-2019-16943.json +++ b/2019/16xxx/CVE-2019-16943.json @@ -136,6 +136,21 @@ "refsource": "REDHAT", "name": "RHSA-2020:0164", "url": "https://access.redhat.com/errata/RHSA-2020:0164" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0159", + "url": "https://access.redhat.com/errata/RHSA-2020:0159" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0160", + "url": "https://access.redhat.com/errata/RHSA-2020:0160" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0161", + "url": "https://access.redhat.com/errata/RHSA-2020:0161" } ] } diff --git a/2019/17xxx/CVE-2019-17267.json b/2019/17xxx/CVE-2019-17267.json index e9c819d5bc0..ec98868381c 100644 --- a/2019/17xxx/CVE-2019-17267.json +++ b/2019/17xxx/CVE-2019-17267.json @@ -106,6 +106,21 @@ "refsource": "REDHAT", "name": "RHSA-2020:0164", "url": "https://access.redhat.com/errata/RHSA-2020:0164" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0159", + "url": "https://access.redhat.com/errata/RHSA-2020:0159" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0160", + "url": "https://access.redhat.com/errata/RHSA-2020:0160" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0161", + "url": "https://access.redhat.com/errata/RHSA-2020:0161" } ] } diff --git a/2019/17xxx/CVE-2019-17531.json b/2019/17xxx/CVE-2019-17531.json index 31021403fde..98a50cdc070 100644 --- a/2019/17xxx/CVE-2019-17531.json +++ b/2019/17xxx/CVE-2019-17531.json @@ -101,6 +101,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0159", "url": "https://access.redhat.com/errata/RHSA-2020:0159" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0160", + "url": "https://access.redhat.com/errata/RHSA-2020:0160" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0161", + "url": "https://access.redhat.com/errata/RHSA-2020:0161" } ] } From 6358fd489ab0286605293c187a142781c6d780de Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 10:01:07 +0000 Subject: [PATCH 179/387] "-Synchronized-Data." --- 2019/14xxx/CVE-2019-14818.json | 10 ++++++++++ 2019/16xxx/CVE-2019-16239.json | 5 +++++ 2019/19xxx/CVE-2019-19697.json | 5 +++++ 2019/20xxx/CVE-2019-20357.json | 5 +++++ 4 files changed, 25 insertions(+) diff --git a/2019/14xxx/CVE-2019-14818.json b/2019/14xxx/CVE-2019-14818.json index 2e8bd5c0352..77a1b2ec441 100644 --- a/2019/14xxx/CVE-2019-14818.json +++ b/2019/14xxx/CVE-2019-14818.json @@ -67,6 +67,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-019df9a459", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULJ3C7OVBOEVDGSHYC3VCLSUHANGTFFP/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0166", + "url": "https://access.redhat.com/errata/RHSA-2020:0166" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0165", + "url": "https://access.redhat.com/errata/RHSA-2020:0165" } ] }, diff --git a/2019/16xxx/CVE-2019-16239.json b/2019/16xxx/CVE-2019-16239.json index 21ebca701c7..6ebaba8d3ac 100644 --- a/2019/16xxx/CVE-2019-16239.json +++ b/2019/16xxx/CVE-2019-16239.json @@ -96,6 +96,11 @@ "refsource": "DEBIAN", "name": "DSA-4607", "url": "https://www.debian.org/security/2020/dsa-4607" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4607-1] openconnect security update", + "url": "https://seclists.org/bugtraq/2020/Jan/31" } ] } diff --git a/2019/19xxx/CVE-2019-19697.json b/2019/19xxx/CVE-2019-19697.json index 316910626e7..a050658c309 100644 --- a/2019/19xxx/CVE-2019-19697.json +++ b/2019/19xxx/CVE-2019-19697.json @@ -61,6 +61,11 @@ "url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt", "refsource": "MISC", "name": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 Trend Micro Security 2019 (Consumer) Multiple Products Security Bypass Protected Service Tampering CVE-2019-19697", + "url": "https://seclists.org/bugtraq/2020/Jan/29" } ] } diff --git a/2019/20xxx/CVE-2019-20357.json b/2019/20xxx/CVE-2019-20357.json index c8f0b4aeef6..f606f659749 100644 --- a/2019/20xxx/CVE-2019-20357.json +++ b/2019/20xxx/CVE-2019-20357.json @@ -61,6 +61,11 @@ "url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt", "refsource": "MISC", "name": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 Trend Micro Security (Consumer) Multiple Products Persistent Arbitrary Code Execution CVE-2019-20357", + "url": "https://seclists.org/bugtraq/2020/Jan/28" } ] } From 380ef0337e5202f2c227105b2ff69abf0310e342 Mon Sep 17 00:00:00 2001 From: "mrehak@redhat.com" Date: Tue, 21 Jan 2020 12:46:03 +0100 Subject: [PATCH 180/387] CVE-2019-19344 init --- 2019/19xxx/CVE-2019-19344.json | 70 ++++++++++++++++++++++++++++++++-- 1 file changed, 66 insertions(+), 4 deletions(-) diff --git a/2019/19xxx/CVE-2019-19344.json b/2019/19xxx/CVE-2019-19344.json index f5138c74f0a..03ff524dfbf 100644 --- a/2019/19xxx/CVE-2019-19344.json +++ b/2019/19xxx/CVE-2019-19344.json @@ -4,15 +4,77 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19344", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mrehak@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "samba", + "version": { + "version_data": [ + { + "version_value": "all samba 4.11.x versions before 4.11.5" + }, + { + "version_value": "all samba 4.10.x versions before 4.10.12" + }, + { + "version_value": "all samba 4.9.x versions before 4.9.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19344", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19344", + "refsource": "CONFIRM" + }, + { + "url": "https://www.samba.org/samba/security/CVE-2019-19344.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] } -} \ No newline at end of file +} From 6c4ed4fac9602981724135e5cf951d132ef470b9 Mon Sep 17 00:00:00 2001 From: "mrehak@redhat.com" Date: Tue, 21 Jan 2020 13:19:13 +0100 Subject: [PATCH 181/387] CVE-2019-14902 init --- 2019/14xxx/CVE-2019-14902.json | 80 ++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 2019/14xxx/CVE-2019-14902.json diff --git a/2019/14xxx/CVE-2019-14902.json b/2019/14xxx/CVE-2019-14902.json new file mode 100644 index 00000000000..cd01bc78835 --- /dev/null +++ b/2019/14xxx/CVE-2019-14902.json @@ -0,0 +1,80 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14902", + "ASSIGNER": "mrehak@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "samba", + "version": { + "version_data": [ + { + "version_value": "all samba 4.11.x versions before 4.11.5" + }, + { + "version_value": "all samba 4.10.x versions before 4.10.12" + }, + { + "version_value": "all samba 4.9.x versions before 4.9.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.samba.org/samba/security/CVE-2019-14902.html" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902", + "refsource": "CONFIRM" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.4/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + ] + ] + } +} From 7899de75bf0c58517fd1f7090b0a101e63a4cb9d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 13:01:13 +0000 Subject: [PATCH 182/387] "-Synchronized-Data." --- 2019/18xxx/CVE-2019-18282.json | 2 +- 2020/7xxx/CVE-2020-7239.json | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/2019/18xxx/CVE-2019-18282.json b/2019/18xxx/CVE-2019-18282.json index 2e3d96f2b8a..e80fac9bcb9 100644 --- a/2019/18xxx/CVE-2019-18282.json +++ b/2019/18xxx/CVE-2019-18282.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashmd value as a secret, and because jhash (instead of siphash) is used. The hashmd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code." + "value": "The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashmd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code." } ] }, diff --git a/2020/7xxx/CVE-2020-7239.json b/2020/7xxx/CVE-2020-7239.json index eefb4357ba7..e8316efae94 100644 --- a/2020/7xxx/CVE-2020-7239.json +++ b/2020/7xxx/CVE-2020-7239.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.hooperlabs.xyz/disclosures/cve-2020-7239.php", "url": "https://www.hooperlabs.xyz/disclosures/cve-2020-7239.php" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10035", + "url": "https://wpvulndb.com/vulnerabilities/10035" } ] } From 9c347775e84132fb03a548f545fe9226bb97205a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 14:01:08 +0000 Subject: [PATCH 183/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7246.json | 56 ++++++++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7250.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7251.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7252.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7253.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7254.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7255.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7256.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7257.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7258.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7259.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7260.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7261.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7262.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7263.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7264.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7265.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7266.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7267.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7268.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7269.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7270.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7271.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7272.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7273.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7274.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7275.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7276.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7277.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7278.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7279.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7280.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7281.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7282.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7283.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7284.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7285.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7286.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7287.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7288.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7411.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7412.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7413.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7414.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7415.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7416.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7417.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7418.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7419.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7420.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7421.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7422.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7423.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7424.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7425.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7426.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7427.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7428.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7429.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7430.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7431.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7432.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7433.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7434.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7435.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7436.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7437.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7438.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7439.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7440.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7441.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7442.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7443.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7444.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7445.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7446.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7447.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7448.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7449.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7450.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7451.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7452.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7453.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7454.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7455.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7456.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7457.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7458.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7459.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7460.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7461.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7462.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7463.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7464.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7465.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7466.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7467.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7468.json | 18 ++++++++++++ 2020/7xxx/CVE-2020-7469.json | 18 ++++++++++++ 99 files changed, 1814 insertions(+), 6 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7250.json create mode 100644 2020/7xxx/CVE-2020-7251.json create mode 100644 2020/7xxx/CVE-2020-7252.json create mode 100644 2020/7xxx/CVE-2020-7253.json create mode 100644 2020/7xxx/CVE-2020-7254.json create mode 100644 2020/7xxx/CVE-2020-7255.json create mode 100644 2020/7xxx/CVE-2020-7256.json create mode 100644 2020/7xxx/CVE-2020-7257.json create mode 100644 2020/7xxx/CVE-2020-7258.json create mode 100644 2020/7xxx/CVE-2020-7259.json create mode 100644 2020/7xxx/CVE-2020-7260.json create mode 100644 2020/7xxx/CVE-2020-7261.json create mode 100644 2020/7xxx/CVE-2020-7262.json create mode 100644 2020/7xxx/CVE-2020-7263.json create mode 100644 2020/7xxx/CVE-2020-7264.json create mode 100644 2020/7xxx/CVE-2020-7265.json create mode 100644 2020/7xxx/CVE-2020-7266.json create mode 100644 2020/7xxx/CVE-2020-7267.json create mode 100644 2020/7xxx/CVE-2020-7268.json create mode 100644 2020/7xxx/CVE-2020-7269.json create mode 100644 2020/7xxx/CVE-2020-7270.json create mode 100644 2020/7xxx/CVE-2020-7271.json create mode 100644 2020/7xxx/CVE-2020-7272.json create mode 100644 2020/7xxx/CVE-2020-7273.json create mode 100644 2020/7xxx/CVE-2020-7274.json create mode 100644 2020/7xxx/CVE-2020-7275.json create mode 100644 2020/7xxx/CVE-2020-7276.json create mode 100644 2020/7xxx/CVE-2020-7277.json create mode 100644 2020/7xxx/CVE-2020-7278.json create mode 100644 2020/7xxx/CVE-2020-7279.json create mode 100644 2020/7xxx/CVE-2020-7280.json create mode 100644 2020/7xxx/CVE-2020-7281.json create mode 100644 2020/7xxx/CVE-2020-7282.json create mode 100644 2020/7xxx/CVE-2020-7283.json create mode 100644 2020/7xxx/CVE-2020-7284.json create mode 100644 2020/7xxx/CVE-2020-7285.json create mode 100644 2020/7xxx/CVE-2020-7286.json create mode 100644 2020/7xxx/CVE-2020-7287.json create mode 100644 2020/7xxx/CVE-2020-7288.json create mode 100644 2020/7xxx/CVE-2020-7411.json create mode 100644 2020/7xxx/CVE-2020-7412.json create mode 100644 2020/7xxx/CVE-2020-7413.json create mode 100644 2020/7xxx/CVE-2020-7414.json create mode 100644 2020/7xxx/CVE-2020-7415.json create mode 100644 2020/7xxx/CVE-2020-7416.json create mode 100644 2020/7xxx/CVE-2020-7417.json create mode 100644 2020/7xxx/CVE-2020-7418.json create mode 100644 2020/7xxx/CVE-2020-7419.json create mode 100644 2020/7xxx/CVE-2020-7420.json create mode 100644 2020/7xxx/CVE-2020-7421.json create mode 100644 2020/7xxx/CVE-2020-7422.json create mode 100644 2020/7xxx/CVE-2020-7423.json create mode 100644 2020/7xxx/CVE-2020-7424.json create mode 100644 2020/7xxx/CVE-2020-7425.json create mode 100644 2020/7xxx/CVE-2020-7426.json create mode 100644 2020/7xxx/CVE-2020-7427.json create mode 100644 2020/7xxx/CVE-2020-7428.json create mode 100644 2020/7xxx/CVE-2020-7429.json create mode 100644 2020/7xxx/CVE-2020-7430.json create mode 100644 2020/7xxx/CVE-2020-7431.json create mode 100644 2020/7xxx/CVE-2020-7432.json create mode 100644 2020/7xxx/CVE-2020-7433.json create mode 100644 2020/7xxx/CVE-2020-7434.json create mode 100644 2020/7xxx/CVE-2020-7435.json create mode 100644 2020/7xxx/CVE-2020-7436.json create mode 100644 2020/7xxx/CVE-2020-7437.json create mode 100644 2020/7xxx/CVE-2020-7438.json create mode 100644 2020/7xxx/CVE-2020-7439.json create mode 100644 2020/7xxx/CVE-2020-7440.json create mode 100644 2020/7xxx/CVE-2020-7441.json create mode 100644 2020/7xxx/CVE-2020-7442.json create mode 100644 2020/7xxx/CVE-2020-7443.json create mode 100644 2020/7xxx/CVE-2020-7444.json create mode 100644 2020/7xxx/CVE-2020-7445.json create mode 100644 2020/7xxx/CVE-2020-7446.json create mode 100644 2020/7xxx/CVE-2020-7447.json create mode 100644 2020/7xxx/CVE-2020-7448.json create mode 100644 2020/7xxx/CVE-2020-7449.json create mode 100644 2020/7xxx/CVE-2020-7450.json create mode 100644 2020/7xxx/CVE-2020-7451.json create mode 100644 2020/7xxx/CVE-2020-7452.json create mode 100644 2020/7xxx/CVE-2020-7453.json create mode 100644 2020/7xxx/CVE-2020-7454.json create mode 100644 2020/7xxx/CVE-2020-7455.json create mode 100644 2020/7xxx/CVE-2020-7456.json create mode 100644 2020/7xxx/CVE-2020-7457.json create mode 100644 2020/7xxx/CVE-2020-7458.json create mode 100644 2020/7xxx/CVE-2020-7459.json create mode 100644 2020/7xxx/CVE-2020-7460.json create mode 100644 2020/7xxx/CVE-2020-7461.json create mode 100644 2020/7xxx/CVE-2020-7462.json create mode 100644 2020/7xxx/CVE-2020-7463.json create mode 100644 2020/7xxx/CVE-2020-7464.json create mode 100644 2020/7xxx/CVE-2020-7465.json create mode 100644 2020/7xxx/CVE-2020-7466.json create mode 100644 2020/7xxx/CVE-2020-7467.json create mode 100644 2020/7xxx/CVE-2020-7468.json create mode 100644 2020/7xxx/CVE-2020-7469.json diff --git a/2020/7xxx/CVE-2020-7246.json b/2020/7xxx/CVE-2020-7246.json index 5e8bee34dae..9d394531834 100644 --- a/2020/7xxx/CVE-2020-7246.json +++ b/2020/7xxx/CVE-2020-7246.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7246", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7246", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.google.com/document/d/13ZZSm0DL1Ie6r_fU5ZdDKGZ4defFqiFXMG--zDo8S10/edit?usp=sharing", + "refsource": "MISC", + "name": "https://docs.google.com/document/d/13ZZSm0DL1Ie6r_fU5ZdDKGZ4defFqiFXMG--zDo8S10/edit?usp=sharing" } ] } diff --git a/2020/7xxx/CVE-2020-7250.json b/2020/7xxx/CVE-2020-7250.json new file mode 100644 index 00000000000..f6e91b3bce1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7250.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7250", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7251.json b/2020/7xxx/CVE-2020-7251.json new file mode 100644 index 00000000000..66934669134 --- /dev/null +++ b/2020/7xxx/CVE-2020-7251.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7251", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7252.json b/2020/7xxx/CVE-2020-7252.json new file mode 100644 index 00000000000..5349af8620f --- /dev/null +++ b/2020/7xxx/CVE-2020-7252.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7252", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7253.json b/2020/7xxx/CVE-2020-7253.json new file mode 100644 index 00000000000..08435521e88 --- /dev/null +++ b/2020/7xxx/CVE-2020-7253.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7253", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7254.json b/2020/7xxx/CVE-2020-7254.json new file mode 100644 index 00000000000..1453e5d6f9f --- /dev/null +++ b/2020/7xxx/CVE-2020-7254.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7254", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7255.json b/2020/7xxx/CVE-2020-7255.json new file mode 100644 index 00000000000..d70b40af5cd --- /dev/null +++ b/2020/7xxx/CVE-2020-7255.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7255", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7256.json b/2020/7xxx/CVE-2020-7256.json new file mode 100644 index 00000000000..eda6b369f4a --- /dev/null +++ b/2020/7xxx/CVE-2020-7256.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7256", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7257.json b/2020/7xxx/CVE-2020-7257.json new file mode 100644 index 00000000000..020455b156a --- /dev/null +++ b/2020/7xxx/CVE-2020-7257.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7257", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7258.json b/2020/7xxx/CVE-2020-7258.json new file mode 100644 index 00000000000..781eaa80457 --- /dev/null +++ b/2020/7xxx/CVE-2020-7258.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7258", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7259.json b/2020/7xxx/CVE-2020-7259.json new file mode 100644 index 00000000000..9b35ab5337b --- /dev/null +++ b/2020/7xxx/CVE-2020-7259.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7259", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7260.json b/2020/7xxx/CVE-2020-7260.json new file mode 100644 index 00000000000..a9c1c545528 --- /dev/null +++ b/2020/7xxx/CVE-2020-7260.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7260", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7261.json b/2020/7xxx/CVE-2020-7261.json new file mode 100644 index 00000000000..9f372436638 --- /dev/null +++ b/2020/7xxx/CVE-2020-7261.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7261", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7262.json b/2020/7xxx/CVE-2020-7262.json new file mode 100644 index 00000000000..b8df8c0d43d --- /dev/null +++ b/2020/7xxx/CVE-2020-7262.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7262", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7263.json b/2020/7xxx/CVE-2020-7263.json new file mode 100644 index 00000000000..859c55365a3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7263.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7263", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7264.json b/2020/7xxx/CVE-2020-7264.json new file mode 100644 index 00000000000..ea1f884d74b --- /dev/null +++ b/2020/7xxx/CVE-2020-7264.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7264", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7265.json b/2020/7xxx/CVE-2020-7265.json new file mode 100644 index 00000000000..2f16c0c75dd --- /dev/null +++ b/2020/7xxx/CVE-2020-7265.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7265", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7266.json b/2020/7xxx/CVE-2020-7266.json new file mode 100644 index 00000000000..64bc39f413a --- /dev/null +++ b/2020/7xxx/CVE-2020-7266.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7266", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7267.json b/2020/7xxx/CVE-2020-7267.json new file mode 100644 index 00000000000..dcccf8e9336 --- /dev/null +++ b/2020/7xxx/CVE-2020-7267.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7267", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7268.json b/2020/7xxx/CVE-2020-7268.json new file mode 100644 index 00000000000..7761e132651 --- /dev/null +++ b/2020/7xxx/CVE-2020-7268.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7268", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7269.json b/2020/7xxx/CVE-2020-7269.json new file mode 100644 index 00000000000..7ce555d0d67 --- /dev/null +++ b/2020/7xxx/CVE-2020-7269.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7269", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7270.json b/2020/7xxx/CVE-2020-7270.json new file mode 100644 index 00000000000..62762836bf9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7270.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7270", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7271.json b/2020/7xxx/CVE-2020-7271.json new file mode 100644 index 00000000000..b8d43e8ac9d --- /dev/null +++ b/2020/7xxx/CVE-2020-7271.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7271", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7272.json b/2020/7xxx/CVE-2020-7272.json new file mode 100644 index 00000000000..fb7a704f00e --- /dev/null +++ b/2020/7xxx/CVE-2020-7272.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7272", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7273.json b/2020/7xxx/CVE-2020-7273.json new file mode 100644 index 00000000000..baa4b76a4f1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7273.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7273", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7274.json b/2020/7xxx/CVE-2020-7274.json new file mode 100644 index 00000000000..401bdcebd9e --- /dev/null +++ b/2020/7xxx/CVE-2020-7274.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7274", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7275.json b/2020/7xxx/CVE-2020-7275.json new file mode 100644 index 00000000000..eadd7531b3b --- /dev/null +++ b/2020/7xxx/CVE-2020-7275.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7275", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7276.json b/2020/7xxx/CVE-2020-7276.json new file mode 100644 index 00000000000..998c7d49cb7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7276.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7276", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7277.json b/2020/7xxx/CVE-2020-7277.json new file mode 100644 index 00000000000..f4dc9285dbf --- /dev/null +++ b/2020/7xxx/CVE-2020-7277.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7277", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7278.json b/2020/7xxx/CVE-2020-7278.json new file mode 100644 index 00000000000..b3a4b8d5f8e --- /dev/null +++ b/2020/7xxx/CVE-2020-7278.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7278", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7279.json b/2020/7xxx/CVE-2020-7279.json new file mode 100644 index 00000000000..b0256c962c7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7279.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7279", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7280.json b/2020/7xxx/CVE-2020-7280.json new file mode 100644 index 00000000000..2face22a886 --- /dev/null +++ b/2020/7xxx/CVE-2020-7280.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7280", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7281.json b/2020/7xxx/CVE-2020-7281.json new file mode 100644 index 00000000000..55767defa42 --- /dev/null +++ b/2020/7xxx/CVE-2020-7281.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7281", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7282.json b/2020/7xxx/CVE-2020-7282.json new file mode 100644 index 00000000000..2574528aec3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7282.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7282", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7283.json b/2020/7xxx/CVE-2020-7283.json new file mode 100644 index 00000000000..405fd22acbb --- /dev/null +++ b/2020/7xxx/CVE-2020-7283.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7283", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7284.json b/2020/7xxx/CVE-2020-7284.json new file mode 100644 index 00000000000..8205881a2c4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7284.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7284", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7285.json b/2020/7xxx/CVE-2020-7285.json new file mode 100644 index 00000000000..db4415371e6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7285.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7285", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7286.json b/2020/7xxx/CVE-2020-7286.json new file mode 100644 index 00000000000..cf7f3fdcf79 --- /dev/null +++ b/2020/7xxx/CVE-2020-7286.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7286", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7287.json b/2020/7xxx/CVE-2020-7287.json new file mode 100644 index 00000000000..34feb33009d --- /dev/null +++ b/2020/7xxx/CVE-2020-7287.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7287", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7288.json b/2020/7xxx/CVE-2020-7288.json new file mode 100644 index 00000000000..d4230331984 --- /dev/null +++ b/2020/7xxx/CVE-2020-7288.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7288", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7411.json b/2020/7xxx/CVE-2020-7411.json new file mode 100644 index 00000000000..46eeece8280 --- /dev/null +++ b/2020/7xxx/CVE-2020-7411.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7411", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7412.json b/2020/7xxx/CVE-2020-7412.json new file mode 100644 index 00000000000..eda7ad24719 --- /dev/null +++ b/2020/7xxx/CVE-2020-7412.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7412", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7413.json b/2020/7xxx/CVE-2020-7413.json new file mode 100644 index 00000000000..e62122ca988 --- /dev/null +++ b/2020/7xxx/CVE-2020-7413.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7413", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7414.json b/2020/7xxx/CVE-2020-7414.json new file mode 100644 index 00000000000..43e2467d1f5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7414.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7414", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7415.json b/2020/7xxx/CVE-2020-7415.json new file mode 100644 index 00000000000..41daf1d1d9b --- /dev/null +++ b/2020/7xxx/CVE-2020-7415.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7415", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7416.json b/2020/7xxx/CVE-2020-7416.json new file mode 100644 index 00000000000..4a49af0c2b1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7416.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7416", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7417.json b/2020/7xxx/CVE-2020-7417.json new file mode 100644 index 00000000000..37c64c893d8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7417.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7417", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7418.json b/2020/7xxx/CVE-2020-7418.json new file mode 100644 index 00000000000..eb0499cb762 --- /dev/null +++ b/2020/7xxx/CVE-2020-7418.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7418", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7419.json b/2020/7xxx/CVE-2020-7419.json new file mode 100644 index 00000000000..4ae32fb34ea --- /dev/null +++ b/2020/7xxx/CVE-2020-7419.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7419", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7420.json b/2020/7xxx/CVE-2020-7420.json new file mode 100644 index 00000000000..558ecc3019c --- /dev/null +++ b/2020/7xxx/CVE-2020-7420.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7420", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7421.json b/2020/7xxx/CVE-2020-7421.json new file mode 100644 index 00000000000..d18c1f87814 --- /dev/null +++ b/2020/7xxx/CVE-2020-7421.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7421", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7422.json b/2020/7xxx/CVE-2020-7422.json new file mode 100644 index 00000000000..93afe790353 --- /dev/null +++ b/2020/7xxx/CVE-2020-7422.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7422", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7423.json b/2020/7xxx/CVE-2020-7423.json new file mode 100644 index 00000000000..740f35219d1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7423.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7423", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7424.json b/2020/7xxx/CVE-2020-7424.json new file mode 100644 index 00000000000..d1499656f6c --- /dev/null +++ b/2020/7xxx/CVE-2020-7424.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7424", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7425.json b/2020/7xxx/CVE-2020-7425.json new file mode 100644 index 00000000000..8475e904f28 --- /dev/null +++ b/2020/7xxx/CVE-2020-7425.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7425", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7426.json b/2020/7xxx/CVE-2020-7426.json new file mode 100644 index 00000000000..d6c64229626 --- /dev/null +++ b/2020/7xxx/CVE-2020-7426.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7426", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7427.json b/2020/7xxx/CVE-2020-7427.json new file mode 100644 index 00000000000..f1f6ebdadcd --- /dev/null +++ b/2020/7xxx/CVE-2020-7427.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7427", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7428.json b/2020/7xxx/CVE-2020-7428.json new file mode 100644 index 00000000000..2383f87bf68 --- /dev/null +++ b/2020/7xxx/CVE-2020-7428.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7428", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7429.json b/2020/7xxx/CVE-2020-7429.json new file mode 100644 index 00000000000..fa44a859d91 --- /dev/null +++ b/2020/7xxx/CVE-2020-7429.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7429", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7430.json b/2020/7xxx/CVE-2020-7430.json new file mode 100644 index 00000000000..4db48f91b39 --- /dev/null +++ b/2020/7xxx/CVE-2020-7430.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7430", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7431.json b/2020/7xxx/CVE-2020-7431.json new file mode 100644 index 00000000000..5f181ebd907 --- /dev/null +++ b/2020/7xxx/CVE-2020-7431.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7431", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7432.json b/2020/7xxx/CVE-2020-7432.json new file mode 100644 index 00000000000..ed4e43f4e5e --- /dev/null +++ b/2020/7xxx/CVE-2020-7432.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7432", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7433.json b/2020/7xxx/CVE-2020-7433.json new file mode 100644 index 00000000000..688da459d0b --- /dev/null +++ b/2020/7xxx/CVE-2020-7433.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7433", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7434.json b/2020/7xxx/CVE-2020-7434.json new file mode 100644 index 00000000000..cc023e17b80 --- /dev/null +++ b/2020/7xxx/CVE-2020-7434.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7434", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7435.json b/2020/7xxx/CVE-2020-7435.json new file mode 100644 index 00000000000..3882cfd9749 --- /dev/null +++ b/2020/7xxx/CVE-2020-7435.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7435", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7436.json b/2020/7xxx/CVE-2020-7436.json new file mode 100644 index 00000000000..0b68ec839d7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7436.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7436", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7437.json b/2020/7xxx/CVE-2020-7437.json new file mode 100644 index 00000000000..c487ba6d3f5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7437.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7437", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7438.json b/2020/7xxx/CVE-2020-7438.json new file mode 100644 index 00000000000..e86f60db97a --- /dev/null +++ b/2020/7xxx/CVE-2020-7438.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7438", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7439.json b/2020/7xxx/CVE-2020-7439.json new file mode 100644 index 00000000000..274dd45cdd9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7439.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7439", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7440.json b/2020/7xxx/CVE-2020-7440.json new file mode 100644 index 00000000000..5c9a3c0b9eb --- /dev/null +++ b/2020/7xxx/CVE-2020-7440.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7440", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7441.json b/2020/7xxx/CVE-2020-7441.json new file mode 100644 index 00000000000..2bfc83ca3da --- /dev/null +++ b/2020/7xxx/CVE-2020-7441.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7441", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7442.json b/2020/7xxx/CVE-2020-7442.json new file mode 100644 index 00000000000..0231307081b --- /dev/null +++ b/2020/7xxx/CVE-2020-7442.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7442", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7443.json b/2020/7xxx/CVE-2020-7443.json new file mode 100644 index 00000000000..dbc88436525 --- /dev/null +++ b/2020/7xxx/CVE-2020-7443.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7443", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7444.json b/2020/7xxx/CVE-2020-7444.json new file mode 100644 index 00000000000..84e65cc2327 --- /dev/null +++ b/2020/7xxx/CVE-2020-7444.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7444", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7445.json b/2020/7xxx/CVE-2020-7445.json new file mode 100644 index 00000000000..0e38bf52e16 --- /dev/null +++ b/2020/7xxx/CVE-2020-7445.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7445", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7446.json b/2020/7xxx/CVE-2020-7446.json new file mode 100644 index 00000000000..4148735f43a --- /dev/null +++ b/2020/7xxx/CVE-2020-7446.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7446", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7447.json b/2020/7xxx/CVE-2020-7447.json new file mode 100644 index 00000000000..9aa4ddfdff9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7447.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7447", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7448.json b/2020/7xxx/CVE-2020-7448.json new file mode 100644 index 00000000000..fce5f797cd6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7448.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7448", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7449.json b/2020/7xxx/CVE-2020-7449.json new file mode 100644 index 00000000000..cca646b6197 --- /dev/null +++ b/2020/7xxx/CVE-2020-7449.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7449", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7450.json b/2020/7xxx/CVE-2020-7450.json new file mode 100644 index 00000000000..7b74f0e7dd5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7450.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7450", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7451.json b/2020/7xxx/CVE-2020-7451.json new file mode 100644 index 00000000000..576146165ce --- /dev/null +++ b/2020/7xxx/CVE-2020-7451.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7451", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7452.json b/2020/7xxx/CVE-2020-7452.json new file mode 100644 index 00000000000..1008dcda377 --- /dev/null +++ b/2020/7xxx/CVE-2020-7452.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7452", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7453.json b/2020/7xxx/CVE-2020-7453.json new file mode 100644 index 00000000000..8814267c465 --- /dev/null +++ b/2020/7xxx/CVE-2020-7453.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7453", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7454.json b/2020/7xxx/CVE-2020-7454.json new file mode 100644 index 00000000000..ade7d2d9f20 --- /dev/null +++ b/2020/7xxx/CVE-2020-7454.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7454", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7455.json b/2020/7xxx/CVE-2020-7455.json new file mode 100644 index 00000000000..ac712d7254f --- /dev/null +++ b/2020/7xxx/CVE-2020-7455.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7455", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7456.json b/2020/7xxx/CVE-2020-7456.json new file mode 100644 index 00000000000..8ec4202a2ca --- /dev/null +++ b/2020/7xxx/CVE-2020-7456.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7456", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7457.json b/2020/7xxx/CVE-2020-7457.json new file mode 100644 index 00000000000..f41e652918d --- /dev/null +++ b/2020/7xxx/CVE-2020-7457.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7457", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7458.json b/2020/7xxx/CVE-2020-7458.json new file mode 100644 index 00000000000..987dc214638 --- /dev/null +++ b/2020/7xxx/CVE-2020-7458.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7458", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7459.json b/2020/7xxx/CVE-2020-7459.json new file mode 100644 index 00000000000..ccfe4e9947a --- /dev/null +++ b/2020/7xxx/CVE-2020-7459.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7459", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7460.json b/2020/7xxx/CVE-2020-7460.json new file mode 100644 index 00000000000..1e311087b6f --- /dev/null +++ b/2020/7xxx/CVE-2020-7460.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7460", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7461.json b/2020/7xxx/CVE-2020-7461.json new file mode 100644 index 00000000000..56dd7284396 --- /dev/null +++ b/2020/7xxx/CVE-2020-7461.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7461", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7462.json b/2020/7xxx/CVE-2020-7462.json new file mode 100644 index 00000000000..2b908d6a8c0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7462.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7462", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7463.json b/2020/7xxx/CVE-2020-7463.json new file mode 100644 index 00000000000..dd9c8bdaa3a --- /dev/null +++ b/2020/7xxx/CVE-2020-7463.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7463", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7464.json b/2020/7xxx/CVE-2020-7464.json new file mode 100644 index 00000000000..c593df810a9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7464.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7464", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7465.json b/2020/7xxx/CVE-2020-7465.json new file mode 100644 index 00000000000..3696108daa7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7465.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7465", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7466.json b/2020/7xxx/CVE-2020-7466.json new file mode 100644 index 00000000000..0c486196e09 --- /dev/null +++ b/2020/7xxx/CVE-2020-7466.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7466", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7467.json b/2020/7xxx/CVE-2020-7467.json new file mode 100644 index 00000000000..5f4368d22db --- /dev/null +++ b/2020/7xxx/CVE-2020-7467.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7467", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7468.json b/2020/7xxx/CVE-2020-7468.json new file mode 100644 index 00000000000..42b87c8919c --- /dev/null +++ b/2020/7xxx/CVE-2020-7468.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7468", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7469.json b/2020/7xxx/CVE-2020-7469.json new file mode 100644 index 00000000000..430c189eeb5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7469.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7469", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 51fd68e6913c33abecc7c8493b1142f2d6b4a823 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 14:01:28 +0000 Subject: [PATCH 184/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7289.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7290.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7291.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7292.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7293.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7294.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7295.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7296.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7297.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7298.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7299.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7300.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7301.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7302.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7303.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7304.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7305.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7306.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7307.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7308.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7309.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7310.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7311.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7312.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7313.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7314.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7315.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7316.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7317.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7318.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7319.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7320.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7321.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7322.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7323.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7324.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7325.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7326.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7327.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7328.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7329.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7330.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7331.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7332.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7333.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7334.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7335.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7336.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7337.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7338.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7339.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7340.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7341.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7342.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7343.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7344.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7345.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7346.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7347.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7348.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7349.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7350.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7351.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7352.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7353.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7354.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7355.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7356.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7357.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7358.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7359.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7360.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7361.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7362.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7363.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7364.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7365.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7366.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7367.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7368.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7369.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7370.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7371.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7372.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7373.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7374.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7375.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7376.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7377.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7378.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7379.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7380.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7381.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7382.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7383.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7384.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7385.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7386.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7387.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7388.json | 18 ++++++++++++++++++ 100 files changed, 1800 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7289.json create mode 100644 2020/7xxx/CVE-2020-7290.json create mode 100644 2020/7xxx/CVE-2020-7291.json create mode 100644 2020/7xxx/CVE-2020-7292.json create mode 100644 2020/7xxx/CVE-2020-7293.json create mode 100644 2020/7xxx/CVE-2020-7294.json create mode 100644 2020/7xxx/CVE-2020-7295.json create mode 100644 2020/7xxx/CVE-2020-7296.json create mode 100644 2020/7xxx/CVE-2020-7297.json create mode 100644 2020/7xxx/CVE-2020-7298.json create mode 100644 2020/7xxx/CVE-2020-7299.json create mode 100644 2020/7xxx/CVE-2020-7300.json create mode 100644 2020/7xxx/CVE-2020-7301.json create mode 100644 2020/7xxx/CVE-2020-7302.json create mode 100644 2020/7xxx/CVE-2020-7303.json create mode 100644 2020/7xxx/CVE-2020-7304.json create mode 100644 2020/7xxx/CVE-2020-7305.json create mode 100644 2020/7xxx/CVE-2020-7306.json create mode 100644 2020/7xxx/CVE-2020-7307.json create mode 100644 2020/7xxx/CVE-2020-7308.json create mode 100644 2020/7xxx/CVE-2020-7309.json create mode 100644 2020/7xxx/CVE-2020-7310.json create mode 100644 2020/7xxx/CVE-2020-7311.json create mode 100644 2020/7xxx/CVE-2020-7312.json create mode 100644 2020/7xxx/CVE-2020-7313.json create mode 100644 2020/7xxx/CVE-2020-7314.json create mode 100644 2020/7xxx/CVE-2020-7315.json create mode 100644 2020/7xxx/CVE-2020-7316.json create mode 100644 2020/7xxx/CVE-2020-7317.json create mode 100644 2020/7xxx/CVE-2020-7318.json create mode 100644 2020/7xxx/CVE-2020-7319.json create mode 100644 2020/7xxx/CVE-2020-7320.json create mode 100644 2020/7xxx/CVE-2020-7321.json create mode 100644 2020/7xxx/CVE-2020-7322.json create mode 100644 2020/7xxx/CVE-2020-7323.json create mode 100644 2020/7xxx/CVE-2020-7324.json create mode 100644 2020/7xxx/CVE-2020-7325.json create mode 100644 2020/7xxx/CVE-2020-7326.json create mode 100644 2020/7xxx/CVE-2020-7327.json create mode 100644 2020/7xxx/CVE-2020-7328.json create mode 100644 2020/7xxx/CVE-2020-7329.json create mode 100644 2020/7xxx/CVE-2020-7330.json create mode 100644 2020/7xxx/CVE-2020-7331.json create mode 100644 2020/7xxx/CVE-2020-7332.json create mode 100644 2020/7xxx/CVE-2020-7333.json create mode 100644 2020/7xxx/CVE-2020-7334.json create mode 100644 2020/7xxx/CVE-2020-7335.json create mode 100644 2020/7xxx/CVE-2020-7336.json create mode 100644 2020/7xxx/CVE-2020-7337.json create mode 100644 2020/7xxx/CVE-2020-7338.json create mode 100644 2020/7xxx/CVE-2020-7339.json create mode 100644 2020/7xxx/CVE-2020-7340.json create mode 100644 2020/7xxx/CVE-2020-7341.json create mode 100644 2020/7xxx/CVE-2020-7342.json create mode 100644 2020/7xxx/CVE-2020-7343.json create mode 100644 2020/7xxx/CVE-2020-7344.json create mode 100644 2020/7xxx/CVE-2020-7345.json create mode 100644 2020/7xxx/CVE-2020-7346.json create mode 100644 2020/7xxx/CVE-2020-7347.json create mode 100644 2020/7xxx/CVE-2020-7348.json create mode 100644 2020/7xxx/CVE-2020-7349.json create mode 100644 2020/7xxx/CVE-2020-7350.json create mode 100644 2020/7xxx/CVE-2020-7351.json create mode 100644 2020/7xxx/CVE-2020-7352.json create mode 100644 2020/7xxx/CVE-2020-7353.json create mode 100644 2020/7xxx/CVE-2020-7354.json create mode 100644 2020/7xxx/CVE-2020-7355.json create mode 100644 2020/7xxx/CVE-2020-7356.json create mode 100644 2020/7xxx/CVE-2020-7357.json create mode 100644 2020/7xxx/CVE-2020-7358.json create mode 100644 2020/7xxx/CVE-2020-7359.json create mode 100644 2020/7xxx/CVE-2020-7360.json create mode 100644 2020/7xxx/CVE-2020-7361.json create mode 100644 2020/7xxx/CVE-2020-7362.json create mode 100644 2020/7xxx/CVE-2020-7363.json create mode 100644 2020/7xxx/CVE-2020-7364.json create mode 100644 2020/7xxx/CVE-2020-7365.json create mode 100644 2020/7xxx/CVE-2020-7366.json create mode 100644 2020/7xxx/CVE-2020-7367.json create mode 100644 2020/7xxx/CVE-2020-7368.json create mode 100644 2020/7xxx/CVE-2020-7369.json create mode 100644 2020/7xxx/CVE-2020-7370.json create mode 100644 2020/7xxx/CVE-2020-7371.json create mode 100644 2020/7xxx/CVE-2020-7372.json create mode 100644 2020/7xxx/CVE-2020-7373.json create mode 100644 2020/7xxx/CVE-2020-7374.json create mode 100644 2020/7xxx/CVE-2020-7375.json create mode 100644 2020/7xxx/CVE-2020-7376.json create mode 100644 2020/7xxx/CVE-2020-7377.json create mode 100644 2020/7xxx/CVE-2020-7378.json create mode 100644 2020/7xxx/CVE-2020-7379.json create mode 100644 2020/7xxx/CVE-2020-7380.json create mode 100644 2020/7xxx/CVE-2020-7381.json create mode 100644 2020/7xxx/CVE-2020-7382.json create mode 100644 2020/7xxx/CVE-2020-7383.json create mode 100644 2020/7xxx/CVE-2020-7384.json create mode 100644 2020/7xxx/CVE-2020-7385.json create mode 100644 2020/7xxx/CVE-2020-7386.json create mode 100644 2020/7xxx/CVE-2020-7387.json create mode 100644 2020/7xxx/CVE-2020-7388.json diff --git a/2020/7xxx/CVE-2020-7289.json b/2020/7xxx/CVE-2020-7289.json new file mode 100644 index 00000000000..81e951dcf4b --- /dev/null +++ b/2020/7xxx/CVE-2020-7289.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7289", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7290.json b/2020/7xxx/CVE-2020-7290.json new file mode 100644 index 00000000000..429f5907789 --- /dev/null +++ b/2020/7xxx/CVE-2020-7290.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7290", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7291.json b/2020/7xxx/CVE-2020-7291.json new file mode 100644 index 00000000000..08a4eed90ae --- /dev/null +++ b/2020/7xxx/CVE-2020-7291.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7291", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7292.json b/2020/7xxx/CVE-2020-7292.json new file mode 100644 index 00000000000..371c3c6ea7b --- /dev/null +++ b/2020/7xxx/CVE-2020-7292.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7292", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7293.json b/2020/7xxx/CVE-2020-7293.json new file mode 100644 index 00000000000..83bd865d6a3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7293.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7293", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7294.json b/2020/7xxx/CVE-2020-7294.json new file mode 100644 index 00000000000..c40a0f723db --- /dev/null +++ b/2020/7xxx/CVE-2020-7294.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7294", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7295.json b/2020/7xxx/CVE-2020-7295.json new file mode 100644 index 00000000000..6db86f973f7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7295.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7295", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7296.json b/2020/7xxx/CVE-2020-7296.json new file mode 100644 index 00000000000..3913bf86a9f --- /dev/null +++ b/2020/7xxx/CVE-2020-7296.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7296", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7297.json b/2020/7xxx/CVE-2020-7297.json new file mode 100644 index 00000000000..bd3529bd3f2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7297.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7297", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7298.json b/2020/7xxx/CVE-2020-7298.json new file mode 100644 index 00000000000..56148a66a4c --- /dev/null +++ b/2020/7xxx/CVE-2020-7298.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7298", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7299.json b/2020/7xxx/CVE-2020-7299.json new file mode 100644 index 00000000000..97b01d3b45c --- /dev/null +++ b/2020/7xxx/CVE-2020-7299.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7299", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7300.json b/2020/7xxx/CVE-2020-7300.json new file mode 100644 index 00000000000..243f9a9b5bb --- /dev/null +++ b/2020/7xxx/CVE-2020-7300.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7300", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7301.json b/2020/7xxx/CVE-2020-7301.json new file mode 100644 index 00000000000..7aad6d012df --- /dev/null +++ b/2020/7xxx/CVE-2020-7301.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7301", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7302.json b/2020/7xxx/CVE-2020-7302.json new file mode 100644 index 00000000000..9edb753ae13 --- /dev/null +++ b/2020/7xxx/CVE-2020-7302.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7302", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7303.json b/2020/7xxx/CVE-2020-7303.json new file mode 100644 index 00000000000..c7620524304 --- /dev/null +++ b/2020/7xxx/CVE-2020-7303.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7303", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7304.json b/2020/7xxx/CVE-2020-7304.json new file mode 100644 index 00000000000..ab2af32d0ec --- /dev/null +++ b/2020/7xxx/CVE-2020-7304.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7304", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7305.json b/2020/7xxx/CVE-2020-7305.json new file mode 100644 index 00000000000..0e0332c6410 --- /dev/null +++ b/2020/7xxx/CVE-2020-7305.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7305", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7306.json b/2020/7xxx/CVE-2020-7306.json new file mode 100644 index 00000000000..93eb940454f --- /dev/null +++ b/2020/7xxx/CVE-2020-7306.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7306", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7307.json b/2020/7xxx/CVE-2020-7307.json new file mode 100644 index 00000000000..6e969f89ae0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7307.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7307", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7308.json b/2020/7xxx/CVE-2020-7308.json new file mode 100644 index 00000000000..a861bde2e6c --- /dev/null +++ b/2020/7xxx/CVE-2020-7308.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7308", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7309.json b/2020/7xxx/CVE-2020-7309.json new file mode 100644 index 00000000000..950738f1986 --- /dev/null +++ b/2020/7xxx/CVE-2020-7309.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7309", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7310.json b/2020/7xxx/CVE-2020-7310.json new file mode 100644 index 00000000000..dd4b820f8bc --- /dev/null +++ b/2020/7xxx/CVE-2020-7310.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7310", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7311.json b/2020/7xxx/CVE-2020-7311.json new file mode 100644 index 00000000000..1049f6ed228 --- /dev/null +++ b/2020/7xxx/CVE-2020-7311.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7311", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7312.json b/2020/7xxx/CVE-2020-7312.json new file mode 100644 index 00000000000..99f056a4e14 --- /dev/null +++ b/2020/7xxx/CVE-2020-7312.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7312", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7313.json b/2020/7xxx/CVE-2020-7313.json new file mode 100644 index 00000000000..679d9a2f75c --- /dev/null +++ b/2020/7xxx/CVE-2020-7313.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7313", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7314.json b/2020/7xxx/CVE-2020-7314.json new file mode 100644 index 00000000000..5acaea9c85a --- /dev/null +++ b/2020/7xxx/CVE-2020-7314.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7314", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7315.json b/2020/7xxx/CVE-2020-7315.json new file mode 100644 index 00000000000..1c327711fa4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7315.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7315", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7316.json b/2020/7xxx/CVE-2020-7316.json new file mode 100644 index 00000000000..e3b3934ed73 --- /dev/null +++ b/2020/7xxx/CVE-2020-7316.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7316", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7317.json b/2020/7xxx/CVE-2020-7317.json new file mode 100644 index 00000000000..3f9af0891a2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7317.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7317", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7318.json b/2020/7xxx/CVE-2020-7318.json new file mode 100644 index 00000000000..3681905408c --- /dev/null +++ b/2020/7xxx/CVE-2020-7318.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7318", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7319.json b/2020/7xxx/CVE-2020-7319.json new file mode 100644 index 00000000000..7b493e10aba --- /dev/null +++ b/2020/7xxx/CVE-2020-7319.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7319", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7320.json b/2020/7xxx/CVE-2020-7320.json new file mode 100644 index 00000000000..d3e9dcac5c1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7320.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7320", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7321.json b/2020/7xxx/CVE-2020-7321.json new file mode 100644 index 00000000000..c795da4bd7f --- /dev/null +++ b/2020/7xxx/CVE-2020-7321.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7321", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7322.json b/2020/7xxx/CVE-2020-7322.json new file mode 100644 index 00000000000..06367131027 --- /dev/null +++ b/2020/7xxx/CVE-2020-7322.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7322", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7323.json b/2020/7xxx/CVE-2020-7323.json new file mode 100644 index 00000000000..25669ef3c66 --- /dev/null +++ b/2020/7xxx/CVE-2020-7323.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7323", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7324.json b/2020/7xxx/CVE-2020-7324.json new file mode 100644 index 00000000000..6b14dc416b3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7324.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7324", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7325.json b/2020/7xxx/CVE-2020-7325.json new file mode 100644 index 00000000000..2484590db84 --- /dev/null +++ b/2020/7xxx/CVE-2020-7325.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7325", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7326.json b/2020/7xxx/CVE-2020-7326.json new file mode 100644 index 00000000000..cb71dcf4aaf --- /dev/null +++ b/2020/7xxx/CVE-2020-7326.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7326", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7327.json b/2020/7xxx/CVE-2020-7327.json new file mode 100644 index 00000000000..23359926807 --- /dev/null +++ b/2020/7xxx/CVE-2020-7327.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7327", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7328.json b/2020/7xxx/CVE-2020-7328.json new file mode 100644 index 00000000000..8dbf6e27015 --- /dev/null +++ b/2020/7xxx/CVE-2020-7328.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7328", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7329.json b/2020/7xxx/CVE-2020-7329.json new file mode 100644 index 00000000000..04de6b2db80 --- /dev/null +++ b/2020/7xxx/CVE-2020-7329.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7329", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7330.json b/2020/7xxx/CVE-2020-7330.json new file mode 100644 index 00000000000..e4c8b42ac15 --- /dev/null +++ b/2020/7xxx/CVE-2020-7330.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7330", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7331.json b/2020/7xxx/CVE-2020-7331.json new file mode 100644 index 00000000000..953773b3448 --- /dev/null +++ b/2020/7xxx/CVE-2020-7331.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7331", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7332.json b/2020/7xxx/CVE-2020-7332.json new file mode 100644 index 00000000000..5dd5326c057 --- /dev/null +++ b/2020/7xxx/CVE-2020-7332.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7332", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7333.json b/2020/7xxx/CVE-2020-7333.json new file mode 100644 index 00000000000..547d058c625 --- /dev/null +++ b/2020/7xxx/CVE-2020-7333.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7333", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7334.json b/2020/7xxx/CVE-2020-7334.json new file mode 100644 index 00000000000..a48c5fd0088 --- /dev/null +++ b/2020/7xxx/CVE-2020-7334.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7334", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7335.json b/2020/7xxx/CVE-2020-7335.json new file mode 100644 index 00000000000..d4c7d067d74 --- /dev/null +++ b/2020/7xxx/CVE-2020-7335.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7335", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7336.json b/2020/7xxx/CVE-2020-7336.json new file mode 100644 index 00000000000..ebbbe8c8979 --- /dev/null +++ b/2020/7xxx/CVE-2020-7336.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7336", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7337.json b/2020/7xxx/CVE-2020-7337.json new file mode 100644 index 00000000000..99c5c8b3420 --- /dev/null +++ b/2020/7xxx/CVE-2020-7337.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7337", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7338.json b/2020/7xxx/CVE-2020-7338.json new file mode 100644 index 00000000000..77215ce5e36 --- /dev/null +++ b/2020/7xxx/CVE-2020-7338.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7338", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7339.json b/2020/7xxx/CVE-2020-7339.json new file mode 100644 index 00000000000..35e1753c274 --- /dev/null +++ b/2020/7xxx/CVE-2020-7339.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7339", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7340.json b/2020/7xxx/CVE-2020-7340.json new file mode 100644 index 00000000000..100c43f4ce1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7340.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7340", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7341.json b/2020/7xxx/CVE-2020-7341.json new file mode 100644 index 00000000000..9518f45a301 --- /dev/null +++ b/2020/7xxx/CVE-2020-7341.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7341", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7342.json b/2020/7xxx/CVE-2020-7342.json new file mode 100644 index 00000000000..2c21d9623e7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7342.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7342", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7343.json b/2020/7xxx/CVE-2020-7343.json new file mode 100644 index 00000000000..1f245097a01 --- /dev/null +++ b/2020/7xxx/CVE-2020-7343.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7343", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7344.json b/2020/7xxx/CVE-2020-7344.json new file mode 100644 index 00000000000..5ba85020438 --- /dev/null +++ b/2020/7xxx/CVE-2020-7344.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7344", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7345.json b/2020/7xxx/CVE-2020-7345.json new file mode 100644 index 00000000000..70b3224ecc4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7345.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7345", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7346.json b/2020/7xxx/CVE-2020-7346.json new file mode 100644 index 00000000000..35959ef70df --- /dev/null +++ b/2020/7xxx/CVE-2020-7346.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7346", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7347.json b/2020/7xxx/CVE-2020-7347.json new file mode 100644 index 00000000000..5fc06568be6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7347.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7347", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7348.json b/2020/7xxx/CVE-2020-7348.json new file mode 100644 index 00000000000..eb145a160a2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7348.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7348", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7349.json b/2020/7xxx/CVE-2020-7349.json new file mode 100644 index 00000000000..e4059ed69ac --- /dev/null +++ b/2020/7xxx/CVE-2020-7349.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7349", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7350.json b/2020/7xxx/CVE-2020-7350.json new file mode 100644 index 00000000000..2d41bb29219 --- /dev/null +++ b/2020/7xxx/CVE-2020-7350.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7350", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7351.json b/2020/7xxx/CVE-2020-7351.json new file mode 100644 index 00000000000..49e9ffa6521 --- /dev/null +++ b/2020/7xxx/CVE-2020-7351.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7351", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7352.json b/2020/7xxx/CVE-2020-7352.json new file mode 100644 index 00000000000..c76445e2718 --- /dev/null +++ b/2020/7xxx/CVE-2020-7352.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7352", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7353.json b/2020/7xxx/CVE-2020-7353.json new file mode 100644 index 00000000000..e9f50b89221 --- /dev/null +++ b/2020/7xxx/CVE-2020-7353.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7353", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7354.json b/2020/7xxx/CVE-2020-7354.json new file mode 100644 index 00000000000..fdb55e642c8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7354.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7354", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7355.json b/2020/7xxx/CVE-2020-7355.json new file mode 100644 index 00000000000..6363f7673d6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7355.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7355", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7356.json b/2020/7xxx/CVE-2020-7356.json new file mode 100644 index 00000000000..9a4a82d24ae --- /dev/null +++ b/2020/7xxx/CVE-2020-7356.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7356", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7357.json b/2020/7xxx/CVE-2020-7357.json new file mode 100644 index 00000000000..9514f2102b4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7357.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7357", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7358.json b/2020/7xxx/CVE-2020-7358.json new file mode 100644 index 00000000000..39a05d42c33 --- /dev/null +++ b/2020/7xxx/CVE-2020-7358.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7358", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7359.json b/2020/7xxx/CVE-2020-7359.json new file mode 100644 index 00000000000..caac249b871 --- /dev/null +++ b/2020/7xxx/CVE-2020-7359.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7359", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7360.json b/2020/7xxx/CVE-2020-7360.json new file mode 100644 index 00000000000..2ea0cb38419 --- /dev/null +++ b/2020/7xxx/CVE-2020-7360.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7360", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7361.json b/2020/7xxx/CVE-2020-7361.json new file mode 100644 index 00000000000..ddf5fa86ce7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7361.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7361", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7362.json b/2020/7xxx/CVE-2020-7362.json new file mode 100644 index 00000000000..20ce842535b --- /dev/null +++ b/2020/7xxx/CVE-2020-7362.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7362", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7363.json b/2020/7xxx/CVE-2020-7363.json new file mode 100644 index 00000000000..e6a4c52ac95 --- /dev/null +++ b/2020/7xxx/CVE-2020-7363.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7363", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7364.json b/2020/7xxx/CVE-2020-7364.json new file mode 100644 index 00000000000..3d14a9b7427 --- /dev/null +++ b/2020/7xxx/CVE-2020-7364.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7364", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7365.json b/2020/7xxx/CVE-2020-7365.json new file mode 100644 index 00000000000..255dc979b1c --- /dev/null +++ b/2020/7xxx/CVE-2020-7365.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7365", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7366.json b/2020/7xxx/CVE-2020-7366.json new file mode 100644 index 00000000000..d5628e3e5ea --- /dev/null +++ b/2020/7xxx/CVE-2020-7366.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7366", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7367.json b/2020/7xxx/CVE-2020-7367.json new file mode 100644 index 00000000000..2cec6ce3bc4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7367.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7367", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7368.json b/2020/7xxx/CVE-2020-7368.json new file mode 100644 index 00000000000..bc2f319bdb7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7368.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7368", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7369.json b/2020/7xxx/CVE-2020-7369.json new file mode 100644 index 00000000000..4985a2091b9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7369.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7369", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7370.json b/2020/7xxx/CVE-2020-7370.json new file mode 100644 index 00000000000..cc1789412f8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7370.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7370", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7371.json b/2020/7xxx/CVE-2020-7371.json new file mode 100644 index 00000000000..2c8ee5c1820 --- /dev/null +++ b/2020/7xxx/CVE-2020-7371.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7371", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7372.json b/2020/7xxx/CVE-2020-7372.json new file mode 100644 index 00000000000..39a4151eb6b --- /dev/null +++ b/2020/7xxx/CVE-2020-7372.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7372", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7373.json b/2020/7xxx/CVE-2020-7373.json new file mode 100644 index 00000000000..fe202d1d443 --- /dev/null +++ b/2020/7xxx/CVE-2020-7373.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7373", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7374.json b/2020/7xxx/CVE-2020-7374.json new file mode 100644 index 00000000000..8d93c97bc1a --- /dev/null +++ b/2020/7xxx/CVE-2020-7374.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7374", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7375.json b/2020/7xxx/CVE-2020-7375.json new file mode 100644 index 00000000000..ce44eb698e1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7375.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7375", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7376.json b/2020/7xxx/CVE-2020-7376.json new file mode 100644 index 00000000000..51da92348a6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7376.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7376", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7377.json b/2020/7xxx/CVE-2020-7377.json new file mode 100644 index 00000000000..6318f4db939 --- /dev/null +++ b/2020/7xxx/CVE-2020-7377.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7377", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7378.json b/2020/7xxx/CVE-2020-7378.json new file mode 100644 index 00000000000..3461877edad --- /dev/null +++ b/2020/7xxx/CVE-2020-7378.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7378", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7379.json b/2020/7xxx/CVE-2020-7379.json new file mode 100644 index 00000000000..be0a41c573e --- /dev/null +++ b/2020/7xxx/CVE-2020-7379.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7379", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7380.json b/2020/7xxx/CVE-2020-7380.json new file mode 100644 index 00000000000..6152f1046f8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7380.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7380", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7381.json b/2020/7xxx/CVE-2020-7381.json new file mode 100644 index 00000000000..e0a09040a1a --- /dev/null +++ b/2020/7xxx/CVE-2020-7381.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7381", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7382.json b/2020/7xxx/CVE-2020-7382.json new file mode 100644 index 00000000000..e5f52634ee4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7382.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7382", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7383.json b/2020/7xxx/CVE-2020-7383.json new file mode 100644 index 00000000000..3f55e912336 --- /dev/null +++ b/2020/7xxx/CVE-2020-7383.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7383", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7384.json b/2020/7xxx/CVE-2020-7384.json new file mode 100644 index 00000000000..b701e95a718 --- /dev/null +++ b/2020/7xxx/CVE-2020-7384.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7384", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7385.json b/2020/7xxx/CVE-2020-7385.json new file mode 100644 index 00000000000..3b2e590f654 --- /dev/null +++ b/2020/7xxx/CVE-2020-7385.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7385", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7386.json b/2020/7xxx/CVE-2020-7386.json new file mode 100644 index 00000000000..035f3dff5a6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7386.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7386", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7387.json b/2020/7xxx/CVE-2020-7387.json new file mode 100644 index 00000000000..52b471b967c --- /dev/null +++ b/2020/7xxx/CVE-2020-7387.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7387", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7388.json b/2020/7xxx/CVE-2020-7388.json new file mode 100644 index 00000000000..d4eb0680021 --- /dev/null +++ b/2020/7xxx/CVE-2020-7388.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7388", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 7258d932ac7f052938b7006144e50d88acd87a04 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 14:01:49 +0000 Subject: [PATCH 185/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7389.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7390.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7391.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7392.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7393.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7394.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7395.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7396.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7397.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7398.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7399.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7400.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7401.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7402.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7403.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7404.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7405.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7406.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7407.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7408.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7409.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7410.json | 18 ++++++++++++++++++ 22 files changed, 396 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7389.json create mode 100644 2020/7xxx/CVE-2020-7390.json create mode 100644 2020/7xxx/CVE-2020-7391.json create mode 100644 2020/7xxx/CVE-2020-7392.json create mode 100644 2020/7xxx/CVE-2020-7393.json create mode 100644 2020/7xxx/CVE-2020-7394.json create mode 100644 2020/7xxx/CVE-2020-7395.json create mode 100644 2020/7xxx/CVE-2020-7396.json create mode 100644 2020/7xxx/CVE-2020-7397.json create mode 100644 2020/7xxx/CVE-2020-7398.json create mode 100644 2020/7xxx/CVE-2020-7399.json create mode 100644 2020/7xxx/CVE-2020-7400.json create mode 100644 2020/7xxx/CVE-2020-7401.json create mode 100644 2020/7xxx/CVE-2020-7402.json create mode 100644 2020/7xxx/CVE-2020-7403.json create mode 100644 2020/7xxx/CVE-2020-7404.json create mode 100644 2020/7xxx/CVE-2020-7405.json create mode 100644 2020/7xxx/CVE-2020-7406.json create mode 100644 2020/7xxx/CVE-2020-7407.json create mode 100644 2020/7xxx/CVE-2020-7408.json create mode 100644 2020/7xxx/CVE-2020-7409.json create mode 100644 2020/7xxx/CVE-2020-7410.json diff --git a/2020/7xxx/CVE-2020-7389.json b/2020/7xxx/CVE-2020-7389.json new file mode 100644 index 00000000000..c317ba5201b --- /dev/null +++ b/2020/7xxx/CVE-2020-7389.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7389", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7390.json b/2020/7xxx/CVE-2020-7390.json new file mode 100644 index 00000000000..f3e0885e105 --- /dev/null +++ b/2020/7xxx/CVE-2020-7390.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7390", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7391.json b/2020/7xxx/CVE-2020-7391.json new file mode 100644 index 00000000000..6b5f26f3ba6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7391.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7391", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7392.json b/2020/7xxx/CVE-2020-7392.json new file mode 100644 index 00000000000..c459d67cf5d --- /dev/null +++ b/2020/7xxx/CVE-2020-7392.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7392", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7393.json b/2020/7xxx/CVE-2020-7393.json new file mode 100644 index 00000000000..cca9ed0b872 --- /dev/null +++ b/2020/7xxx/CVE-2020-7393.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7393", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7394.json b/2020/7xxx/CVE-2020-7394.json new file mode 100644 index 00000000000..35cfe725535 --- /dev/null +++ b/2020/7xxx/CVE-2020-7394.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7394", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7395.json b/2020/7xxx/CVE-2020-7395.json new file mode 100644 index 00000000000..a93ec4a7f5b --- /dev/null +++ b/2020/7xxx/CVE-2020-7395.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7395", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7396.json b/2020/7xxx/CVE-2020-7396.json new file mode 100644 index 00000000000..4df142efbe6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7396.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7396", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7397.json b/2020/7xxx/CVE-2020-7397.json new file mode 100644 index 00000000000..dcff57eecd7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7397.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7397", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7398.json b/2020/7xxx/CVE-2020-7398.json new file mode 100644 index 00000000000..f9fd35ff5bf --- /dev/null +++ b/2020/7xxx/CVE-2020-7398.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7398", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7399.json b/2020/7xxx/CVE-2020-7399.json new file mode 100644 index 00000000000..ea1a2af80d4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7399.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7399", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7400.json b/2020/7xxx/CVE-2020-7400.json new file mode 100644 index 00000000000..47929f542e4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7400.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7400", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7401.json b/2020/7xxx/CVE-2020-7401.json new file mode 100644 index 00000000000..5bba0292dd1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7401.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7401", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7402.json b/2020/7xxx/CVE-2020-7402.json new file mode 100644 index 00000000000..ba70cb340c3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7402.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7402", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7403.json b/2020/7xxx/CVE-2020-7403.json new file mode 100644 index 00000000000..27093e3f161 --- /dev/null +++ b/2020/7xxx/CVE-2020-7403.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7403", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7404.json b/2020/7xxx/CVE-2020-7404.json new file mode 100644 index 00000000000..afea7dfa54c --- /dev/null +++ b/2020/7xxx/CVE-2020-7404.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7404", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7405.json b/2020/7xxx/CVE-2020-7405.json new file mode 100644 index 00000000000..fb6ad3373db --- /dev/null +++ b/2020/7xxx/CVE-2020-7405.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7405", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7406.json b/2020/7xxx/CVE-2020-7406.json new file mode 100644 index 00000000000..24b7e61f2f7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7406.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7406", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7407.json b/2020/7xxx/CVE-2020-7407.json new file mode 100644 index 00000000000..455f3a5d933 --- /dev/null +++ b/2020/7xxx/CVE-2020-7407.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7407", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7408.json b/2020/7xxx/CVE-2020-7408.json new file mode 100644 index 00000000000..0767d94276b --- /dev/null +++ b/2020/7xxx/CVE-2020-7408.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7408", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7409.json b/2020/7xxx/CVE-2020-7409.json new file mode 100644 index 00000000000..476a6b343ec --- /dev/null +++ b/2020/7xxx/CVE-2020-7409.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7409", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7410.json b/2020/7xxx/CVE-2020-7410.json new file mode 100644 index 00000000000..0be7f999365 --- /dev/null +++ b/2020/7xxx/CVE-2020-7410.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7410", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From c0df166ee6c6f53a348604deb4f37aef54ccb2b1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 15:01:13 +0000 Subject: [PATCH 186/387] "-Synchronized-Data." --- 2011/2xxx/CVE-2011-2668.json | 50 +++++++++++++++++++++++++++-- 2011/2xxx/CVE-2011-2669.json | 50 +++++++++++++++++++++++++++-- 2011/4xxx/CVE-2011-4094.json | 60 ++++++++++++++++++++++++++++++++-- 2011/4xxx/CVE-2011-4095.json | 55 ++++++++++++++++++++++++++++++-- 2011/4xxx/CVE-2011-4322.json | 50 +++++++++++++++++++++++++++-- 2015/6xxx/CVE-2015-6907.json | 14 ++++---- 2020/7xxx/CVE-2020-7470.json | 62 ++++++++++++++++++++++++++++++++++++ 7 files changed, 319 insertions(+), 22 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7470.json diff --git a/2011/2xxx/CVE-2011-2668.json b/2011/2xxx/CVE-2011-2668.json index 1cd8759647b..a60b89d6882 100644 --- a/2011/2xxx/CVE-2011-2668.json +++ b/2011/2xxx/CVE-2011-2668.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2011-2668", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "1.5.0.3 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "header mishandling" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://jvn.jp/en/jp/JVN36721438/index.html", + "refsource": "MISC", + "name": "http://jvn.jp/en/jp/JVN36721438/index.html" } ] } diff --git a/2011/2xxx/CVE-2011-2669.json b/2011/2xxx/CVE-2011-2669.json index ce2c42fe8b4..c88d2af8a44 100644 --- a/2011/2xxx/CVE-2011-2669.json +++ b/2011/2xxx/CVE-2011-2669.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2011-2669", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "prior to 3.6" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://jvn.jp/en/jp/JVN70984231/index.html", + "refsource": "MISC", + "name": "http://jvn.jp/en/jp/JVN70984231/index.html" } ] } diff --git a/2011/4xxx/CVE-2011-4094.json b/2011/4xxx/CVE-2011-4094.json index 01641a833d7..394486b5dae 100644 --- a/2011/4xxx/CVE-2011-4094.json +++ b/2011/4xxx/CVE-2011-4094.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4094", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jara", + "product": { + "product_data": [ + { + "product_name": "Jara", + "version": { + "version_data": [ + { + "version_value": "1.6" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jara 1.6 has a SQL injection vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/10/31/4", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/10/31/4" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2011/Oct/767", + "url": "https://seclists.org/fulldisclosure/2011/Oct/767" + }, + { + "refsource": "EXPLOIT-DB", + "name": "Exploit Database", + "url": "https://www.exploit-db.com/exploits/18020" } ] } diff --git a/2011/4xxx/CVE-2011-4095.json b/2011/4xxx/CVE-2011-4095.json index ee794fb09cf..d21c6407850 100644 --- a/2011/4xxx/CVE-2011-4095.json +++ b/2011/4xxx/CVE-2011-4095.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4095", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jara", + "version": { + "version_data": [ + { + "version_value": "1.6" + } + ] + } + } + ] + }, + "vendor_name": "Jara" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jara 1.6 has an XSS vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/10/31/4", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/10/31/4" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/oss-sec/2011/q4/193", + "url": "https://seclists.org/oss-sec/2011/q4/193" } ] } diff --git a/2011/4xxx/CVE-2011-4322.json b/2011/4xxx/CVE-2011-4322.json index ad24476496e..7894b26e4d5 100644 --- a/2011/4xxx/CVE-2011-4322.json +++ b/2011/4xxx/CVE-2011-4322.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4322", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "websitebaker", + "product": { + "product_data": [ + { + "product_name": "websitebaker", + "version": { + "version_data": [ + { + "version_value": "prior to and including 2.8.1" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "websitebaker prior to and including 2.8.1 has an authentication error in backup module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/11/21/2", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/11/21/2" } ] } diff --git a/2015/6xxx/CVE-2015-6907.json b/2015/6xxx/CVE-2015-6907.json index c9430ecc61e..edbf880782d 100644 --- a/2015/6xxx/CVE-2015-6907.json +++ b/2015/6xxx/CVE-2015-6907.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-6907", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-6907", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." } ] } diff --git a/2020/7xxx/CVE-2020-7470.json b/2020/7xxx/CVE-2020-7470.json new file mode 100644 index 00000000000..6731b6e7e14 --- /dev/null +++ b/2020/7xxx/CVE-2020-7470.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the Friendly Name 1 field (after a successful login with the Web Admin Password)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/sonoff-sonoff-th-module-vuln-xss.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/sonoff-sonoff-th-module-vuln-xss.html" + } + ] + } +} \ No newline at end of file From d31550fb18eb2bfa47e12c23abedce3a5ba8d762 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 16:01:16 +0000 Subject: [PATCH 187/387] "-Synchronized-Data." --- 2011/5xxx/CVE-2011-5282.json | 50 +++++++++++++++++++++-- 2012/5xxx/CVE-2012-5190.json | 53 ++++++++++++++++++++++++- 2018/11xxx/CVE-2018-11778.json | 10 +++++ 2019/12xxx/CVE-2019-12397.json | 10 +++++ 2019/12xxx/CVE-2019-12838.json | 5 +++ 2019/14xxx/CVE-2019-14765.json | 67 +++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14766.json | 67 +++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14767.json | 72 ++++++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14768.json | 67 +++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19727.json | 5 +++ 2019/19xxx/CVE-2019-19728.json | 5 +++ 2019/3xxx/CVE-2019-3864.json | 5 ++- 2019/5xxx/CVE-2019-5068.json | 5 +++ 2020/2xxx/CVE-2020-2604.json | 17 +------- 14 files changed, 415 insertions(+), 23 deletions(-) create mode 100644 2019/14xxx/CVE-2019-14765.json create mode 100644 2019/14xxx/CVE-2019-14766.json create mode 100644 2019/14xxx/CVE-2019-14767.json create mode 100644 2019/14xxx/CVE-2019-14768.json diff --git a/2011/5xxx/CVE-2011-5282.json b/2011/5xxx/CVE-2011-5282.json index 69aa989ce94..f3c4d696c36 100644 --- a/2011/5xxx/CVE-2011-5282.json +++ b/2011/5xxx/CVE-2011-5282.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-5282", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mIRC", + "product": { + "product_data": [ + { + "product_name": "mIRC", + "version": { + "version_data": [ + { + "version_value": "prior to 7.22" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "mIRC prior to 7.22 has a message leak because chopping of outbound messages is mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "data leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.mirc.com/news.html", + "refsource": "MISC", + "name": "http://www.mirc.com/news.html" } ] } diff --git a/2012/5xxx/CVE-2012-5190.json b/2012/5xxx/CVE-2012-5190.json index e8120a0f3fb..63604b0995f 100644 --- a/2012/5xxx/CVE-2012-5190.json +++ b/2012/5xxx/CVE-2012-5190.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5190", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/57242", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/57242" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81163", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81163" } ] } diff --git a/2018/11xxx/CVE-2018-11778.json b/2018/11xxx/CVE-2018-11778.json index 4d1e23056ac..a88ccbd9850 100644 --- a/2018/11xxx/CVE-2018-11778.json +++ b/2018/11xxx/CVE-2018-11778.json @@ -62,6 +62,16 @@ "name": "[oss-security] 20181004 CVE update - fixed in Apache Ranger 1.2.0", "refsource": "MLIST", "url": "https://seclists.org/oss-sec/2018/q4/11" + }, + { + "refsource": "MLIST", + "name": "[ranger-dev] 20200121 [jira] [Resolved] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue", + "url": "https://lists.apache.org/thread.html/r04bc435a92911de4b52d2b98f169bd7cf2e8bbeb53b03788df8f932c@%3Cdev.ranger.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[ranger-dev] 20200121 [jira] [Commented] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue", + "url": "https://lists.apache.org/thread.html/rd88077a781ef38f7687c100f93992f4dda8aa101925050c4af470998@%3Cdev.ranger.apache.org%3E" } ] } diff --git a/2019/12xxx/CVE-2019-12397.json b/2019/12xxx/CVE-2019-12397.json index 91b6e1db1cc..a650a599a08 100644 --- a/2019/12xxx/CVE-2019-12397.json +++ b/2019/12xxx/CVE-2019-12397.json @@ -63,6 +63,16 @@ "refsource": "MLIST", "name": "[ranger-dev] 20191229 [jira] [Updated] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue", "url": "https://lists.apache.org/thread.html/cbc6346708ef2b9ffb2555637311bf6294923c609c029389fa39de8f@%3Cdev.ranger.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[ranger-dev] 20200121 [jira] [Resolved] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue", + "url": "https://lists.apache.org/thread.html/r04bc435a92911de4b52d2b98f169bd7cf2e8bbeb53b03788df8f932c@%3Cdev.ranger.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[ranger-dev] 20200121 [jira] [Commented] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue", + "url": "https://lists.apache.org/thread.html/rd88077a781ef38f7687c100f93992f4dda8aa101925050c4af470998@%3Cdev.ranger.apache.org%3E" } ] }, diff --git a/2019/12xxx/CVE-2019-12838.json b/2019/12xxx/CVE-2019-12838.json index 6bbbd73eafc..86b35a74933 100644 --- a/2019/12xxx/CVE-2019-12838.json +++ b/2019/12xxx/CVE-2019-12838.json @@ -101,6 +101,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2536", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00051.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0085", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.html" } ] }, diff --git a/2019/14xxx/CVE-2019-14765.json b/2019/14xxx/CVE-2019-14765.json new file mode 100644 index 00000000000..d8ea1ee6ee0 --- /dev/null +++ b/2019/14xxx/CVE-2019-14765.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dimo-crm.fr/blog-crm/", + "refsource": "MISC", + "name": "https://www.dimo-crm.fr/blog-crm/" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305", + "url": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14766.json b/2019/14xxx/CVE-2019-14766.json new file mode 100644 index 00000000000..fdbc613d9d4 --- /dev/null +++ b/2019/14xxx/CVE-2019-14766.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dimo-crm.fr/blog-crm/", + "refsource": "MISC", + "name": "https://www.dimo-crm.fr/blog-crm/" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305", + "url": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14767.json b/2019/14xxx/CVE-2019-14767.json new file mode 100644 index 00000000000..ceb87108dff --- /dev/null +++ b/2019/14xxx/CVE-2019-14767.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dimo-crm.fr/blog-crm/", + "refsource": "MISC", + "name": "https://www.dimo-crm.fr/blog-crm/" + }, + { + "url": "https://www.elysium-security.com/sitemap.php", + "refsource": "MISC", + "name": "https://www.elysium-security.com/sitemap.php" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305", + "url": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14768.json b/2019/14xxx/CVE-2019-14768.json new file mode 100644 index 00000000000..3096f4c72f8 --- /dev/null +++ b/2019/14xxx/CVE-2019-14768.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dimo-crm.fr/blog-crm/", + "refsource": "MISC", + "name": "https://www.dimo-crm.fr/blog-crm/" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305", + "url": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19727.json b/2019/19xxx/CVE-2019-19727.json index 498a25a2a76..5e79cd65faa 100644 --- a/2019/19xxx/CVE-2019-19727.json +++ b/2019/19xxx/CVE-2019-19727.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://www.schedmd.com/news.php", "url": "https://www.schedmd.com/news.php" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0085", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.html" } ] } diff --git a/2019/19xxx/CVE-2019-19728.json b/2019/19xxx/CVE-2019-19728.json index ed5e36b6102..3f2a4e3be6d 100644 --- a/2019/19xxx/CVE-2019-19728.json +++ b/2019/19xxx/CVE-2019-19728.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://www.schedmd.com/news.php", "url": "https://www.schedmd.com/news.php" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0085", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.html" } ] } diff --git a/2019/3xxx/CVE-2019-3864.json b/2019/3xxx/CVE-2019-3864.json index de0fff5ba43..bb257814234 100644 --- a/2019/3xxx/CVE-2019-3864.json +++ b/2019/3xxx/CVE-2019-3864.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-3864", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -68,4 +69,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5068.json b/2019/5xxx/CVE-2019-5068.json index 241d9b39d5d..9d1bc5ec2d1 100644 --- a/2019/5xxx/CVE-2019-5068.json +++ b/2019/5xxx/CVE-2019-5068.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191115 [SECURITY] [DLA 1993-1] mesa security update", "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0084", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html" } ] }, diff --git a/2020/2xxx/CVE-2020-2604.json b/2020/2xxx/CVE-2020-2604.json index 5cb96f80209..99d36bc9fe7 100644 --- a/2020/2xxx/CVE-2020-2604.json +++ b/2020/2xxx/CVE-2020-2604.json @@ -39,7 +39,7 @@ "description_data": [ { "lang": "eng", - "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)." + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)." } ] }, @@ -71,21 +71,6 @@ "refsource": "REDHAT", "name": "RHSA-2020:0122", "url": "https://access.redhat.com/errata/RHSA-2020:0122" - }, - { - "refsource": "DEBIAN", - "name": "DSA-4605", - "url": "https://www.debian.org/security/2020/dsa-4605" - }, - { - "refsource": "BUGTRAQ", - "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", - "url": "https://seclists.org/bugtraq/2020/Jan/24" - }, - { - "refsource": "REDHAT", - "name": "RHSA-2020:0157", - "url": "https://access.redhat.com/errata/RHSA-2020:0157" } ] } From 8f25fd15e359883b671e8d734fc9567a1d9fc9dd Mon Sep 17 00:00:00 2001 From: Claudiu Gheorghe Date: Fri, 17 Jan 2020 14:02:30 -0800 Subject: [PATCH 188/387] Added CVE-2019-18426 --- 2019/18xxx/CVE-2019-18426.json | 68 ++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 2019/18xxx/CVE-2019-18426.json diff --git a/2019/18xxx/CVE-2019-18426.json b/2019/18xxx/CVE-2019-18426.json new file mode 100644 index 00000000000..614041dbb56 --- /dev/null +++ b/2019/18xxx/CVE-2019-18426.json @@ -0,0 +1,68 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve-assign@fb.com", + "DATE_ASSIGNED": "2020-01-21", + "ID": "CVE-2019-18426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Facebook", + "product": { + "product_data": [ + { + "product_name": "WhatsApp Desktop", + "version": { + "version_data": [ + { + "version_affected": "!=>", + "version_value": "0.3.9309" + }, + { + "version_affected": "<", + "version_value": "0.3.9309" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.facebook.com/security/advisories/cve-2019-18426", + "url": "https://www.facebook.com/security/advisories/cve-2019-18426" + } + ] + } +} From a7fd303ade99051c0d2a2d817c6abb8a5095d3fd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 17:01:08 +0000 Subject: [PATCH 189/387] "-Synchronized-Data." --- 2019/19xxx/CVE-2019-19392.json | 61 +++++++++++++++++++++++++++---- 2020/6xxx/CVE-2020-6857.json | 61 +++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7211.json | 66 ++++++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7213.json | 66 ++++++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7229.json | 61 +++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7471.json | 18 ++++++++++ 6 files changed, 303 insertions(+), 30 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7471.json diff --git a/2019/19xxx/CVE-2019-19392.json b/2019/19xxx/CVE-2019-19392.json index e5916bd35a9..d90e52382c9 100644 --- a/2019/19xxx/CVE-2019-19392.json +++ b/2019/19xxx/CVE-2019-19392.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19392", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19392", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new users with Administrator privileges, as demonstrated by Roles=\"Administrators\" in XML or CSV data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/fordnn/usersexportimport/commits/master", + "refsource": "MISC", + "name": "https://github.com/fordnn/usersexportimport/commits/master" + }, + { + "refsource": "MISC", + "name": "https://blog.joaoorvalho.com/description-cve-2019-19392/", + "url": "https://blog.joaoorvalho.com/description-cve-2019-19392/" } ] } diff --git a/2020/6xxx/CVE-2020-6857.json b/2020/6xxx/CVE-2020-6857.json index 7ca612202e1..249903890f0 100644 --- a/2020/6xxx/CVE-2020-6857.json +++ b/2020/6xxx/CVE-2020-6857.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6857", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6857", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://hyp3rlinx.altervista.org", + "refsource": "MISC", + "name": "http://hyp3rlinx.altervista.org" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2020/Jan/30", + "url": "https://seclists.org/bugtraq/2020/Jan/30" } ] } diff --git a/2020/7xxx/CVE-2020-7211.json b/2020/7xxx/CVE-2020-7211.json index 5d24faf901b..9898f689aff 100644 --- a/2020/7xxx/CVE-2020-7211.json +++ b/2020/7xxx/CVE-2020-7211.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7211", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7211", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\\ directory traversal on Windows." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4" + }, + { + "refsource": "CONFIRM", + "name": "http://www.openwall.com/lists/oss-security/2020/01/17/2", + "url": "http://www.openwall.com/lists/oss-security/2020/01/17/2" + }, + { + "refsource": "DEBIAN", + "name": "Debian", + "url": "https://security-tracker.debian.org/tracker/CVE-2020-7211" } ] } diff --git a/2020/7xxx/CVE-2020-7213.json b/2020/7xxx/CVE-2020-7213.json index e247fd6d2bb..b4d6b458003 100644 --- a/2020/7xxx/CVE-2020-7213.json +++ b/2020/7xxx/CVE-2020-7213.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7213", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7213", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallels_updates.xml file on the http://update.parallels.com web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://parallels.com", + "refsource": "MISC", + "name": "https://parallels.com" + }, + { + "refsource": "MISC", + "name": "http://almorabea.net/cves/cve-2020-7213.txt", + "url": "http://almorabea.net/cves/cve-2020-7213.txt" + }, + { + "refsource": "MISC", + "name": "http://almorabea.net/en/2020/01/19/write-up-for-the-parallel-vulnerability-cve-2020-7213/", + "url": "http://almorabea.net/en/2020/01/19/write-up-for-the-parallel-vulnerability-cve-2020-7213/" } ] } diff --git a/2020/7xxx/CVE-2020-7229.json b/2020/7xxx/CVE-2020-7229.json index dd41e2d48c1..074831f32d5 100644 --- a/2020/7xxx/CVE-2020-7229.json +++ b/2020/7xxx/CVE-2020-7229.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7229", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7229", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Simplejobscript.com SJS before 1.65. There is unauthenticated SQL injection via the search engine. The parameter is landing_location. The function is countSearchedJobs(). The file is _lib/class.Job.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://simplejobscript.com", + "refsource": "MISC", + "name": "https://simplejobscript.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/niteosoft/simplejobscript/issues/7", + "url": "https://github.com/niteosoft/simplejobscript/issues/7" } ] } diff --git a/2020/7xxx/CVE-2020-7471.json b/2020/7xxx/CVE-2020-7471.json new file mode 100644 index 00000000000..086aea39570 --- /dev/null +++ b/2020/7xxx/CVE-2020-7471.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7471", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 880bfb89231e3ab9af8069ccaaf356b93d406ef0 Mon Sep 17 00:00:00 2001 From: Guilherme de Almeida Suckevicz Date: Tue, 21 Jan 2020 14:25:33 -0300 Subject: [PATCH 190/387] CVE-2019-14907 init. --- 2019/14xxx/CVE-2019-14907.json | 80 ++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 2019/14xxx/CVE-2019-14907.json diff --git a/2019/14xxx/CVE-2019-14907.json b/2019/14xxx/CVE-2019-14907.json new file mode 100644 index 00000000000..825332772d2 --- /dev/null +++ b/2019/14xxx/CVE-2019-14907.json @@ -0,0 +1,80 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14907", + "ASSIGNER": "gsuckevi@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "samba", + "version": { + "version_data": [ + { + "version_value": "All versions 4.11.x before 4.11.5" + }, + { + "version_value": "All versions 4.10.x before 4.10.12" + }, + { + "version_value": "All versions 4.9.x before 4.9.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14907", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14907", + "refsource": "CONFIRM" + }, + { + "url": "https://www.samba.org/samba/security/CVE-2019-14907.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with \"log level = 3\" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless)." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] + } +} \ No newline at end of file From d0ae85f5a12482634de49c344a009875bf6cef33 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 18:01:14 +0000 Subject: [PATCH 191/387] "-Synchronized-Data." --- 2015/1xxx/CVE-2015-1861.json | 14 +++---- 2015/2xxx/CVE-2015-2784.json | 53 ++++++++++++++++++++++++- 2019/14xxx/CVE-2019-14902.json | 9 +++-- 2019/14xxx/CVE-2019-14907.json | 7 +++- 2019/17xxx/CVE-2019-17361.json | 2 +- 2019/18xxx/CVE-2019-18932.json | 72 ++++++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19344.json | 9 +++-- 2020/5xxx/CVE-2020-5202.json | 61 +++++++++++++++++++++++++--- 8 files changed, 203 insertions(+), 24 deletions(-) create mode 100644 2019/18xxx/CVE-2019-18932.json diff --git a/2015/1xxx/CVE-2015-1861.json b/2015/1xxx/CVE-2015-1861.json index cba6cd0252a..381f40ee519 100644 --- a/2015/1xxx/CVE-2015-1861.json +++ b/2015/1xxx/CVE-2015-1861.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-1861", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-1861", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." } ] } diff --git a/2015/2xxx/CVE-2015-2784.json b/2015/2xxx/CVE-2015-2784.json index 038e4089396..323313a4d1e 100644 --- a/2015/2xxx/CVE-2015-2784.json +++ b/2015/2xxx/CVE-2015-2784.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2784", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/rsantamaria/papercrop/commit/b4ecd95debaf0a8712bd1d34def83f41fc6b3579", + "url": "https://github.com/rsantamaria/papercrop/commit/b4ecd95debaf0a8712bd1d34def83f41fc6b3579" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/rsantamaria/papercrop/blob/master/CHANGELOG.md", + "url": "https://github.com/rsantamaria/papercrop/blob/master/CHANGELOG.md" } ] } diff --git a/2019/14xxx/CVE-2019-14902.json b/2019/14xxx/CVE-2019-14902.json index cd01bc78835..a05ebbe9eb1 100644 --- a/2019/14xxx/CVE-2019-14902.json +++ b/2019/14xxx/CVE-2019-14902.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-14902", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -50,7 +51,9 @@ "references": { "reference_data": [ { - "url": "https://www.samba.org/samba/security/CVE-2019-14902.html" + "url": "https://www.samba.org/samba/security/CVE-2019-14902.html", + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2019-14902.html" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902", @@ -77,4 +80,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14907.json b/2019/14xxx/CVE-2019-14907.json index 825332772d2..8aa3d1a7886 100644 --- a/2019/14xxx/CVE-2019-14907.json +++ b/2019/14xxx/CVE-2019-14907.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-14907", - "ASSIGNER": "gsuckevi@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -55,7 +56,9 @@ "refsource": "CONFIRM" }, { - "url": "https://www.samba.org/samba/security/CVE-2019-14907.html" + "url": "https://www.samba.org/samba/security/CVE-2019-14907.html", + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2019-14907.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17361.json b/2019/17xxx/CVE-2019-17361.json index fd43bfa286d..08f1f5ab767 100644 --- a/2019/17xxx/CVE-2019-17361.json +++ b/2019/17xxx/CVE-2019-17361.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In SaltStack Salt through 2019.2.0, the salt-api NEST API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host." + "value": "In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host." } ] }, diff --git a/2019/18xxx/CVE-2019-18932.json b/2019/18xxx/CVE-2019-18932.json new file mode 100644 index 00000000000..4d6c39954eb --- /dev/null +++ b/2019/18xxx/CVE-2019-18932.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1150554", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1150554" + }, + { + "url": "https://sourceforge.net/projects/sarg/", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/sarg/" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/01/20/6", + "url": "http://www.openwall.com/lists/oss-security/2020/01/20/6" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19344.json b/2019/19xxx/CVE-2019-19344.json index 03ff524dfbf..143dcd5d47f 100644 --- a/2019/19xxx/CVE-2019-19344.json +++ b/2019/19xxx/CVE-2019-19344.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19344", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -55,7 +56,9 @@ "refsource": "CONFIRM" }, { - "url": "https://www.samba.org/samba/security/CVE-2019-19344.html" + "url": "https://www.samba.org/samba/security/CVE-2019-19344.html", + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2019-19344.html" } ] }, @@ -77,4 +80,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5202.json b/2020/5xxx/CVE-2020-5202.json index 661af045ba4..c8874aee633 100644 --- a/2020/5xxx/CVE-2020-5202.json +++ b/2020/5xxx/CVE-2020-5202.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5202", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5202", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2020-5202", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2020-5202" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/01/20/4", + "url": "http://www.openwall.com/lists/oss-security/2020/01/20/4" } ] } From 8edf724f8ac0ed95937950cdadefaf515ab41f61 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 19:01:13 +0000 Subject: [PATCH 192/387] "-Synchronized-Data." --- 2014/2xxx/CVE-2014-2680.json | 48 ++++++++++++++++++- 2016/11xxx/CVE-2016-11018.json | 66 +++++++++++++++++++++++--- 2019/17xxx/CVE-2019-17357.json | 85 ++++++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19411.json | 50 ++++++++++++++++++-- 2019/19xxx/CVE-2019-19592.json | 56 +++++++++++++++++++--- 2019/5xxx/CVE-2019-5703.json | 14 +++--- 2019/5xxx/CVE-2019-5704.json | 14 +++--- 2019/5xxx/CVE-2019-5705.json | 14 +++--- 2019/5xxx/CVE-2019-5706.json | 14 +++--- 2019/5xxx/CVE-2019-5707.json | 14 +++--- 2019/5xxx/CVE-2019-5708.json | 14 +++--- 2019/5xxx/CVE-2019-5709.json | 14 +++--- 2019/5xxx/CVE-2019-5710.json | 14 +++--- 2019/5xxx/CVE-2019-5711.json | 14 +++--- 2019/5xxx/CVE-2019-5712.json | 14 +++--- 2019/5xxx/CVE-2019-5713.json | 14 +++--- 2019/5xxx/CVE-2019-5714.json | 14 +++--- 2020/1xxx/CVE-2020-1840.json | 50 ++++++++++++++++++-- 2020/6xxx/CVE-2020-6849.json | 66 +++++++++++++++++++++++--- 2020/6xxx/CVE-2020-6857.json | 5 ++ 20 files changed, 484 insertions(+), 110 deletions(-) create mode 100644 2019/17xxx/CVE-2019-17357.json diff --git a/2014/2xxx/CVE-2014-2680.json b/2014/2xxx/CVE-2014-2680.json index 6067119afd9..5ddf779249e 100644 --- a/2014/2xxx/CVE-2014-2680.json +++ b/2014/2xxx/CVE-2014-2680.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2680", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The update process in Xmind 3.4.1 and earlier allow remote attackers to execute arbitrary code via a man-in-the-middle attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20160822124252/http://rampartssecurity.com/docs/Xmind-MITM.pdf", + "url": "https://web.archive.org/web/20160822124252/http://rampartssecurity.com/docs/Xmind-MITM.pdf" } ] } diff --git a/2016/11xxx/CVE-2016-11018.json b/2016/11xxx/CVE-2016-11018.json index 210bb4103cb..d5dda28de55 100644 --- a/2016/11xxx/CVE-2016-11018.json +++ b/2016/11xxx/CVE-2016-11018.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11018", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11018", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://plugins.trac.wordpress.org/browser/gallery-images/tags/1.8.9", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/gallery-images/tags/1.8.9" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/gallery-images/tags/1.9.0", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/gallery-images/tags/1.9.0" + }, + { + "refsource": "MISC", + "name": "http://10degres.net/cve-2016-11018-image-gallery-sql-injection/", + "url": "http://10degres.net/cve-2016-11018-image-gallery-sql-injection/" } ] } diff --git a/2019/17xxx/CVE-2019-17357.json b/2019/17xxx/CVE-2019-17357.json new file mode 100644 index 00000000000..dccacae4604 --- /dev/null +++ b/2019/17xxx/CVE-2019-17357.json @@ -0,0 +1,85 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.darkmatter.ae/xen1thlabs/", + "refsource": "MISC", + "name": "https://www.darkmatter.ae/xen1thlabs/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/Cacti/cacti/issues/3025", + "url": "https://github.com/Cacti/cacti/issues/3025" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947374", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947374" + } + ] + }, + "impact": { + "cvss": { + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19411.json b/2019/19xxx/CVE-2019-19411.json index a870e0c767f..ba83d7a4361 100644 --- a/2019/19xxx/CVE-2019-19411.json +++ b/2019/19xxx/CVE-2019-19411.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19411", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "USG9500", + "version": { + "version_data": [ + { + "version_value": "V500R001C30SPC100,V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Leakage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-firewall-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-firewall-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished." } ] } diff --git a/2019/19xxx/CVE-2019-19592.json b/2019/19xxx/CVE-2019-19592.json index f83293a7498..5f2ad3c0ca7 100644 --- a/2019/19xxx/CVE-2019-19592.json +++ b/2019/19xxx/CVE-2019-19592.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19592", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19592", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jama Connect 8.44.0 has XSS via the \"Import File and Destination\" tab on the \"Data import wizard\" screen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://sumukh30.blogspot.com/2020/01/normal-0-false-false-false-en-us-x-none.html?m=1", + "url": "https://sumukh30.blogspot.com/2020/01/normal-0-false-false-false-en-us-x-none.html?m=1" } ] } diff --git a/2019/5xxx/CVE-2019-5703.json b/2019/5xxx/CVE-2019-5703.json index 4e43e01d09a..5091535fb93 100644 --- a/2019/5xxx/CVE-2019-5703.json +++ b/2019/5xxx/CVE-2019-5703.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5703", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5703", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5704.json b/2019/5xxx/CVE-2019-5704.json index cc372e1090d..a769fffa2f3 100644 --- a/2019/5xxx/CVE-2019-5704.json +++ b/2019/5xxx/CVE-2019-5704.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5704", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5704", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5705.json b/2019/5xxx/CVE-2019-5705.json index 9bdd0e3e13f..92479cec761 100644 --- a/2019/5xxx/CVE-2019-5705.json +++ b/2019/5xxx/CVE-2019-5705.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5705", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5705", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5706.json b/2019/5xxx/CVE-2019-5706.json index a2ec675df65..06fb2b04c80 100644 --- a/2019/5xxx/CVE-2019-5706.json +++ b/2019/5xxx/CVE-2019-5706.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5706", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5706", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5707.json b/2019/5xxx/CVE-2019-5707.json index b51c440d439..5a2b0414755 100644 --- a/2019/5xxx/CVE-2019-5707.json +++ b/2019/5xxx/CVE-2019-5707.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5707", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5707", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5708.json b/2019/5xxx/CVE-2019-5708.json index 1f31c9f33c3..a4a3cabcbaf 100644 --- a/2019/5xxx/CVE-2019-5708.json +++ b/2019/5xxx/CVE-2019-5708.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5708", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5708", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5709.json b/2019/5xxx/CVE-2019-5709.json index 4d0a9713f43..6536661abd2 100644 --- a/2019/5xxx/CVE-2019-5709.json +++ b/2019/5xxx/CVE-2019-5709.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5709", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5709", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5710.json b/2019/5xxx/CVE-2019-5710.json index b960cf0a9c7..29f80b26764 100644 --- a/2019/5xxx/CVE-2019-5710.json +++ b/2019/5xxx/CVE-2019-5710.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5710", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5710", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5711.json b/2019/5xxx/CVE-2019-5711.json index 213f4b627a1..301eaddb6e2 100644 --- a/2019/5xxx/CVE-2019-5711.json +++ b/2019/5xxx/CVE-2019-5711.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5711", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5711", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5712.json b/2019/5xxx/CVE-2019-5712.json index 1d4e1163d30..574cf898ea0 100644 --- a/2019/5xxx/CVE-2019-5712.json +++ b/2019/5xxx/CVE-2019-5712.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5712", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5712", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5713.json b/2019/5xxx/CVE-2019-5713.json index 2efa9bb9fc3..021b8659f61 100644 --- a/2019/5xxx/CVE-2019-5713.json +++ b/2019/5xxx/CVE-2019-5713.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5713", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5713", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5714.json b/2019/5xxx/CVE-2019-5714.json index 1cca0c4267b..e0972595895 100644 --- a/2019/5xxx/CVE-2019-5714.json +++ b/2019/5xxx/CVE-2019-5714.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5714", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5714", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2020/1xxx/CVE-2020-1840.json b/2020/1xxx/CVE-2020-1840.json index 532ca3bcf28..8a73c169551 100644 --- a/2020/1xxx/CVE-2020-1840.json +++ b/2020/1xxx/CVE-2020-1840.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1840", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HUAWEI Mate 20", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.0.0.175(C00E70R3P8)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-smartphone-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-smartphone-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E70R3P8) have an insufficient authentication vulnerability. A local attacker with high privilege can execute a specific command to exploit this vulnerability. Successful exploitation may cause information leak and compromise the availability of the smart phones.Affected product versions include: HUAWEI Mate 20 versions Versions earlier than 10.0.0.175(C00E70R3P8)" } ] } diff --git a/2020/6xxx/CVE-2020-6849.json b/2020/6xxx/CVE-2020-6849.json index 2ced3f436d8..7b82e6fecd7 100644 --- a/2020/6xxx/CVE-2020-6849.json +++ b/2020/6xxx/CVE-2020-6849.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6849", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6849", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketo_fat CSRF with resultant XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://zeroauth.ltd/blog/", + "refsource": "MISC", + "name": "https://zeroauth.ltd/blog/" + }, + { + "url": "https://wordpress.org/plugins/marketo-forms-and-tracking/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/marketo-forms-and-tracking/#developers" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10031", + "url": "https://wpvulndb.com/vulnerabilities/10031" } ] } diff --git a/2020/6xxx/CVE-2020-6857.json b/2020/6xxx/CVE-2020-6857.json index 249903890f0..b7eaf8e53de 100644 --- a/2020/6xxx/CVE-2020-6857.json +++ b/2020/6xxx/CVE-2020-6857.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://seclists.org/bugtraq/2020/Jan/30", "url": "https://seclists.org/bugtraq/2020/Jan/30" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156015/Neowise-CarbonFTP-1.4-Insecure-Proprietary-Password-Encryption.html", + "url": "http://packetstormsecurity.com/files/156015/Neowise-CarbonFTP-1.4-Insecure-Proprietary-Password-Encryption.html" } ] } From d8cb481e8b52b8f92a3d45d156d390869dae3bff Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 20:01:12 +0000 Subject: [PATCH 193/387] "-Synchronized-Data." --- 2018/10xxx/CVE-2018-10853.json | 5 +++ 2018/18xxx/CVE-2018-18281.json | 5 +++ 2018/18xxx/CVE-2018-18559.json | 5 +++ 2018/20xxx/CVE-2018-20976.json | 5 +++ 2018/3xxx/CVE-2018-3693.json | 5 +++ 2019/10xxx/CVE-2019-10126.json | 5 +++ 2019/10xxx/CVE-2019-10940.json | 5 +++ 2019/11xxx/CVE-2019-11244.json | 5 +++ 2019/11xxx/CVE-2019-11487.json | 5 +++ 2019/11xxx/CVE-2019-11599.json | 5 +++ 2019/13xxx/CVE-2019-13933.json | 9 ++++- 2019/14xxx/CVE-2019-14814.json | 5 +++ 2019/14xxx/CVE-2019-14815.json | 5 +++ 2019/14xxx/CVE-2019-14816.json | 5 +++ 2019/14xxx/CVE-2019-14818.json | 5 +++ 2019/17xxx/CVE-2019-17133.json | 5 +++ 2019/17xxx/CVE-2019-17584.json | 67 ++++++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18660.json | 5 +++ 2019/19xxx/CVE-2019-19278.json | 9 ++++- 2019/19xxx/CVE-2019-19681.json | 7 +++- 2019/19xxx/CVE-2019-19740.json | 2 +- 2019/3xxx/CVE-2019-3846.json | 5 +++ 2019/8xxx/CVE-2019-8912.json | 5 +++ 2020/6xxx/CVE-2020-6638.json | 61 ++++++++++++++++++++++++++++--- 2020/6xxx/CVE-2020-6857.json | 5 +++ 25 files changed, 238 insertions(+), 12 deletions(-) create mode 100644 2019/17xxx/CVE-2019-17584.json diff --git a/2018/10xxx/CVE-2018-10853.json b/2018/10xxx/CVE-2018-10853.json index 79000ce28a2..bdc40411fcb 100644 --- a/2018/10xxx/CVE-2018-10853.json +++ b/2018/10xxx/CVE-2018-10853.json @@ -131,6 +131,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0103", "url": "https://access.redhat.com/errata/RHSA-2020:0103" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0179", + "url": "https://access.redhat.com/errata/RHSA-2020:0179" } ] } diff --git a/2018/18xxx/CVE-2018-18281.json b/2018/18xxx/CVE-2018-18281.json index 372ad8273c3..65e05374f1c 100644 --- a/2018/18xxx/CVE-2018-18281.json +++ b/2018/18xxx/CVE-2018-18281.json @@ -181,6 +181,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0103", "url": "https://access.redhat.com/errata/RHSA-2020:0103" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0179", + "url": "https://access.redhat.com/errata/RHSA-2020:0179" } ] } diff --git a/2018/18xxx/CVE-2018-18559.json b/2018/18xxx/CVE-2018-18559.json index 96d54612e39..90f6f7b2867 100644 --- a/2018/18xxx/CVE-2018-18559.json +++ b/2018/18xxx/CVE-2018-18559.json @@ -91,6 +91,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4159", "url": "https://access.redhat.com/errata/RHSA-2019:4159" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0174", + "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ] } diff --git a/2018/20xxx/CVE-2018-20976.json b/2018/20xxx/CVE-2018-20976.json index 91d29ae32ca..dc6712850c4 100644 --- a/2018/20xxx/CVE-2018-20976.json +++ b/2018/20xxx/CVE-2018-20976.json @@ -106,6 +106,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0178", + "url": "https://access.redhat.com/errata/RHSA-2020:0178" } ] } diff --git a/2018/3xxx/CVE-2018-3693.json b/2018/3xxx/CVE-2018-3693.json index 2fa762e03f8..c38b198ea55 100644 --- a/2018/3xxx/CVE-2018-3693.json +++ b/2018/3xxx/CVE-2018-3693.json @@ -91,6 +91,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1946", "url": "https://access.redhat.com/errata/RHSA-2019:1946" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0174", + "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ] } diff --git a/2019/10xxx/CVE-2019-10126.json b/2019/10xxx/CVE-2019-10126.json index 4ed2ce5c449..f667ccc024f 100644 --- a/2019/10xxx/CVE-2019-10126.json +++ b/2019/10xxx/CVE-2019-10126.json @@ -168,6 +168,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3517", "url": "https://access.redhat.com/errata/RHSA-2019:3517" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0174", + "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ] }, diff --git a/2019/10xxx/CVE-2019-10940.json b/2019/10xxx/CVE-2019-10940.json index 8e68401d2fd..a3a3fcb6e12 100644 --- a/2019/10xxx/CVE-2019-10940.json +++ b/2019/10xxx/CVE-2019-10940.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-880233.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-880233.pdf" + }, { "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-880233.pdf", diff --git a/2019/11xxx/CVE-2019-11244.json b/2019/11xxx/CVE-2019-11244.json index e242634de41..ee426f62fc2 100644 --- a/2019/11xxx/CVE-2019-11244.json +++ b/2019/11xxx/CVE-2019-11244.json @@ -134,6 +134,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0020", "url": "https://access.redhat.com/errata/RHSA-2020:0020" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0074", + "url": "https://access.redhat.com/errata/RHSA-2020:0074" } ] }, diff --git a/2019/11xxx/CVE-2019-11487.json b/2019/11xxx/CVE-2019-11487.json index f5d3fd8a9c6..68116f449ab 100644 --- a/2019/11xxx/CVE-2019-11487.json +++ b/2019/11xxx/CVE-2019-11487.json @@ -191,6 +191,11 @@ "refsource": "UBUNTU", "name": "USN-4145-1", "url": "https://usn.ubuntu.com/4145-1/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0174", + "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ] } diff --git a/2019/11xxx/CVE-2019-11599.json b/2019/11xxx/CVE-2019-11599.json index 8adb657665a..e340f9cfe7f 100644 --- a/2019/11xxx/CVE-2019-11599.json +++ b/2019/11xxx/CVE-2019-11599.json @@ -226,6 +226,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0103", "url": "https://access.redhat.com/errata/RHSA-2020:0103" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0179", + "url": "https://access.redhat.com/errata/RHSA-2020:0179" } ] } diff --git a/2019/13xxx/CVE-2019-13933.json b/2019/13xxx/CVE-2019-13933.json index 1e759f15a41..efe0452797c 100644 --- a/2019/13xxx/CVE-2019-13933.json +++ b/2019/13xxx/CVE-2019-13933.json @@ -62,10 +62,15 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf" + }, { "refsource": "MISC", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf" + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-03", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-03" } ] } diff --git a/2019/14xxx/CVE-2019-14814.json b/2019/14xxx/CVE-2019-14814.json index 6b799537ddb..463694d1504 100644 --- a/2019/14xxx/CVE-2019-14814.json +++ b/2019/14xxx/CVE-2019-14814.json @@ -143,6 +143,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0174", + "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ] }, diff --git a/2019/14xxx/CVE-2019-14815.json b/2019/14xxx/CVE-2019-14815.json index 111b9a27016..5df82204726 100644 --- a/2019/14xxx/CVE-2019-14815.json +++ b/2019/14xxx/CVE-2019-14815.json @@ -73,6 +73,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200103-0001/", "url": "https://security.netapp.com/advisory/ntap-20200103-0001/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0174", + "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ] }, diff --git a/2019/14xxx/CVE-2019-14816.json b/2019/14xxx/CVE-2019-14816.json index 281eca329c5..a0b9a730917 100644 --- a/2019/14xxx/CVE-2019-14816.json +++ b/2019/14xxx/CVE-2019-14816.json @@ -143,6 +143,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0174", + "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ] }, diff --git a/2019/14xxx/CVE-2019-14818.json b/2019/14xxx/CVE-2019-14818.json index 77a1b2ec441..8771ec65447 100644 --- a/2019/14xxx/CVE-2019-14818.json +++ b/2019/14xxx/CVE-2019-14818.json @@ -77,6 +77,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0165", "url": "https://access.redhat.com/errata/RHSA-2020:0165" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0168", + "url": "https://access.redhat.com/errata/RHSA-2020:0168" } ] }, diff --git a/2019/17xxx/CVE-2019-17133.json b/2019/17xxx/CVE-2019-17133.json index 2f5c4e4d3d9..2c521d7eb16 100644 --- a/2019/17xxx/CVE-2019-17133.json +++ b/2019/17xxx/CVE-2019-17133.json @@ -111,6 +111,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0174", + "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ] } diff --git a/2019/17xxx/CVE-2019-17584.json b/2019/17xxx/CVE-2019-17584.json new file mode 100644 index 00000000000..0b3f0bd0e6a --- /dev/null +++ b/2019/17xxx/CVE-2019-17584.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from a firmware update of this device. An update to fix the vulnerability was published by the vendor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-1904-syncbox-ptp-ptpv2.htm", + "url": "https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-1904-syncbox-ptp-ptpv2.htm" + }, + { + "refsource": "MISC", + "name": "https://w1n73r.de/CVE/2019/17584/", + "url": "https://w1n73r.de/CVE/2019/17584/" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18660.json b/2019/18xxx/CVE-2019-18660.json index b3f3ef1550e..36a8b050244 100644 --- a/2019/18xxx/CVE-2019-18660.json +++ b/2019/18xxx/CVE-2019-18660.json @@ -131,6 +131,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0174", + "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ] } diff --git a/2019/19xxx/CVE-2019-19278.json b/2019/19xxx/CVE-2019-19278.json index e2b98d7c963..940581eec62 100644 --- a/2019/19xxx/CVE-2019-19278.json +++ b/2019/19xxx/CVE-2019-19278.json @@ -62,10 +62,15 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-242353.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-242353.pdf" + }, { "refsource": "MISC", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-242353.pdf", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-242353.pdf" + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-04", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-04" } ] } diff --git a/2019/19xxx/CVE-2019-19681.json b/2019/19xxx/CVE-2019-19681.json index 58aa60b8694..74be40b5f5c 100644 --- a/2019/19xxx/CVE-2019-19681.json +++ b/2019/19xxx/CVE-2019-19681.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Pandora FMS 7.x suffers from remote code execution vulnerability. With an authenticated user who can modify the alert system, it is possible to define and execute commands as root/Administrator." + "value": "** DISPUTED ** Pandora FMS 7.x suffers from remote code execution vulnerability. With an authenticated user who can modify the alert system, it is possible to define and execute commands as root/Administrator. NOTE: The product vendor states that the vulnerability as it is described is not in fact an actual vulnerability. They state that to be able to create alert commands, you need to have admin rights. They also state that the extended ACL system can disable access to specific sections of the configuration, such as defining new alert commands." } ] }, @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://medium.com/@k4m1ll0/remote-code-execution-vulnerability-in-pandorafms-7-x-8ce55d4b1d5a", "url": "https://medium.com/@k4m1ll0/remote-code-execution-vulnerability-in-pandorafms-7-x-8ce55d4b1d5a" + }, + { + "refsource": "MISC", + "name": "https://pandorafms.com/blog/pandora-fms-vulnerability/", + "url": "https://pandorafms.com/blog/pandora-fms-vulnerability/" } ] } diff --git a/2019/19xxx/CVE-2019-19740.json b/2019/19xxx/CVE-2019-19740.json index c97e5936144..a43bcc4d916 100644 --- a/2019/19xxx/CVE-2019-19740.json +++ b/2019/19xxx/CVE-2019-19740.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Octeth Oempro 4.7 allows SQL injection. The parameter CampaignID in Campaign.Get is vulnerable." + "value": "Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable." } ] }, diff --git a/2019/3xxx/CVE-2019-3846.json b/2019/3xxx/CVE-2019-3846.json index 5313f5665b3..23db1337982 100644 --- a/2019/3xxx/CVE-2019-3846.json +++ b/2019/3xxx/CVE-2019-3846.json @@ -178,6 +178,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0174", + "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ] }, diff --git a/2019/8xxx/CVE-2019-8912.json b/2019/8xxx/CVE-2019-8912.json index b9f9ccddb63..edf65efdba5 100644 --- a/2019/8xxx/CVE-2019-8912.json +++ b/2019/8xxx/CVE-2019-8912.json @@ -86,6 +86,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1193", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0174", + "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ] } diff --git a/2020/6xxx/CVE-2020-6638.json b/2020/6xxx/CVE-2020-6638.json index 42c5d2a4318..0911daf2159 100644 --- a/2020/6xxx/CVE-2020-6638.json +++ b/2020/6xxx/CVE-2020-6638.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6638", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6638", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Grin through 2.1.1 has Insufficient Validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mimblewimble/grin/compare/v2.1.1...v3.0.0", + "refsource": "MISC", + "name": "https://github.com/mimblewimble/grin/compare/v2.1.1...v3.0.0" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/mimblewimble/grin-security/blob/master/CVEs/CVE-2020-6638.md", + "url": "https://github.com/mimblewimble/grin-security/blob/master/CVEs/CVE-2020-6638.md" } ] } diff --git a/2020/6xxx/CVE-2020-6857.json b/2020/6xxx/CVE-2020-6857.json index b7eaf8e53de..64eb1264f28 100644 --- a/2020/6xxx/CVE-2020-6857.json +++ b/2020/6xxx/CVE-2020-6857.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/156015/Neowise-CarbonFTP-1.4-Insecure-Proprietary-Password-Encryption.html", "url": "http://packetstormsecurity.com/files/156015/Neowise-CarbonFTP-1.4-Insecure-Proprietary-Password-Encryption.html" + }, + { + "refsource": "FULLDISC", + "name": "20200121 Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption / CVE-2020-6857", + "url": "http://seclists.org/fulldisclosure/2020/Jan/29" } ] } From 0906272fc1a28164cc23f4ec545648a05d645620 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 21:01:18 +0000 Subject: [PATCH 194/387] "-Synchronized-Data." --- 2018/8xxx/CVE-2018-8413.json | 5 +++ 2019/10xxx/CVE-2019-10940.json | 4 +-- 2019/18xxx/CVE-2019-18282.json | 2 +- 2019/18xxx/CVE-2019-18932.json | 10 ++++++ 2020/5xxx/CVE-2020-5202.json | 10 ++++++ 2020/5xxx/CVE-2020-5498.json | 4 +-- 2020/7xxx/CVE-2020-7040.json | 66 ++++++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7472.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7473.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7474.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7475.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7476.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7477.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7478.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7479.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7480.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7481.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7482.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7483.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7484.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7485.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7486.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7487.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7488.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7489.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7490.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7491.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7492.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7493.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7494.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7495.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7496.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7497.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7498.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7499.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7500.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7501.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7502.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7503.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7504.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7505.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7539.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7540.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7541.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7542.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7543.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7544.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7545.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7546.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7547.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7548.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7549.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7550.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7551.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7552.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7553.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7554.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7555.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7556.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7557.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7558.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7559.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7560.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7561.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7562.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7563.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7564.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7565.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7566.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7567.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7568.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7569.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7570.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7571.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7572.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7573.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7574.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7575.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7576.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7577.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7578.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7579.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7580.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7581.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7582.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7583.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7584.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7585.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7586.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7587.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7588.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7589.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7590.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7591.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7592.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7593.json | 18 ++++++++++ 96 files changed, 1692 insertions(+), 11 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7472.json create mode 100644 2020/7xxx/CVE-2020-7473.json create mode 100644 2020/7xxx/CVE-2020-7474.json create mode 100644 2020/7xxx/CVE-2020-7475.json create mode 100644 2020/7xxx/CVE-2020-7476.json create mode 100644 2020/7xxx/CVE-2020-7477.json create mode 100644 2020/7xxx/CVE-2020-7478.json create mode 100644 2020/7xxx/CVE-2020-7479.json create mode 100644 2020/7xxx/CVE-2020-7480.json create mode 100644 2020/7xxx/CVE-2020-7481.json create mode 100644 2020/7xxx/CVE-2020-7482.json create mode 100644 2020/7xxx/CVE-2020-7483.json create mode 100644 2020/7xxx/CVE-2020-7484.json create mode 100644 2020/7xxx/CVE-2020-7485.json create mode 100644 2020/7xxx/CVE-2020-7486.json create mode 100644 2020/7xxx/CVE-2020-7487.json create mode 100644 2020/7xxx/CVE-2020-7488.json create mode 100644 2020/7xxx/CVE-2020-7489.json create mode 100644 2020/7xxx/CVE-2020-7490.json create mode 100644 2020/7xxx/CVE-2020-7491.json create mode 100644 2020/7xxx/CVE-2020-7492.json create mode 100644 2020/7xxx/CVE-2020-7493.json create mode 100644 2020/7xxx/CVE-2020-7494.json create mode 100644 2020/7xxx/CVE-2020-7495.json create mode 100644 2020/7xxx/CVE-2020-7496.json create mode 100644 2020/7xxx/CVE-2020-7497.json create mode 100644 2020/7xxx/CVE-2020-7498.json create mode 100644 2020/7xxx/CVE-2020-7499.json create mode 100644 2020/7xxx/CVE-2020-7500.json create mode 100644 2020/7xxx/CVE-2020-7501.json create mode 100644 2020/7xxx/CVE-2020-7502.json create mode 100644 2020/7xxx/CVE-2020-7503.json create mode 100644 2020/7xxx/CVE-2020-7504.json create mode 100644 2020/7xxx/CVE-2020-7505.json create mode 100644 2020/7xxx/CVE-2020-7539.json create mode 100644 2020/7xxx/CVE-2020-7540.json create mode 100644 2020/7xxx/CVE-2020-7541.json create mode 100644 2020/7xxx/CVE-2020-7542.json create mode 100644 2020/7xxx/CVE-2020-7543.json create mode 100644 2020/7xxx/CVE-2020-7544.json create mode 100644 2020/7xxx/CVE-2020-7545.json create mode 100644 2020/7xxx/CVE-2020-7546.json create mode 100644 2020/7xxx/CVE-2020-7547.json create mode 100644 2020/7xxx/CVE-2020-7548.json create mode 100644 2020/7xxx/CVE-2020-7549.json create mode 100644 2020/7xxx/CVE-2020-7550.json create mode 100644 2020/7xxx/CVE-2020-7551.json create mode 100644 2020/7xxx/CVE-2020-7552.json create mode 100644 2020/7xxx/CVE-2020-7553.json create mode 100644 2020/7xxx/CVE-2020-7554.json create mode 100644 2020/7xxx/CVE-2020-7555.json create mode 100644 2020/7xxx/CVE-2020-7556.json create mode 100644 2020/7xxx/CVE-2020-7557.json create mode 100644 2020/7xxx/CVE-2020-7558.json create mode 100644 2020/7xxx/CVE-2020-7559.json create mode 100644 2020/7xxx/CVE-2020-7560.json create mode 100644 2020/7xxx/CVE-2020-7561.json create mode 100644 2020/7xxx/CVE-2020-7562.json create mode 100644 2020/7xxx/CVE-2020-7563.json create mode 100644 2020/7xxx/CVE-2020-7564.json create mode 100644 2020/7xxx/CVE-2020-7565.json create mode 100644 2020/7xxx/CVE-2020-7566.json create mode 100644 2020/7xxx/CVE-2020-7567.json create mode 100644 2020/7xxx/CVE-2020-7568.json create mode 100644 2020/7xxx/CVE-2020-7569.json create mode 100644 2020/7xxx/CVE-2020-7570.json create mode 100644 2020/7xxx/CVE-2020-7571.json create mode 100644 2020/7xxx/CVE-2020-7572.json create mode 100644 2020/7xxx/CVE-2020-7573.json create mode 100644 2020/7xxx/CVE-2020-7574.json create mode 100644 2020/7xxx/CVE-2020-7575.json create mode 100644 2020/7xxx/CVE-2020-7576.json create mode 100644 2020/7xxx/CVE-2020-7577.json create mode 100644 2020/7xxx/CVE-2020-7578.json create mode 100644 2020/7xxx/CVE-2020-7579.json create mode 100644 2020/7xxx/CVE-2020-7580.json create mode 100644 2020/7xxx/CVE-2020-7581.json create mode 100644 2020/7xxx/CVE-2020-7582.json create mode 100644 2020/7xxx/CVE-2020-7583.json create mode 100644 2020/7xxx/CVE-2020-7584.json create mode 100644 2020/7xxx/CVE-2020-7585.json create mode 100644 2020/7xxx/CVE-2020-7586.json create mode 100644 2020/7xxx/CVE-2020-7587.json create mode 100644 2020/7xxx/CVE-2020-7588.json create mode 100644 2020/7xxx/CVE-2020-7589.json create mode 100644 2020/7xxx/CVE-2020-7590.json create mode 100644 2020/7xxx/CVE-2020-7591.json create mode 100644 2020/7xxx/CVE-2020-7592.json create mode 100644 2020/7xxx/CVE-2020-7593.json diff --git a/2018/8xxx/CVE-2018-8413.json b/2018/8xxx/CVE-2018-8413.json index c9cd60f7db5..7df3ef16782 100644 --- a/2018/8xxx/CVE-2018-8413.json +++ b/2018/8xxx/CVE-2018-8413.json @@ -204,6 +204,11 @@ "name": "105448", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105448" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156027/Microsoft-Windows-Theme-API-File-Parsing.html", + "url": "http://packetstormsecurity.com/files/156027/Microsoft-Windows-Theme-API-File-Parsing.html" } ] } diff --git a/2019/10xxx/CVE-2019-10940.json b/2019/10xxx/CVE-2019-10940.json index a3a3fcb6e12..3d8e0e5226b 100644 --- a/2019/10xxx/CVE-2019-10940.json +++ b/2019/10xxx/CVE-2019-10940.json @@ -59,8 +59,8 @@ }, { "refsource": "MISC", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-880233.pdf", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-880233.pdf" + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-02", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-02" } ] } diff --git a/2019/18xxx/CVE-2019-18282.json b/2019/18xxx/CVE-2019-18282.json index e80fac9bcb9..027cf57636c 100644 --- a/2019/18xxx/CVE-2019-18282.json +++ b/2019/18xxx/CVE-2019-18282.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashmd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code." + "value": "The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code." } ] }, diff --git a/2019/18xxx/CVE-2019-18932.json b/2019/18xxx/CVE-2019-18932.json index 4d6c39954eb..cd3baf313a1 100644 --- a/2019/18xxx/CVE-2019-18932.json +++ b/2019/18xxx/CVE-2019-18932.json @@ -62,10 +62,20 @@ "refsource": "MISC", "name": "https://sourceforge.net/projects/sarg/" }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200120 CVE-2019-18932: sarg: insecure usage of /tmp/sarg allows privilege escalation / DoS attack vector", + "url": "http://www.openwall.com/lists/oss-security/2020/01/20/6" + }, { "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2020/01/20/6", "url": "http://www.openwall.com/lists/oss-security/2020/01/20/6" + }, + { + "refsource": "MLIST", + "name": "[oss-security] CVE-2019-18932: sarg: insecure usage of /tmp/sarg allows privilege escalation / DoS attack vector", + "url": "https://seclists.org/oss-sec/2020/q1/23" } ] } diff --git a/2020/5xxx/CVE-2020-5202.json b/2020/5xxx/CVE-2020-5202.json index c8874aee633..484bd9286c4 100644 --- a/2020/5xxx/CVE-2020-5202.json +++ b/2020/5xxx/CVE-2020-5202.json @@ -57,10 +57,20 @@ "refsource": "MISC", "name": "https://security-tracker.debian.org/tracker/CVE-2020-5202" }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200120 CVE-2020-5202: apt-cacher-ng: a local unprivileged user can impersonate the apt-cacher-ng daemon, possible credentials leak", + "url": "http://www.openwall.com/lists/oss-security/2020/01/20/4" + }, { "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2020/01/20/4", "url": "http://www.openwall.com/lists/oss-security/2020/01/20/4" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200120 CVE-2020-5202: apt-cacher-ng: a local unprivileged user can impersonate the apt-cacher-ng daemon, possible credentials leak", + "url": "https://seclists.org/oss-sec/2020/q1/21" } ] } diff --git a/2020/5xxx/CVE-2020-5498.json b/2020/5xxx/CVE-2020-5498.json index 46744e198d7..b77cbc14dff 100644 --- a/2020/5xxx/CVE-2020-5498.json +++ b/2020/5xxx/CVE-2020-5498.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-5498", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2020/7xxx/CVE-2020-7040.json b/2020/7xxx/CVE-2020-7040.json index ac5353fd0c1..d1740948416 100644 --- a/2020/7xxx/CVE-2020-7040.json +++ b/2020/7xxx/CVE-2020-7040.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7040", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7040", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-7040", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-7040" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/01/20/3", + "url": "http://www.openwall.com/lists/oss-security/2020/01/20/3" + }, + { + "refsource": "MLIST", + "name": "[oss-security] CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock", + "url": "https://seclists.org/oss-sec/2020/q1/20" } ] } diff --git a/2020/7xxx/CVE-2020-7472.json b/2020/7xxx/CVE-2020-7472.json new file mode 100644 index 00000000000..26f172f519f --- /dev/null +++ b/2020/7xxx/CVE-2020-7472.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7472", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7473.json b/2020/7xxx/CVE-2020-7473.json new file mode 100644 index 00000000000..811fb75982d --- /dev/null +++ b/2020/7xxx/CVE-2020-7473.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7473", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7474.json b/2020/7xxx/CVE-2020-7474.json new file mode 100644 index 00000000000..8f9f063082b --- /dev/null +++ b/2020/7xxx/CVE-2020-7474.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7474", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7475.json b/2020/7xxx/CVE-2020-7475.json new file mode 100644 index 00000000000..c82fa72ebe3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7475.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7475", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7476.json b/2020/7xxx/CVE-2020-7476.json new file mode 100644 index 00000000000..92cf3f08869 --- /dev/null +++ b/2020/7xxx/CVE-2020-7476.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7476", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7477.json b/2020/7xxx/CVE-2020-7477.json new file mode 100644 index 00000000000..f5e35b1085d --- /dev/null +++ b/2020/7xxx/CVE-2020-7477.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7477", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7478.json b/2020/7xxx/CVE-2020-7478.json new file mode 100644 index 00000000000..41d8e3413e3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7478.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7478", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7479.json b/2020/7xxx/CVE-2020-7479.json new file mode 100644 index 00000000000..54a5f312615 --- /dev/null +++ b/2020/7xxx/CVE-2020-7479.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7479", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7480.json b/2020/7xxx/CVE-2020-7480.json new file mode 100644 index 00000000000..0ec124ad329 --- /dev/null +++ b/2020/7xxx/CVE-2020-7480.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7480", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7481.json b/2020/7xxx/CVE-2020-7481.json new file mode 100644 index 00000000000..bfeae992e93 --- /dev/null +++ b/2020/7xxx/CVE-2020-7481.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7481", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7482.json b/2020/7xxx/CVE-2020-7482.json new file mode 100644 index 00000000000..0521cd693fa --- /dev/null +++ b/2020/7xxx/CVE-2020-7482.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7482", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7483.json b/2020/7xxx/CVE-2020-7483.json new file mode 100644 index 00000000000..cbae28c978e --- /dev/null +++ b/2020/7xxx/CVE-2020-7483.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7483", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7484.json b/2020/7xxx/CVE-2020-7484.json new file mode 100644 index 00000000000..5fdd27234a5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7484.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7484", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7485.json b/2020/7xxx/CVE-2020-7485.json new file mode 100644 index 00000000000..8b08aa1647a --- /dev/null +++ b/2020/7xxx/CVE-2020-7485.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7485", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7486.json b/2020/7xxx/CVE-2020-7486.json new file mode 100644 index 00000000000..2aa1d5c003e --- /dev/null +++ b/2020/7xxx/CVE-2020-7486.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7486", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7487.json b/2020/7xxx/CVE-2020-7487.json new file mode 100644 index 00000000000..4024dad62ba --- /dev/null +++ b/2020/7xxx/CVE-2020-7487.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7487", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7488.json b/2020/7xxx/CVE-2020-7488.json new file mode 100644 index 00000000000..3f70fc40ffe --- /dev/null +++ b/2020/7xxx/CVE-2020-7488.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7488", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7489.json b/2020/7xxx/CVE-2020-7489.json new file mode 100644 index 00000000000..32fd2fe0fc6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7489.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7489", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7490.json b/2020/7xxx/CVE-2020-7490.json new file mode 100644 index 00000000000..9ad197ef3fa --- /dev/null +++ b/2020/7xxx/CVE-2020-7490.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7490", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7491.json b/2020/7xxx/CVE-2020-7491.json new file mode 100644 index 00000000000..1ca21e633d2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7491.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7491", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7492.json b/2020/7xxx/CVE-2020-7492.json new file mode 100644 index 00000000000..505642a0bfa --- /dev/null +++ b/2020/7xxx/CVE-2020-7492.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7492", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7493.json b/2020/7xxx/CVE-2020-7493.json new file mode 100644 index 00000000000..bda37759922 --- /dev/null +++ b/2020/7xxx/CVE-2020-7493.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7493", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7494.json b/2020/7xxx/CVE-2020-7494.json new file mode 100644 index 00000000000..a98fd0d9e2e --- /dev/null +++ b/2020/7xxx/CVE-2020-7494.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7494", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7495.json b/2020/7xxx/CVE-2020-7495.json new file mode 100644 index 00000000000..ab4a6811176 --- /dev/null +++ b/2020/7xxx/CVE-2020-7495.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7495", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7496.json b/2020/7xxx/CVE-2020-7496.json new file mode 100644 index 00000000000..85bee44305c --- /dev/null +++ b/2020/7xxx/CVE-2020-7496.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7496", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7497.json b/2020/7xxx/CVE-2020-7497.json new file mode 100644 index 00000000000..a43aa456b70 --- /dev/null +++ b/2020/7xxx/CVE-2020-7497.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7497", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7498.json b/2020/7xxx/CVE-2020-7498.json new file mode 100644 index 00000000000..4256a4c7bc2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7498.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7498", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7499.json b/2020/7xxx/CVE-2020-7499.json new file mode 100644 index 00000000000..d1a5148914a --- /dev/null +++ b/2020/7xxx/CVE-2020-7499.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7499", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7500.json b/2020/7xxx/CVE-2020-7500.json new file mode 100644 index 00000000000..68610f74276 --- /dev/null +++ b/2020/7xxx/CVE-2020-7500.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7500", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7501.json b/2020/7xxx/CVE-2020-7501.json new file mode 100644 index 00000000000..2f0fe173b90 --- /dev/null +++ b/2020/7xxx/CVE-2020-7501.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7501", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7502.json b/2020/7xxx/CVE-2020-7502.json new file mode 100644 index 00000000000..4530077bb32 --- /dev/null +++ b/2020/7xxx/CVE-2020-7502.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7502", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7503.json b/2020/7xxx/CVE-2020-7503.json new file mode 100644 index 00000000000..a6037f02d74 --- /dev/null +++ b/2020/7xxx/CVE-2020-7503.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7503", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7504.json b/2020/7xxx/CVE-2020-7504.json new file mode 100644 index 00000000000..cab7eec888d --- /dev/null +++ b/2020/7xxx/CVE-2020-7504.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7504", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7505.json b/2020/7xxx/CVE-2020-7505.json new file mode 100644 index 00000000000..92d6eb35c3d --- /dev/null +++ b/2020/7xxx/CVE-2020-7505.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7505", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7539.json b/2020/7xxx/CVE-2020-7539.json new file mode 100644 index 00000000000..8986a2342b7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7539.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7539", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7540.json b/2020/7xxx/CVE-2020-7540.json new file mode 100644 index 00000000000..b9d088718a9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7540.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7540", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7541.json b/2020/7xxx/CVE-2020-7541.json new file mode 100644 index 00000000000..2d75e492c04 --- /dev/null +++ b/2020/7xxx/CVE-2020-7541.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7541", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7542.json b/2020/7xxx/CVE-2020-7542.json new file mode 100644 index 00000000000..a113696bd2e --- /dev/null +++ b/2020/7xxx/CVE-2020-7542.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7542", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7543.json b/2020/7xxx/CVE-2020-7543.json new file mode 100644 index 00000000000..4cf5ec9e064 --- /dev/null +++ b/2020/7xxx/CVE-2020-7543.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7543", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7544.json b/2020/7xxx/CVE-2020-7544.json new file mode 100644 index 00000000000..149984b20a6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7544.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7544", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7545.json b/2020/7xxx/CVE-2020-7545.json new file mode 100644 index 00000000000..95957a3f047 --- /dev/null +++ b/2020/7xxx/CVE-2020-7545.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7545", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7546.json b/2020/7xxx/CVE-2020-7546.json new file mode 100644 index 00000000000..fad54c90811 --- /dev/null +++ b/2020/7xxx/CVE-2020-7546.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7546", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7547.json b/2020/7xxx/CVE-2020-7547.json new file mode 100644 index 00000000000..fcf916edb27 --- /dev/null +++ b/2020/7xxx/CVE-2020-7547.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7547", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7548.json b/2020/7xxx/CVE-2020-7548.json new file mode 100644 index 00000000000..4cee966e3a5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7548.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7548", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7549.json b/2020/7xxx/CVE-2020-7549.json new file mode 100644 index 00000000000..6e1391e1122 --- /dev/null +++ b/2020/7xxx/CVE-2020-7549.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7549", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7550.json b/2020/7xxx/CVE-2020-7550.json new file mode 100644 index 00000000000..a9c4181a45f --- /dev/null +++ b/2020/7xxx/CVE-2020-7550.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7550", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7551.json b/2020/7xxx/CVE-2020-7551.json new file mode 100644 index 00000000000..49b6b8c01c9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7551.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7551", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7552.json b/2020/7xxx/CVE-2020-7552.json new file mode 100644 index 00000000000..e763fbf9839 --- /dev/null +++ b/2020/7xxx/CVE-2020-7552.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7552", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7553.json b/2020/7xxx/CVE-2020-7553.json new file mode 100644 index 00000000000..d96341424dd --- /dev/null +++ b/2020/7xxx/CVE-2020-7553.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7553", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7554.json b/2020/7xxx/CVE-2020-7554.json new file mode 100644 index 00000000000..c0978742d31 --- /dev/null +++ b/2020/7xxx/CVE-2020-7554.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7554", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7555.json b/2020/7xxx/CVE-2020-7555.json new file mode 100644 index 00000000000..1a341a82599 --- /dev/null +++ b/2020/7xxx/CVE-2020-7555.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7555", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7556.json b/2020/7xxx/CVE-2020-7556.json new file mode 100644 index 00000000000..c0457f77382 --- /dev/null +++ b/2020/7xxx/CVE-2020-7556.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7556", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7557.json b/2020/7xxx/CVE-2020-7557.json new file mode 100644 index 00000000000..90d3c4641e6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7557.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7557", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7558.json b/2020/7xxx/CVE-2020-7558.json new file mode 100644 index 00000000000..fb8c1f454e4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7558.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7558", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7559.json b/2020/7xxx/CVE-2020-7559.json new file mode 100644 index 00000000000..1a4163240c8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7559.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7559", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7560.json b/2020/7xxx/CVE-2020-7560.json new file mode 100644 index 00000000000..5ebbaefb2ce --- /dev/null +++ b/2020/7xxx/CVE-2020-7560.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7560", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7561.json b/2020/7xxx/CVE-2020-7561.json new file mode 100644 index 00000000000..966e4f95741 --- /dev/null +++ b/2020/7xxx/CVE-2020-7561.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7561", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7562.json b/2020/7xxx/CVE-2020-7562.json new file mode 100644 index 00000000000..54f8623868a --- /dev/null +++ b/2020/7xxx/CVE-2020-7562.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7562", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7563.json b/2020/7xxx/CVE-2020-7563.json new file mode 100644 index 00000000000..aee90dbb032 --- /dev/null +++ b/2020/7xxx/CVE-2020-7563.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7563", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7564.json b/2020/7xxx/CVE-2020-7564.json new file mode 100644 index 00000000000..5859b22334b --- /dev/null +++ b/2020/7xxx/CVE-2020-7564.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7564", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7565.json b/2020/7xxx/CVE-2020-7565.json new file mode 100644 index 00000000000..5341688ee28 --- /dev/null +++ b/2020/7xxx/CVE-2020-7565.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7565", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7566.json b/2020/7xxx/CVE-2020-7566.json new file mode 100644 index 00000000000..5c264490824 --- /dev/null +++ b/2020/7xxx/CVE-2020-7566.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7566", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7567.json b/2020/7xxx/CVE-2020-7567.json new file mode 100644 index 00000000000..273fb6f7856 --- /dev/null +++ b/2020/7xxx/CVE-2020-7567.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7567", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7568.json b/2020/7xxx/CVE-2020-7568.json new file mode 100644 index 00000000000..f8293dbe395 --- /dev/null +++ b/2020/7xxx/CVE-2020-7568.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7568", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7569.json b/2020/7xxx/CVE-2020-7569.json new file mode 100644 index 00000000000..766cbf45b0a --- /dev/null +++ b/2020/7xxx/CVE-2020-7569.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7569", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7570.json b/2020/7xxx/CVE-2020-7570.json new file mode 100644 index 00000000000..c448994f778 --- /dev/null +++ b/2020/7xxx/CVE-2020-7570.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7570", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7571.json b/2020/7xxx/CVE-2020-7571.json new file mode 100644 index 00000000000..5e39f5cdd62 --- /dev/null +++ b/2020/7xxx/CVE-2020-7571.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7571", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7572.json b/2020/7xxx/CVE-2020-7572.json new file mode 100644 index 00000000000..49011d2aa29 --- /dev/null +++ b/2020/7xxx/CVE-2020-7572.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7572", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7573.json b/2020/7xxx/CVE-2020-7573.json new file mode 100644 index 00000000000..6e26790d9f8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7573.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7573", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7574.json b/2020/7xxx/CVE-2020-7574.json new file mode 100644 index 00000000000..9617ceca538 --- /dev/null +++ b/2020/7xxx/CVE-2020-7574.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7574", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7575.json b/2020/7xxx/CVE-2020-7575.json new file mode 100644 index 00000000000..9789618d7e1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7575.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7575", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7576.json b/2020/7xxx/CVE-2020-7576.json new file mode 100644 index 00000000000..df1e02501b3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7576.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7576", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7577.json b/2020/7xxx/CVE-2020-7577.json new file mode 100644 index 00000000000..f02dcc34325 --- /dev/null +++ b/2020/7xxx/CVE-2020-7577.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7577", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7578.json b/2020/7xxx/CVE-2020-7578.json new file mode 100644 index 00000000000..3e7e9905353 --- /dev/null +++ b/2020/7xxx/CVE-2020-7578.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7578", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7579.json b/2020/7xxx/CVE-2020-7579.json new file mode 100644 index 00000000000..c4da3bf00ba --- /dev/null +++ b/2020/7xxx/CVE-2020-7579.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7579", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7580.json b/2020/7xxx/CVE-2020-7580.json new file mode 100644 index 00000000000..aa33881e912 --- /dev/null +++ b/2020/7xxx/CVE-2020-7580.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7580", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7581.json b/2020/7xxx/CVE-2020-7581.json new file mode 100644 index 00000000000..e697aac529d --- /dev/null +++ b/2020/7xxx/CVE-2020-7581.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7581", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7582.json b/2020/7xxx/CVE-2020-7582.json new file mode 100644 index 00000000000..181657d7f08 --- /dev/null +++ b/2020/7xxx/CVE-2020-7582.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7582", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7583.json b/2020/7xxx/CVE-2020-7583.json new file mode 100644 index 00000000000..3fff0b8bcec --- /dev/null +++ b/2020/7xxx/CVE-2020-7583.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7583", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7584.json b/2020/7xxx/CVE-2020-7584.json new file mode 100644 index 00000000000..13433bb8f19 --- /dev/null +++ b/2020/7xxx/CVE-2020-7584.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7584", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7585.json b/2020/7xxx/CVE-2020-7585.json new file mode 100644 index 00000000000..5ae78511a91 --- /dev/null +++ b/2020/7xxx/CVE-2020-7585.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7585", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7586.json b/2020/7xxx/CVE-2020-7586.json new file mode 100644 index 00000000000..1a7a1e6ea09 --- /dev/null +++ b/2020/7xxx/CVE-2020-7586.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7586", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7587.json b/2020/7xxx/CVE-2020-7587.json new file mode 100644 index 00000000000..b6ca3460de5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7587.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7587", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7588.json b/2020/7xxx/CVE-2020-7588.json new file mode 100644 index 00000000000..3f598063479 --- /dev/null +++ b/2020/7xxx/CVE-2020-7588.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7588", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7589.json b/2020/7xxx/CVE-2020-7589.json new file mode 100644 index 00000000000..cd7072236fb --- /dev/null +++ b/2020/7xxx/CVE-2020-7589.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7589", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7590.json b/2020/7xxx/CVE-2020-7590.json new file mode 100644 index 00000000000..991da1c866c --- /dev/null +++ b/2020/7xxx/CVE-2020-7590.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7590", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7591.json b/2020/7xxx/CVE-2020-7591.json new file mode 100644 index 00000000000..b9928279b1f --- /dev/null +++ b/2020/7xxx/CVE-2020-7591.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7591", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7592.json b/2020/7xxx/CVE-2020-7592.json new file mode 100644 index 00000000000..903eb840a8b --- /dev/null +++ b/2020/7xxx/CVE-2020-7592.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7592", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7593.json b/2020/7xxx/CVE-2020-7593.json new file mode 100644 index 00000000000..eafead8f866 --- /dev/null +++ b/2020/7xxx/CVE-2020-7593.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7593", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From d0ed38de95a9eeb881db3eb349c25e717e05da7a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 21:01:38 +0000 Subject: [PATCH 195/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7506.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7507.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7508.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7509.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7510.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7511.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7512.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7513.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7514.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7515.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7516.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7517.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7518.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7519.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7520.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7521.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7522.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7523.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7524.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7525.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7526.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7527.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7528.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7529.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7530.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7531.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7532.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7533.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7534.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7535.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7536.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7537.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7538.json | 18 ++++++++++++++++++ 33 files changed, 594 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7506.json create mode 100644 2020/7xxx/CVE-2020-7507.json create mode 100644 2020/7xxx/CVE-2020-7508.json create mode 100644 2020/7xxx/CVE-2020-7509.json create mode 100644 2020/7xxx/CVE-2020-7510.json create mode 100644 2020/7xxx/CVE-2020-7511.json create mode 100644 2020/7xxx/CVE-2020-7512.json create mode 100644 2020/7xxx/CVE-2020-7513.json create mode 100644 2020/7xxx/CVE-2020-7514.json create mode 100644 2020/7xxx/CVE-2020-7515.json create mode 100644 2020/7xxx/CVE-2020-7516.json create mode 100644 2020/7xxx/CVE-2020-7517.json create mode 100644 2020/7xxx/CVE-2020-7518.json create mode 100644 2020/7xxx/CVE-2020-7519.json create mode 100644 2020/7xxx/CVE-2020-7520.json create mode 100644 2020/7xxx/CVE-2020-7521.json create mode 100644 2020/7xxx/CVE-2020-7522.json create mode 100644 2020/7xxx/CVE-2020-7523.json create mode 100644 2020/7xxx/CVE-2020-7524.json create mode 100644 2020/7xxx/CVE-2020-7525.json create mode 100644 2020/7xxx/CVE-2020-7526.json create mode 100644 2020/7xxx/CVE-2020-7527.json create mode 100644 2020/7xxx/CVE-2020-7528.json create mode 100644 2020/7xxx/CVE-2020-7529.json create mode 100644 2020/7xxx/CVE-2020-7530.json create mode 100644 2020/7xxx/CVE-2020-7531.json create mode 100644 2020/7xxx/CVE-2020-7532.json create mode 100644 2020/7xxx/CVE-2020-7533.json create mode 100644 2020/7xxx/CVE-2020-7534.json create mode 100644 2020/7xxx/CVE-2020-7535.json create mode 100644 2020/7xxx/CVE-2020-7536.json create mode 100644 2020/7xxx/CVE-2020-7537.json create mode 100644 2020/7xxx/CVE-2020-7538.json diff --git a/2020/7xxx/CVE-2020-7506.json b/2020/7xxx/CVE-2020-7506.json new file mode 100644 index 00000000000..bc226af496e --- /dev/null +++ b/2020/7xxx/CVE-2020-7506.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7506", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7507.json b/2020/7xxx/CVE-2020-7507.json new file mode 100644 index 00000000000..fcb2d09e2a0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7507.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7507", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7508.json b/2020/7xxx/CVE-2020-7508.json new file mode 100644 index 00000000000..94842503722 --- /dev/null +++ b/2020/7xxx/CVE-2020-7508.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7508", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7509.json b/2020/7xxx/CVE-2020-7509.json new file mode 100644 index 00000000000..61a93cf1520 --- /dev/null +++ b/2020/7xxx/CVE-2020-7509.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7509", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7510.json b/2020/7xxx/CVE-2020-7510.json new file mode 100644 index 00000000000..258d350dea8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7510.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7510", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7511.json b/2020/7xxx/CVE-2020-7511.json new file mode 100644 index 00000000000..134c114aad3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7511.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7511", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7512.json b/2020/7xxx/CVE-2020-7512.json new file mode 100644 index 00000000000..02bdaea72f7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7512.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7512", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7513.json b/2020/7xxx/CVE-2020-7513.json new file mode 100644 index 00000000000..7c36beb5cd7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7513.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7513", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7514.json b/2020/7xxx/CVE-2020-7514.json new file mode 100644 index 00000000000..5603d29c048 --- /dev/null +++ b/2020/7xxx/CVE-2020-7514.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7514", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7515.json b/2020/7xxx/CVE-2020-7515.json new file mode 100644 index 00000000000..d344d436add --- /dev/null +++ b/2020/7xxx/CVE-2020-7515.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7515", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7516.json b/2020/7xxx/CVE-2020-7516.json new file mode 100644 index 00000000000..18fe4a756fb --- /dev/null +++ b/2020/7xxx/CVE-2020-7516.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7516", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7517.json b/2020/7xxx/CVE-2020-7517.json new file mode 100644 index 00000000000..aab1ba43d72 --- /dev/null +++ b/2020/7xxx/CVE-2020-7517.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7517", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7518.json b/2020/7xxx/CVE-2020-7518.json new file mode 100644 index 00000000000..ec8dbe41f33 --- /dev/null +++ b/2020/7xxx/CVE-2020-7518.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7518", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7519.json b/2020/7xxx/CVE-2020-7519.json new file mode 100644 index 00000000000..f5c55b0e0fd --- /dev/null +++ b/2020/7xxx/CVE-2020-7519.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7519", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7520.json b/2020/7xxx/CVE-2020-7520.json new file mode 100644 index 00000000000..fa6520465c2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7520.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7520", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7521.json b/2020/7xxx/CVE-2020-7521.json new file mode 100644 index 00000000000..1c164dd85ce --- /dev/null +++ b/2020/7xxx/CVE-2020-7521.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7521", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7522.json b/2020/7xxx/CVE-2020-7522.json new file mode 100644 index 00000000000..ee7017cd3a9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7522.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7522", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7523.json b/2020/7xxx/CVE-2020-7523.json new file mode 100644 index 00000000000..a8e98dd33c0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7523.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7523", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7524.json b/2020/7xxx/CVE-2020-7524.json new file mode 100644 index 00000000000..0208a472d63 --- /dev/null +++ b/2020/7xxx/CVE-2020-7524.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7524", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7525.json b/2020/7xxx/CVE-2020-7525.json new file mode 100644 index 00000000000..81477f3e568 --- /dev/null +++ b/2020/7xxx/CVE-2020-7525.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7525", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7526.json b/2020/7xxx/CVE-2020-7526.json new file mode 100644 index 00000000000..e68027f9faf --- /dev/null +++ b/2020/7xxx/CVE-2020-7526.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7526", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7527.json b/2020/7xxx/CVE-2020-7527.json new file mode 100644 index 00000000000..cc55ddb84f6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7527.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7527", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7528.json b/2020/7xxx/CVE-2020-7528.json new file mode 100644 index 00000000000..874072d9df8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7528.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7528", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7529.json b/2020/7xxx/CVE-2020-7529.json new file mode 100644 index 00000000000..77b4d3da2a2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7529.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7529", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7530.json b/2020/7xxx/CVE-2020-7530.json new file mode 100644 index 00000000000..7ec70315ec6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7530.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7530", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7531.json b/2020/7xxx/CVE-2020-7531.json new file mode 100644 index 00000000000..4bee32682c4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7531.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7531", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7532.json b/2020/7xxx/CVE-2020-7532.json new file mode 100644 index 00000000000..e55993cbab6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7532.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7532", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7533.json b/2020/7xxx/CVE-2020-7533.json new file mode 100644 index 00000000000..02cb719703d --- /dev/null +++ b/2020/7xxx/CVE-2020-7533.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7533", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7534.json b/2020/7xxx/CVE-2020-7534.json new file mode 100644 index 00000000000..a26397fee4b --- /dev/null +++ b/2020/7xxx/CVE-2020-7534.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7534", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7535.json b/2020/7xxx/CVE-2020-7535.json new file mode 100644 index 00000000000..9cbd987671c --- /dev/null +++ b/2020/7xxx/CVE-2020-7535.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7535", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7536.json b/2020/7xxx/CVE-2020-7536.json new file mode 100644 index 00000000000..3af9bb97dab --- /dev/null +++ b/2020/7xxx/CVE-2020-7536.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7536", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7537.json b/2020/7xxx/CVE-2020-7537.json new file mode 100644 index 00000000000..c28d5fd95dd --- /dev/null +++ b/2020/7xxx/CVE-2020-7537.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7537", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7538.json b/2020/7xxx/CVE-2020-7538.json new file mode 100644 index 00000000000..a388628132c --- /dev/null +++ b/2020/7xxx/CVE-2020-7538.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7538", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From c65e6cc67226de3e51b84349f41dc87710930610 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 22:01:09 +0000 Subject: [PATCH 196/387] "-Synchronized-Data." --- 2011/3xxx/CVE-2011-3389.json | 5 +++ 2011/4xxx/CVE-2011-4944.json | 5 +++ 2012/0xxx/CVE-2012-0845.json | 5 +++ 2012/1xxx/CVE-2012-1150.json | 5 +++ 2013/4xxx/CVE-2013-4238.json | 5 +++ 2014/2xxx/CVE-2014-2667.json | 5 +++ 2016/0xxx/CVE-2016-0772.json | 5 +++ 2016/1000xxx/CVE-2016-1000110.json | 5 +++ 2016/5xxx/CVE-2016-5636.json | 5 +++ 2016/5xxx/CVE-2016-5699.json | 5 +++ 2017/18xxx/CVE-2017-18207.json | 5 +++ 2018/1000xxx/CVE-2018-1000802.json | 5 +++ 2018/14xxx/CVE-2018-14647.json | 5 +++ 2018/1xxx/CVE-2018-1060.json | 5 +++ 2018/1xxx/CVE-2018-1061.json | 5 +++ 2018/20xxx/CVE-2018-20406.json | 5 +++ 2018/20xxx/CVE-2018-20852.json | 5 +++ 2019/10xxx/CVE-2019-10086.json | 5 +++ 2019/10xxx/CVE-2019-10160.json | 5 +++ 2019/15xxx/CVE-2019-15691.json | 5 +++ 2019/15xxx/CVE-2019-15692.json | 5 +++ 2019/15xxx/CVE-2019-15693.json | 5 +++ 2019/15xxx/CVE-2019-15694.json | 5 +++ 2019/15xxx/CVE-2019-15695.json | 5 +++ 2019/15xxx/CVE-2019-15903.json | 5 +++ 2019/16xxx/CVE-2019-16056.json | 5 +++ 2019/16xxx/CVE-2019-16935.json | 5 +++ 2019/17xxx/CVE-2019-17626.json | 5 +++ 2019/19xxx/CVE-2019-19886.json | 56 ++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20384.json | 5 +++ 2019/5xxx/CVE-2019-5010.json | 5 +++ 2019/9xxx/CVE-2019-9636.json | 5 +++ 2019/9xxx/CVE-2019-9947.json | 5 +++ 2020/7xxx/CVE-2020-7594.json | 62 ++++++++++++++++++++++++++++++ 34 files changed, 272 insertions(+), 6 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7594.json diff --git a/2011/3xxx/CVE-2011-3389.json b/2011/3xxx/CVE-2011-3389.json index 71d272eed00..01e3d746a1d 100644 --- a/2011/3xxx/CVE-2011-3389.json +++ b/2011/3xxx/CVE-2011-3389.json @@ -516,6 +516,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2011/4xxx/CVE-2011-4944.json b/2011/4xxx/CVE-2011-4944.json index 5cc06752081..84a3e9496cf 100644 --- a/2011/4xxx/CVE-2011-4944.json +++ b/2011/4xxx/CVE-2011-4944.json @@ -146,6 +146,11 @@ "name": "USN-1613-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1613-1" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2012/0xxx/CVE-2012-0845.json b/2012/0xxx/CVE-2012-0845.json index 5e770ad9faf..84b6c447685 100644 --- a/2012/0xxx/CVE-2012-0845.json +++ b/2012/0xxx/CVE-2012-0845.json @@ -151,6 +151,11 @@ "name": "http://python.org/download/releases/2.7.3/", "refsource": "CONFIRM", "url": "http://python.org/download/releases/2.7.3/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2012/1xxx/CVE-2012-1150.json b/2012/1xxx/CVE-2012-1150.json index 8e26d50dbf6..09a1b562686 100644 --- a/2012/1xxx/CVE-2012-1150.json +++ b/2012/1xxx/CVE-2012-1150.json @@ -136,6 +136,11 @@ "name": "http://python.org/download/releases/2.7.3/", "refsource": "CONFIRM", "url": "http://python.org/download/releases/2.7.3/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2013/4xxx/CVE-2013-4238.json b/2013/4xxx/CVE-2013-4238.json index e978ac476bf..982b4f0110d 100644 --- a/2013/4xxx/CVE-2013-4238.json +++ b/2013/4xxx/CVE-2013-4238.json @@ -121,6 +121,11 @@ "name": "openSUSE-SU-2013:1439", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00028.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2014/2xxx/CVE-2014-2667.json b/2014/2xxx/CVE-2014-2667.json index 1a3797699dd..ec361604329 100644 --- a/2014/2xxx/CVE-2014-2667.json +++ b/2014/2xxx/CVE-2014-2667.json @@ -86,6 +86,11 @@ "name": "openSUSE-SU-2014:0596", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00007.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2016/0xxx/CVE-2016-0772.json b/2016/0xxx/CVE-2016-0772.json index 3c9583ce0bf..fb39897d7e3 100644 --- a/2016/0xxx/CVE-2016-0772.json +++ b/2016/0xxx/CVE-2016-0772.json @@ -136,6 +136,11 @@ "name": "RHSA-2016:1626", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1626.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2016/1000xxx/CVE-2016-1000110.json b/2016/1000xxx/CVE-2016-1000110.json index 74395a1d608..8cc1d48bed4 100644 --- a/2016/1000xxx/CVE-2016-1000110.json +++ b/2016/1000xxx/CVE-2016-1000110.json @@ -71,6 +71,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2016/5xxx/CVE-2016-5636.json b/2016/5xxx/CVE-2016-5636.json index 2dc79fed086..d8d2bd1e29f 100644 --- a/2016/5xxx/CVE-2016-5636.json +++ b/2016/5xxx/CVE-2016-5636.json @@ -121,6 +121,11 @@ "name": "RHSA-2016:2586", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2586.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2016/5xxx/CVE-2016-5699.json b/2016/5xxx/CVE-2016-5699.json index 56349327ac8..be7dddcdb67 100644 --- a/2016/5xxx/CVE-2016-5699.json +++ b/2016/5xxx/CVE-2016-5699.json @@ -141,6 +141,11 @@ "name": "RHSA-2016:1626", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1626.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2017/18xxx/CVE-2017-18207.json b/2017/18xxx/CVE-2017-18207.json index 2605dd4e018..2e75dc1cf2f 100644 --- a/2017/18xxx/CVE-2017-18207.json +++ b/2017/18xxx/CVE-2017-18207.json @@ -56,6 +56,11 @@ "name": "https://bugs.python.org/issue32056", "refsource": "MISC", "url": "https://bugs.python.org/issue32056" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2018/1000xxx/CVE-2018-1000802.json b/2018/1000xxx/CVE-2018-1000802.json index 313acc57e51..6686b1f934a 100644 --- a/2018/1000xxx/CVE-2018-1000802.json +++ b/2018/1000xxx/CVE-2018-1000802.json @@ -99,6 +99,11 @@ "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2018/14xxx/CVE-2018-14647.json b/2018/14xxx/CVE-2018-14647.json index 60ceabee39b..7027580556d 100644 --- a/2018/14xxx/CVE-2018-14647.json +++ b/2018/14xxx/CVE-2018-14647.json @@ -139,6 +139,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3725", "url": "https://access.redhat.com/errata/RHSA-2019:3725" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2018/1xxx/CVE-2018-1060.json b/2018/1xxx/CVE-2018-1060.json index 48f7d2450c3..3bd6300c56c 100644 --- a/2018/1xxx/CVE-2018-1060.json +++ b/2018/1xxx/CVE-2018-1060.json @@ -175,6 +175,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2018/1xxx/CVE-2018-1061.json b/2018/1xxx/CVE-2018-1061.json index 5419482626e..40a3bd50ebb 100644 --- a/2018/1xxx/CVE-2018-1061.json +++ b/2018/1xxx/CVE-2018-1061.json @@ -170,6 +170,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3725", "url": "https://access.redhat.com/errata/RHSA-2019:3725" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2018/20xxx/CVE-2018-20406.json b/2018/20xxx/CVE-2018-20406.json index b81d872c062..9dfc2cf16a7 100644 --- a/2018/20xxx/CVE-2018-20406.json +++ b/2018/20xxx/CVE-2018-20406.json @@ -116,6 +116,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3725", "url": "https://access.redhat.com/errata/RHSA-2019:3725" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2018/20xxx/CVE-2018-20852.json b/2018/20xxx/CVE-2018-20852.json index 551ff861c8f..94b3503f277 100644 --- a/2018/20xxx/CVE-2018-20852.json +++ b/2018/20xxx/CVE-2018-20852.json @@ -116,6 +116,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3948", "url": "https://access.redhat.com/errata/RHSA-2019:3948" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2019/10xxx/CVE-2019-10086.json b/2019/10xxx/CVE-2019-10086.json index 785b749edc9..3065e783fb1 100644 --- a/2019/10xxx/CVE-2019-10086.json +++ b/2019/10xxx/CVE-2019-10086.json @@ -143,6 +143,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0194", + "url": "https://access.redhat.com/errata/RHSA-2020:0194" } ] }, diff --git a/2019/10xxx/CVE-2019-10160.json b/2019/10xxx/CVE-2019-10160.json index 6222dc66d52..fe91da5ca39 100644 --- a/2019/10xxx/CVE-2019-10160.json +++ b/2019/10xxx/CVE-2019-10160.json @@ -163,6 +163,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-57462fa10d", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] }, diff --git a/2019/15xxx/CVE-2019-15691.json b/2019/15xxx/CVE-2019-15691.json index ef58deb101c..eaf9d80f863 100644 --- a/2019/15xxx/CVE-2019-15691.json +++ b/2019/15xxx/CVE-2019-15691.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update", "url": "https://www.openwall.com/lists/oss-security/2019/12/20/2" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0087", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html" } ] }, diff --git a/2019/15xxx/CVE-2019-15692.json b/2019/15xxx/CVE-2019-15692.json index b79eb10251f..989552faf43 100644 --- a/2019/15xxx/CVE-2019-15692.json +++ b/2019/15xxx/CVE-2019-15692.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update", "url": "https://www.openwall.com/lists/oss-security/2019/12/20/2" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0087", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html" } ] }, diff --git a/2019/15xxx/CVE-2019-15693.json b/2019/15xxx/CVE-2019-15693.json index c9d04a0de96..af3dffc4750 100644 --- a/2019/15xxx/CVE-2019-15693.json +++ b/2019/15xxx/CVE-2019-15693.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update", "url": "https://www.openwall.com/lists/oss-security/2019/12/20/2" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0087", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html" } ] }, diff --git a/2019/15xxx/CVE-2019-15694.json b/2019/15xxx/CVE-2019-15694.json index b6a2f60e4b5..1c2f62276ce 100644 --- a/2019/15xxx/CVE-2019-15694.json +++ b/2019/15xxx/CVE-2019-15694.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update", "url": "https://www.openwall.com/lists/oss-security/2019/12/20/2" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0087", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html" } ] }, diff --git a/2019/15xxx/CVE-2019-15695.json b/2019/15xxx/CVE-2019-15695.json index 4202633dc58..3549b1d16f7 100644 --- a/2019/15xxx/CVE-2019-15695.json +++ b/2019/15xxx/CVE-2019-15695.json @@ -58,6 +58,11 @@ "refsource": "MISC", "name": "https://github.com/CendioOssman/tigervnc/commit/05e28490873a861379c943bf616614b78b558b89", "url": "https://github.com/CendioOssman/tigervnc/commit/05e28490873a861379c943bf616614b78b558b89" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0087", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html" } ] }, diff --git a/2019/15xxx/CVE-2019-15903.json b/2019/15xxx/CVE-2019-15903.json index c98859ae855..ccc7d684a63 100644 --- a/2019/15xxx/CVE-2019-15903.json +++ b/2019/15xxx/CVE-2019-15903.json @@ -321,6 +321,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0010", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2019/16xxx/CVE-2019-16056.json b/2019/16xxx/CVE-2019-16056.json index d6e38b9bb68..e04dfccf490 100644 --- a/2019/16xxx/CVE-2019-16056.json +++ b/2019/16xxx/CVE-2019-16056.json @@ -191,6 +191,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a268ba7b23", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGESQSGIHDCIGOBVF7VXCMIE6YDWRYB/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2019/16xxx/CVE-2019-16935.json b/2019/16xxx/CVE-2019-16935.json index 018fd0af2c7..cd8ac3ab338 100644 --- a/2019/16xxx/CVE-2019-16935.json +++ b/2019/16xxx/CVE-2019-16935.json @@ -146,6 +146,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a268ba7b23", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGESQSGIHDCIGOBVF7VXCMIE6YDWRYB/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2019/17xxx/CVE-2019-17626.json b/2019/17xxx/CVE-2019-17626.json index d755081bd0d..8fdc0d532e3 100644 --- a/2019/17xxx/CVE-2019-17626.json +++ b/2019/17xxx/CVE-2019-17626.json @@ -61,6 +61,11 @@ "url": "https://bitbucket.org/rptlab/reportlab/src/default/CHANGES.md", "refsource": "MISC", "name": "https://bitbucket.org/rptlab/reportlab/src/default/CHANGES.md" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0197", + "url": "https://access.redhat.com/errata/RHSA-2020:0197" } ] } diff --git a/2019/19xxx/CVE-2019-19886.json b/2019/19xxx/CVE-2019-19886.json index e76a4f8a760..f9069559fa4 100644 --- a/2019/19xxx/CVE-2019-19886.json +++ b/2019/19xxx/CVE-2019-19886.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19886", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19886", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-denial-of-service-details-cve-2019-19886/", + "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-denial-of-service-details-cve-2019-19886/" } ] } diff --git a/2019/20xxx/CVE-2019-20384.json b/2019/20xxx/CVE-2019-20384.json index ea1641eadd6..f15f5adcedc 100644 --- a/2019/20xxx/CVE-2019-20384.json +++ b/2019/20xxx/CVE-2019-20384.json @@ -56,6 +56,11 @@ "url": "https://bugs.gentoo.org/692492", "refsource": "MISC", "name": "https://bugs.gentoo.org/692492" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200121 CVE-2019-20384: Portage insecure temporary location", + "url": "http://www.openwall.com/lists/oss-security/2020/01/21/1" } ] } diff --git a/2019/5xxx/CVE-2019-5010.json b/2019/5xxx/CVE-2019-5010.json index a13886df1b7..33d5e1845cc 100644 --- a/2019/5xxx/CVE-2019-5010.json +++ b/2019/5xxx/CVE-2019-5010.json @@ -58,6 +58,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3725", "url": "https://access.redhat.com/errata/RHSA-2019:3725" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9636.json b/2019/9xxx/CVE-2019-9636.json index cbe53b86e29..61c352b3f52 100644 --- a/2019/9xxx/CVE-2019-9636.json +++ b/2019/9xxx/CVE-2019-9636.json @@ -286,6 +286,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2019/9xxx/CVE-2019-9947.json b/2019/9xxx/CVE-2019-9947.json index 17f97ff2536..84b1296156f 100644 --- a/2019/9xxx/CVE-2019-9947.json +++ b/2019/9xxx/CVE-2019-9947.json @@ -131,6 +131,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3725", "url": "https://access.redhat.com/errata/RHSA-2019:3725" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2020/7xxx/CVE-2020-7594.json b/2020/7xxx/CVE-2020-7594.json new file mode 100644 index 00000000000..5e6d35bb321 --- /dev/null +++ b/2020/7xxx/CVE-2020-7594.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the interface JSON field of the ping function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/multitech-authenticated-remote-code.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/multitech-authenticated-remote-code.html" + } + ] + } +} \ No newline at end of file From bba13288605acfc8f037c7db5f2416248109b39f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 23:01:08 +0000 Subject: [PATCH 197/387] "-Synchronized-Data." --- 2019/19xxx/CVE-2019-19413.json | 83 +++++++++++++++++- 2019/19xxx/CVE-2019-19414.json | 83 +++++++++++++++++- 2019/20xxx/CVE-2019-20387.json | 67 +++++++++++++++ 2019/20xxx/CVE-2019-20388.json | 62 ++++++++++++++ 2020/1xxx/CVE-2020-1788.json | 50 ++++++++++- 2020/1xxx/CVE-2020-1810.json | 151 ++------------------------------- 2020/7xxx/CVE-2020-7595.json | 62 ++++++++++++++ 2020/7xxx/CVE-2020-7596.json | 18 ++++ 2020/7xxx/CVE-2020-7597.json | 18 ++++ 2020/7xxx/CVE-2020-7598.json | 18 ++++ 2020/7xxx/CVE-2020-7599.json | 18 ++++ 2020/7xxx/CVE-2020-7600.json | 18 ++++ 2020/7xxx/CVE-2020-7601.json | 18 ++++ 2020/7xxx/CVE-2020-7602.json | 18 ++++ 2020/7xxx/CVE-2020-7603.json | 18 ++++ 2020/7xxx/CVE-2020-7604.json | 18 ++++ 2020/7xxx/CVE-2020-7605.json | 18 ++++ 2020/7xxx/CVE-2020-7606.json | 18 ++++ 2020/7xxx/CVE-2020-7607.json | 18 ++++ 2020/7xxx/CVE-2020-7608.json | 18 ++++ 2020/7xxx/CVE-2020-7609.json | 18 ++++ 2020/7xxx/CVE-2020-7610.json | 18 ++++ 2020/7xxx/CVE-2020-7611.json | 18 ++++ 2020/7xxx/CVE-2020-7612.json | 18 ++++ 2020/7xxx/CVE-2020-7613.json | 18 ++++ 2020/7xxx/CVE-2020-7614.json | 18 ++++ 2020/7xxx/CVE-2020-7615.json | 18 ++++ 2020/7xxx/CVE-2020-7616.json | 18 ++++ 2020/7xxx/CVE-2020-7617.json | 18 ++++ 2020/7xxx/CVE-2020-7618.json | 18 ++++ 2020/7xxx/CVE-2020-7619.json | 18 ++++ 2020/7xxx/CVE-2020-7620.json | 18 ++++ 2020/7xxx/CVE-2020-7621.json | 18 ++++ 2020/7xxx/CVE-2020-7622.json | 18 ++++ 2020/7xxx/CVE-2020-7623.json | 18 ++++ 2020/7xxx/CVE-2020-7624.json | 18 ++++ 2020/7xxx/CVE-2020-7625.json | 18 ++++ 2020/7xxx/CVE-2020-7626.json | 18 ++++ 2020/7xxx/CVE-2020-7627.json | 18 ++++ 2020/7xxx/CVE-2020-7628.json | 18 ++++ 2020/7xxx/CVE-2020-7629.json | 18 ++++ 2020/7xxx/CVE-2020-7630.json | 18 ++++ 2020/7xxx/CVE-2020-7631.json | 18 ++++ 2020/7xxx/CVE-2020-7632.json | 18 ++++ 2020/7xxx/CVE-2020-7633.json | 18 ++++ 2020/7xxx/CVE-2020-7634.json | 18 ++++ 2020/7xxx/CVE-2020-7635.json | 18 ++++ 2020/7xxx/CVE-2020-7636.json | 18 ++++ 2020/7xxx/CVE-2020-7637.json | 18 ++++ 2020/7xxx/CVE-2020-7638.json | 18 ++++ 2020/7xxx/CVE-2020-7750.json | 18 ++++ 2020/7xxx/CVE-2020-7751.json | 18 ++++ 2020/7xxx/CVE-2020-7752.json | 18 ++++ 2020/7xxx/CVE-2020-7753.json | 18 ++++ 2020/7xxx/CVE-2020-7754.json | 18 ++++ 2020/7xxx/CVE-2020-7755.json | 18 ++++ 2020/7xxx/CVE-2020-7756.json | 18 ++++ 2020/7xxx/CVE-2020-7757.json | 18 ++++ 2020/7xxx/CVE-2020-7758.json | 18 ++++ 2020/7xxx/CVE-2020-7759.json | 18 ++++ 2020/7xxx/CVE-2020-7760.json | 18 ++++ 2020/7xxx/CVE-2020-7761.json | 18 ++++ 2020/7xxx/CVE-2020-7762.json | 18 ++++ 2020/7xxx/CVE-2020-7763.json | 18 ++++ 2020/7xxx/CVE-2020-7764.json | 18 ++++ 2020/7xxx/CVE-2020-7765.json | 18 ++++ 2020/7xxx/CVE-2020-7766.json | 18 ++++ 2020/7xxx/CVE-2020-7767.json | 18 ++++ 2020/7xxx/CVE-2020-7768.json | 18 ++++ 2020/7xxx/CVE-2020-7769.json | 18 ++++ 2020/7xxx/CVE-2020-7770.json | 18 ++++ 2020/7xxx/CVE-2020-7771.json | 18 ++++ 2020/7xxx/CVE-2020-7772.json | 18 ++++ 2020/7xxx/CVE-2020-7773.json | 18 ++++ 2020/7xxx/CVE-2020-7774.json | 18 ++++ 2020/7xxx/CVE-2020-7775.json | 18 ++++ 2020/7xxx/CVE-2020-7776.json | 18 ++++ 2020/7xxx/CVE-2020-7777.json | 18 ++++ 2020/7xxx/CVE-2020-7778.json | 18 ++++ 2020/7xxx/CVE-2020-7779.json | 18 ++++ 2020/7xxx/CVE-2020-7780.json | 18 ++++ 2020/7xxx/CVE-2020-7781.json | 18 ++++ 2020/7xxx/CVE-2020-7782.json | 18 ++++ 2020/7xxx/CVE-2020-7783.json | 18 ++++ 2020/7xxx/CVE-2020-7784.json | 18 ++++ 2020/7xxx/CVE-2020-7785.json | 18 ++++ 2020/7xxx/CVE-2020-7786.json | 18 ++++ 2020/7xxx/CVE-2020-7787.json | 18 ++++ 2020/7xxx/CVE-2020-7788.json | 18 ++++ 2020/7xxx/CVE-2020-7789.json | 18 ++++ 2020/7xxx/CVE-2020-7790.json | 18 ++++ 2020/7xxx/CVE-2020-7791.json | 18 ++++ 2020/7xxx/CVE-2020-7792.json | 18 ++++ 2020/7xxx/CVE-2020-7793.json | 18 ++++ 2020/7xxx/CVE-2020-7794.json | 18 ++++ 2020/7xxx/CVE-2020-7795.json | 18 ++++ 96 files changed, 2007 insertions(+), 153 deletions(-) create mode 100644 2019/20xxx/CVE-2019-20387.json create mode 100644 2019/20xxx/CVE-2019-20388.json create mode 100644 2020/7xxx/CVE-2020-7595.json create mode 100644 2020/7xxx/CVE-2020-7596.json create mode 100644 2020/7xxx/CVE-2020-7597.json create mode 100644 2020/7xxx/CVE-2020-7598.json create mode 100644 2020/7xxx/CVE-2020-7599.json create mode 100644 2020/7xxx/CVE-2020-7600.json create mode 100644 2020/7xxx/CVE-2020-7601.json create mode 100644 2020/7xxx/CVE-2020-7602.json create mode 100644 2020/7xxx/CVE-2020-7603.json create mode 100644 2020/7xxx/CVE-2020-7604.json create mode 100644 2020/7xxx/CVE-2020-7605.json create mode 100644 2020/7xxx/CVE-2020-7606.json create mode 100644 2020/7xxx/CVE-2020-7607.json create mode 100644 2020/7xxx/CVE-2020-7608.json create mode 100644 2020/7xxx/CVE-2020-7609.json create mode 100644 2020/7xxx/CVE-2020-7610.json create mode 100644 2020/7xxx/CVE-2020-7611.json create mode 100644 2020/7xxx/CVE-2020-7612.json create mode 100644 2020/7xxx/CVE-2020-7613.json create mode 100644 2020/7xxx/CVE-2020-7614.json create mode 100644 2020/7xxx/CVE-2020-7615.json create mode 100644 2020/7xxx/CVE-2020-7616.json create mode 100644 2020/7xxx/CVE-2020-7617.json create mode 100644 2020/7xxx/CVE-2020-7618.json create mode 100644 2020/7xxx/CVE-2020-7619.json create mode 100644 2020/7xxx/CVE-2020-7620.json create mode 100644 2020/7xxx/CVE-2020-7621.json create mode 100644 2020/7xxx/CVE-2020-7622.json create mode 100644 2020/7xxx/CVE-2020-7623.json create mode 100644 2020/7xxx/CVE-2020-7624.json create mode 100644 2020/7xxx/CVE-2020-7625.json create mode 100644 2020/7xxx/CVE-2020-7626.json create mode 100644 2020/7xxx/CVE-2020-7627.json create mode 100644 2020/7xxx/CVE-2020-7628.json create mode 100644 2020/7xxx/CVE-2020-7629.json create mode 100644 2020/7xxx/CVE-2020-7630.json create mode 100644 2020/7xxx/CVE-2020-7631.json create mode 100644 2020/7xxx/CVE-2020-7632.json create mode 100644 2020/7xxx/CVE-2020-7633.json create mode 100644 2020/7xxx/CVE-2020-7634.json create mode 100644 2020/7xxx/CVE-2020-7635.json create mode 100644 2020/7xxx/CVE-2020-7636.json create mode 100644 2020/7xxx/CVE-2020-7637.json create mode 100644 2020/7xxx/CVE-2020-7638.json create mode 100644 2020/7xxx/CVE-2020-7750.json create mode 100644 2020/7xxx/CVE-2020-7751.json create mode 100644 2020/7xxx/CVE-2020-7752.json create mode 100644 2020/7xxx/CVE-2020-7753.json create mode 100644 2020/7xxx/CVE-2020-7754.json create mode 100644 2020/7xxx/CVE-2020-7755.json create mode 100644 2020/7xxx/CVE-2020-7756.json create mode 100644 2020/7xxx/CVE-2020-7757.json create mode 100644 2020/7xxx/CVE-2020-7758.json create mode 100644 2020/7xxx/CVE-2020-7759.json create mode 100644 2020/7xxx/CVE-2020-7760.json create mode 100644 2020/7xxx/CVE-2020-7761.json create mode 100644 2020/7xxx/CVE-2020-7762.json create mode 100644 2020/7xxx/CVE-2020-7763.json create mode 100644 2020/7xxx/CVE-2020-7764.json create mode 100644 2020/7xxx/CVE-2020-7765.json create mode 100644 2020/7xxx/CVE-2020-7766.json create mode 100644 2020/7xxx/CVE-2020-7767.json create mode 100644 2020/7xxx/CVE-2020-7768.json create mode 100644 2020/7xxx/CVE-2020-7769.json create mode 100644 2020/7xxx/CVE-2020-7770.json create mode 100644 2020/7xxx/CVE-2020-7771.json create mode 100644 2020/7xxx/CVE-2020-7772.json create mode 100644 2020/7xxx/CVE-2020-7773.json create mode 100644 2020/7xxx/CVE-2020-7774.json create mode 100644 2020/7xxx/CVE-2020-7775.json create mode 100644 2020/7xxx/CVE-2020-7776.json create mode 100644 2020/7xxx/CVE-2020-7777.json create mode 100644 2020/7xxx/CVE-2020-7778.json create mode 100644 2020/7xxx/CVE-2020-7779.json create mode 100644 2020/7xxx/CVE-2020-7780.json create mode 100644 2020/7xxx/CVE-2020-7781.json create mode 100644 2020/7xxx/CVE-2020-7782.json create mode 100644 2020/7xxx/CVE-2020-7783.json create mode 100644 2020/7xxx/CVE-2020-7784.json create mode 100644 2020/7xxx/CVE-2020-7785.json create mode 100644 2020/7xxx/CVE-2020-7786.json create mode 100644 2020/7xxx/CVE-2020-7787.json create mode 100644 2020/7xxx/CVE-2020-7788.json create mode 100644 2020/7xxx/CVE-2020-7789.json create mode 100644 2020/7xxx/CVE-2020-7790.json create mode 100644 2020/7xxx/CVE-2020-7791.json create mode 100644 2020/7xxx/CVE-2020-7792.json create mode 100644 2020/7xxx/CVE-2020-7793.json create mode 100644 2020/7xxx/CVE-2020-7794.json create mode 100644 2020/7xxx/CVE-2020-7795.json diff --git a/2019/19xxx/CVE-2019-19413.json b/2019/19xxx/CVE-2019-19413.json index e67abc64d9c..7acb1869a7c 100644 --- a/2019/19xxx/CVE-2019-19413.json +++ b/2019/19xxx/CVE-2019-19413.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19413", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60", + "version": { + "version_data": [ + { + "version_value": "V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50" + }, + { + "version_value": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800" + }, + { + "version_value": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50" + }, + { + "version_value": "V100R005C00,V100R005C10,V200R001C00,V200R002C50" + }, + { + "version_value": "V100R003C00,V100R004C10" + }, + { + "version_value": "V500R002C00" + }, + { + "version_value": "V500R002C00SPC200,V600R006C00" + }, + { + "version_value": "V100R001C10,V600R006C00" + }, + { + "version_value": "V600R006C00" + }, + { + "version_value": "V600R006C00" + }, + { + "version_value": "V100R001C10,V500R002C00,V600R006C00" + }, + { + "version_value": "" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Two Integer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash." } ] } diff --git a/2019/19xxx/CVE-2019-19414.json b/2019/19xxx/CVE-2019-19414.json index 2a205ead6a3..aa949c5014c 100644 --- a/2019/19xxx/CVE-2019-19414.json +++ b/2019/19xxx/CVE-2019-19414.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19414", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60", + "version": { + "version_data": [ + { + "version_value": "V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50" + }, + { + "version_value": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800" + }, + { + "version_value": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50" + }, + { + "version_value": "V100R005C00,V100R005C10,V200R001C00,V200R002C50" + }, + { + "version_value": "V100R003C00,V100R004C10" + }, + { + "version_value": "V500R002C00" + }, + { + "version_value": "V500R002C00SPC200,V600R006C00" + }, + { + "version_value": "V100R001C10,V600R006C00" + }, + { + "version_value": "V600R006C00" + }, + { + "version_value": "V600R006C00" + }, + { + "version_value": "V100R001C10,V500R002C00,V600R006C00" + }, + { + "version_value": "" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Two Integer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash." } ] } diff --git a/2019/20xxx/CVE-2019-20387.json b/2019/20xxx/CVE-2019-20387.json new file mode 100644 index 00000000000..eac9f1e26bd --- /dev/null +++ b/2019/20xxx/CVE-2019-20387.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da", + "refsource": "MISC", + "name": "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da" + }, + { + "url": "https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6", + "refsource": "MISC", + "name": "https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20388.json b/2019/20xxx/CVE-2019-20388.json new file mode 100644 index 00000000000..7481de28629 --- /dev/null +++ b/2019/20xxx/CVE-2019-20388.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68", + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68" + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1788.json b/2020/1xxx/CVE-2020-1788.json index a59c798345a..b20708ddc7b 100644 --- a/2020/1xxx/CVE-2020-1788.json +++ b/2020/1xxx/CVE-2020-1788.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1788", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Honor V30", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.0.1.135(C00E130R4P1)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-02-smartphone-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-02-smartphone-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into installing a malicious application. Successful exploit could allow unauthorized actions leading to information disclosure." } ] } diff --git a/2020/1xxx/CVE-2020-1810.json b/2020/1xxx/CVE-2020-1810.json index 4b7817daca5..2d6e6f17c4d 100644 --- a/2020/1xxx/CVE-2020-1810.json +++ b/2020/1xxx/CVE-2020-1810.json @@ -11,158 +11,21 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Huawei", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "CloudEngine 12800", + "product_name": "CloudEngine 12800;S5700;S6700", "version": { "version_data": [ { - "version_value": "V100R003C00SPC600" + "version_value": "V100R003C00SPC600,V100R003C10SPC100,V100R005C00SPC200,V100R005C00SPC300,V100R005C10HP0001,V100R005C10SPC100,V100R005C10SPC200,V100R006C00,V200R001C00,V200R002C01,V200R002C10,V200R002C20,V200R005C10" }, { - "version_value": "V100R003C10SPC100" + "version_value": "V200R005C00SPC500,V200R005C03,V200R006C00SPC100,V200R006C00SPC300,V200R006C00SPC500,V200R007C00SPC100,V200R007C00SPC500" }, { - "version_value": "V100R005C00SPC200" - }, - { - "version_value": "V100R005C00SPC300" - }, - { - "version_value": "V100R005C10HP0001" - }, - { - "version_value": "V100R005C10SPC100" - }, - { - "version_value": "V100R005C10SPC200" - }, - { - "version_value": "V100R006C00" - }, - { - "version_value": "V200R001C00" - }, - { - "version_value": "V200R002C01" - }, - { - "version_value": "V200R002C10" - }, - { - "version_value": "V200R002C20" - }, - { - "version_value": "V200R005C10" - } - ] - } - }, - { - "product_name": "CloudEngine S5700", - "version": { - "version_data": [ - { - "version_value": "V200R005C00SPC500" - }, - { - "version_value": "V200R005C03" - }, - { - "version_value": "V200R006C00SPC100" - }, - { - "version_value": "V200R006C00SPC300" - }, - { - "version_value": "V200R006C00SPC500" - }, - { - "version_value": "V200R007C00SPC100" - }, - { - "version_value": "V200R007C00SPC500" - }, - { - "version_value": "V200R010C00SPC300" - }, - { - "version_value": "V200R010C00SPC600" - }, - { - "version_value": "V200R010C00SPC700" - }, - { - "version_value": "V200R011C00SPC200" - }, - { - "version_value": "V200R011C10SPC500" - }, - { - "version_value": "V200R011C10SPC600" - }, - { - "version_value": "V200R012C00SPC200" - }, - { - "version_value": "V200R012C00SPC500" - }, - { - "version_value": "V200R012C00SPC600" - }, - { - "version_value": "V200R012C00SPC700" - }, - { - "version_value": "V200R012C00SPC710" - }, - { - "version_value": "V200R012C20" - } - ] - } - }, - { - "product_name": "CloudEngine S6700", - "version": { - "version_data": [ - { - "version_value": "V200R005C00SPC500" - }, - { - "version_value": "V200R005C01" - }, - { - "version_value": "V200R008C00SPC500" - }, - { - "version_value": "V200R010C00SPC300" - }, - { - "version_value": "V200R010C00SPC600" - }, - { - "version_value": "V200R011C00SPC200" - }, - { - "version_value": "V200R011C10SPC500" - }, - { - "version_value": "V200R011C10SPC600" - }, - { - "version_value": "V200R012C00SPC200" - }, - { - "version_value": "V200R012C00SPC500" - }, - { - "version_value": "V200R012C00SPC600" - }, - { - "version_value": "V200R012C00SPC710" + "version_value": "V200R005C00SPC500,V200R005C01" } ] } @@ -188,7 +51,7 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en" } @@ -198,7 +61,7 @@ "description_data": [ { "lang": "eng", - "value": "Huawei products CloudEngine 12800;S5700;S6700 have a weak algorithm vulnerability. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information. Affected product versions include: CloudEngine 12800 versions V100R003C00SPC600, V100R003C10SPC100, V100R005C00SPC200, V100R005C00SPC300, V100R005C10HP0001, V100R005C10SPC100, V100R005C10SPC200, V100R006C00, V200R001C00, V200R002C01, V200R002C10, V200R002C20, V200R005C10; S5700 versions V200R005C00SPC500, V200R005C03, V200R006C00SPC100, V200R006C00SPC300, V200R006C00SPC500, V200R007C00SPC100, V200R007C00SPC500; S6700 versions V200R005C00SPC500, V200R005C01." + "value": "There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information." } ] } diff --git a/2020/7xxx/CVE-2020-7595.json b/2020/7xxx/CVE-2020-7595.json new file mode 100644 index 00000000000..e6f727a946e --- /dev/null +++ b/2020/7xxx/CVE-2020-7595.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076", + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7596.json b/2020/7xxx/CVE-2020-7596.json new file mode 100644 index 00000000000..26fed58a431 --- /dev/null +++ b/2020/7xxx/CVE-2020-7596.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7596", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7597.json b/2020/7xxx/CVE-2020-7597.json new file mode 100644 index 00000000000..39ccaaa1223 --- /dev/null +++ b/2020/7xxx/CVE-2020-7597.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7597", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7598.json b/2020/7xxx/CVE-2020-7598.json new file mode 100644 index 00000000000..2881e004a15 --- /dev/null +++ b/2020/7xxx/CVE-2020-7598.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7598", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7599.json b/2020/7xxx/CVE-2020-7599.json new file mode 100644 index 00000000000..a9ae95aa811 --- /dev/null +++ b/2020/7xxx/CVE-2020-7599.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7599", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7600.json b/2020/7xxx/CVE-2020-7600.json new file mode 100644 index 00000000000..a8755e59d6a --- /dev/null +++ b/2020/7xxx/CVE-2020-7600.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7600", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7601.json b/2020/7xxx/CVE-2020-7601.json new file mode 100644 index 00000000000..d8d032dd103 --- /dev/null +++ b/2020/7xxx/CVE-2020-7601.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7601", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7602.json b/2020/7xxx/CVE-2020-7602.json new file mode 100644 index 00000000000..69a41374107 --- /dev/null +++ b/2020/7xxx/CVE-2020-7602.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7602", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7603.json b/2020/7xxx/CVE-2020-7603.json new file mode 100644 index 00000000000..c7d17b1185a --- /dev/null +++ b/2020/7xxx/CVE-2020-7603.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7603", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7604.json b/2020/7xxx/CVE-2020-7604.json new file mode 100644 index 00000000000..b33e66c1735 --- /dev/null +++ b/2020/7xxx/CVE-2020-7604.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7604", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7605.json b/2020/7xxx/CVE-2020-7605.json new file mode 100644 index 00000000000..48993f9a525 --- /dev/null +++ b/2020/7xxx/CVE-2020-7605.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7605", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7606.json b/2020/7xxx/CVE-2020-7606.json new file mode 100644 index 00000000000..e2fe5d563af --- /dev/null +++ b/2020/7xxx/CVE-2020-7606.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7606", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7607.json b/2020/7xxx/CVE-2020-7607.json new file mode 100644 index 00000000000..994206ad2d3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7607.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7607", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7608.json b/2020/7xxx/CVE-2020-7608.json new file mode 100644 index 00000000000..fc77fd151d1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7608.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7608", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7609.json b/2020/7xxx/CVE-2020-7609.json new file mode 100644 index 00000000000..8bd4bea1656 --- /dev/null +++ b/2020/7xxx/CVE-2020-7609.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7609", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7610.json b/2020/7xxx/CVE-2020-7610.json new file mode 100644 index 00000000000..fda87e05c98 --- /dev/null +++ b/2020/7xxx/CVE-2020-7610.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7610", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7611.json b/2020/7xxx/CVE-2020-7611.json new file mode 100644 index 00000000000..59c209ba5c7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7611.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7611", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7612.json b/2020/7xxx/CVE-2020-7612.json new file mode 100644 index 00000000000..d171f6217df --- /dev/null +++ b/2020/7xxx/CVE-2020-7612.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7612", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7613.json b/2020/7xxx/CVE-2020-7613.json new file mode 100644 index 00000000000..10e11db7892 --- /dev/null +++ b/2020/7xxx/CVE-2020-7613.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7613", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7614.json b/2020/7xxx/CVE-2020-7614.json new file mode 100644 index 00000000000..e3e54605ac5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7614.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7614", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7615.json b/2020/7xxx/CVE-2020-7615.json new file mode 100644 index 00000000000..bab4e82825a --- /dev/null +++ b/2020/7xxx/CVE-2020-7615.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7615", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7616.json b/2020/7xxx/CVE-2020-7616.json new file mode 100644 index 00000000000..f2f4be724b2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7616.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7616", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7617.json b/2020/7xxx/CVE-2020-7617.json new file mode 100644 index 00000000000..950045b5cc7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7617.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7617", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7618.json b/2020/7xxx/CVE-2020-7618.json new file mode 100644 index 00000000000..c497c11583b --- /dev/null +++ b/2020/7xxx/CVE-2020-7618.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7618", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7619.json b/2020/7xxx/CVE-2020-7619.json new file mode 100644 index 00000000000..960890ff550 --- /dev/null +++ b/2020/7xxx/CVE-2020-7619.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7619", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7620.json b/2020/7xxx/CVE-2020-7620.json new file mode 100644 index 00000000000..43e84d185b6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7620.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7620", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7621.json b/2020/7xxx/CVE-2020-7621.json new file mode 100644 index 00000000000..7ccbfca0ed1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7621.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7621", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7622.json b/2020/7xxx/CVE-2020-7622.json new file mode 100644 index 00000000000..a8932f5768a --- /dev/null +++ b/2020/7xxx/CVE-2020-7622.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7622", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7623.json b/2020/7xxx/CVE-2020-7623.json new file mode 100644 index 00000000000..9e35bde3fda --- /dev/null +++ b/2020/7xxx/CVE-2020-7623.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7623", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7624.json b/2020/7xxx/CVE-2020-7624.json new file mode 100644 index 00000000000..0da85903f01 --- /dev/null +++ b/2020/7xxx/CVE-2020-7624.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7624", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7625.json b/2020/7xxx/CVE-2020-7625.json new file mode 100644 index 00000000000..b6055a2dbe4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7625.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7625", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7626.json b/2020/7xxx/CVE-2020-7626.json new file mode 100644 index 00000000000..c4c7635e010 --- /dev/null +++ b/2020/7xxx/CVE-2020-7626.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7626", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7627.json b/2020/7xxx/CVE-2020-7627.json new file mode 100644 index 00000000000..d26556c2556 --- /dev/null +++ b/2020/7xxx/CVE-2020-7627.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7627", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7628.json b/2020/7xxx/CVE-2020-7628.json new file mode 100644 index 00000000000..652dc74bfcb --- /dev/null +++ b/2020/7xxx/CVE-2020-7628.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7628", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7629.json b/2020/7xxx/CVE-2020-7629.json new file mode 100644 index 00000000000..cbb81daa48d --- /dev/null +++ b/2020/7xxx/CVE-2020-7629.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7629", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7630.json b/2020/7xxx/CVE-2020-7630.json new file mode 100644 index 00000000000..0e658651e26 --- /dev/null +++ b/2020/7xxx/CVE-2020-7630.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7630", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7631.json b/2020/7xxx/CVE-2020-7631.json new file mode 100644 index 00000000000..461dda14e8c --- /dev/null +++ b/2020/7xxx/CVE-2020-7631.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7631", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7632.json b/2020/7xxx/CVE-2020-7632.json new file mode 100644 index 00000000000..650681659a8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7632.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7632", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7633.json b/2020/7xxx/CVE-2020-7633.json new file mode 100644 index 00000000000..729df92af2a --- /dev/null +++ b/2020/7xxx/CVE-2020-7633.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7633", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7634.json b/2020/7xxx/CVE-2020-7634.json new file mode 100644 index 00000000000..782e76b73ee --- /dev/null +++ b/2020/7xxx/CVE-2020-7634.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7634", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7635.json b/2020/7xxx/CVE-2020-7635.json new file mode 100644 index 00000000000..c94af26df18 --- /dev/null +++ b/2020/7xxx/CVE-2020-7635.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7635", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7636.json b/2020/7xxx/CVE-2020-7636.json new file mode 100644 index 00000000000..fe105b783cd --- /dev/null +++ b/2020/7xxx/CVE-2020-7636.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7636", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7637.json b/2020/7xxx/CVE-2020-7637.json new file mode 100644 index 00000000000..15a75d72660 --- /dev/null +++ b/2020/7xxx/CVE-2020-7637.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7637", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7638.json b/2020/7xxx/CVE-2020-7638.json new file mode 100644 index 00000000000..8c9f848422e --- /dev/null +++ b/2020/7xxx/CVE-2020-7638.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7638", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7750.json b/2020/7xxx/CVE-2020-7750.json new file mode 100644 index 00000000000..8a13dec5a05 --- /dev/null +++ b/2020/7xxx/CVE-2020-7750.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7750", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7751.json b/2020/7xxx/CVE-2020-7751.json new file mode 100644 index 00000000000..d440c28546b --- /dev/null +++ b/2020/7xxx/CVE-2020-7751.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7751", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7752.json b/2020/7xxx/CVE-2020-7752.json new file mode 100644 index 00000000000..54cf0eef8fa --- /dev/null +++ b/2020/7xxx/CVE-2020-7752.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7752", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7753.json b/2020/7xxx/CVE-2020-7753.json new file mode 100644 index 00000000000..df50a63a867 --- /dev/null +++ b/2020/7xxx/CVE-2020-7753.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7753", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7754.json b/2020/7xxx/CVE-2020-7754.json new file mode 100644 index 00000000000..718f5e9e716 --- /dev/null +++ b/2020/7xxx/CVE-2020-7754.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7754", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7755.json b/2020/7xxx/CVE-2020-7755.json new file mode 100644 index 00000000000..b612c6f0f5b --- /dev/null +++ b/2020/7xxx/CVE-2020-7755.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7755", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7756.json b/2020/7xxx/CVE-2020-7756.json new file mode 100644 index 00000000000..fb1544e2042 --- /dev/null +++ b/2020/7xxx/CVE-2020-7756.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7756", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7757.json b/2020/7xxx/CVE-2020-7757.json new file mode 100644 index 00000000000..c1307fe2223 --- /dev/null +++ b/2020/7xxx/CVE-2020-7757.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7757", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7758.json b/2020/7xxx/CVE-2020-7758.json new file mode 100644 index 00000000000..bc89b5f7f6e --- /dev/null +++ b/2020/7xxx/CVE-2020-7758.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7758", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7759.json b/2020/7xxx/CVE-2020-7759.json new file mode 100644 index 00000000000..75fb7e212fe --- /dev/null +++ b/2020/7xxx/CVE-2020-7759.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7759", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7760.json b/2020/7xxx/CVE-2020-7760.json new file mode 100644 index 00000000000..c268c14469b --- /dev/null +++ b/2020/7xxx/CVE-2020-7760.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7760", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7761.json b/2020/7xxx/CVE-2020-7761.json new file mode 100644 index 00000000000..bf4fe8aab38 --- /dev/null +++ b/2020/7xxx/CVE-2020-7761.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7761", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7762.json b/2020/7xxx/CVE-2020-7762.json new file mode 100644 index 00000000000..4c273ad9c05 --- /dev/null +++ b/2020/7xxx/CVE-2020-7762.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7762", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7763.json b/2020/7xxx/CVE-2020-7763.json new file mode 100644 index 00000000000..1924a80890e --- /dev/null +++ b/2020/7xxx/CVE-2020-7763.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7763", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7764.json b/2020/7xxx/CVE-2020-7764.json new file mode 100644 index 00000000000..2b49fcd8907 --- /dev/null +++ b/2020/7xxx/CVE-2020-7764.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7764", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7765.json b/2020/7xxx/CVE-2020-7765.json new file mode 100644 index 00000000000..2d49b40003c --- /dev/null +++ b/2020/7xxx/CVE-2020-7765.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7765", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7766.json b/2020/7xxx/CVE-2020-7766.json new file mode 100644 index 00000000000..32af07570fe --- /dev/null +++ b/2020/7xxx/CVE-2020-7766.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7766", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7767.json b/2020/7xxx/CVE-2020-7767.json new file mode 100644 index 00000000000..efcec1d38a5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7767.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7767", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7768.json b/2020/7xxx/CVE-2020-7768.json new file mode 100644 index 00000000000..f2906c9be0e --- /dev/null +++ b/2020/7xxx/CVE-2020-7768.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7768", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7769.json b/2020/7xxx/CVE-2020-7769.json new file mode 100644 index 00000000000..ab84ebda6e9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7769.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7769", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7770.json b/2020/7xxx/CVE-2020-7770.json new file mode 100644 index 00000000000..fdb6917d014 --- /dev/null +++ b/2020/7xxx/CVE-2020-7770.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7770", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7771.json b/2020/7xxx/CVE-2020-7771.json new file mode 100644 index 00000000000..3e671409dc1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7771.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7771", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7772.json b/2020/7xxx/CVE-2020-7772.json new file mode 100644 index 00000000000..d1b96a5f7ec --- /dev/null +++ b/2020/7xxx/CVE-2020-7772.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7772", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7773.json b/2020/7xxx/CVE-2020-7773.json new file mode 100644 index 00000000000..6677e4331bd --- /dev/null +++ b/2020/7xxx/CVE-2020-7773.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7773", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7774.json b/2020/7xxx/CVE-2020-7774.json new file mode 100644 index 00000000000..e7d0b5cb4b4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7774.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7774", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7775.json b/2020/7xxx/CVE-2020-7775.json new file mode 100644 index 00000000000..60014a30171 --- /dev/null +++ b/2020/7xxx/CVE-2020-7775.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7775", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7776.json b/2020/7xxx/CVE-2020-7776.json new file mode 100644 index 00000000000..298b8f2aa77 --- /dev/null +++ b/2020/7xxx/CVE-2020-7776.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7776", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7777.json b/2020/7xxx/CVE-2020-7777.json new file mode 100644 index 00000000000..c88b1572789 --- /dev/null +++ b/2020/7xxx/CVE-2020-7777.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7777", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7778.json b/2020/7xxx/CVE-2020-7778.json new file mode 100644 index 00000000000..a30af589fcb --- /dev/null +++ b/2020/7xxx/CVE-2020-7778.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7778", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7779.json b/2020/7xxx/CVE-2020-7779.json new file mode 100644 index 00000000000..b6f19e8fbe4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7779.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7779", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7780.json b/2020/7xxx/CVE-2020-7780.json new file mode 100644 index 00000000000..bc5e667ec35 --- /dev/null +++ b/2020/7xxx/CVE-2020-7780.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7780", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7781.json b/2020/7xxx/CVE-2020-7781.json new file mode 100644 index 00000000000..603ccf716e0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7781.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7781", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7782.json b/2020/7xxx/CVE-2020-7782.json new file mode 100644 index 00000000000..f0a218c5fdb --- /dev/null +++ b/2020/7xxx/CVE-2020-7782.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7782", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7783.json b/2020/7xxx/CVE-2020-7783.json new file mode 100644 index 00000000000..5db32dc5e8b --- /dev/null +++ b/2020/7xxx/CVE-2020-7783.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7783", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7784.json b/2020/7xxx/CVE-2020-7784.json new file mode 100644 index 00000000000..c65231c563b --- /dev/null +++ b/2020/7xxx/CVE-2020-7784.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7784", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7785.json b/2020/7xxx/CVE-2020-7785.json new file mode 100644 index 00000000000..26581201228 --- /dev/null +++ b/2020/7xxx/CVE-2020-7785.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7785", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7786.json b/2020/7xxx/CVE-2020-7786.json new file mode 100644 index 00000000000..f20e1ed8166 --- /dev/null +++ b/2020/7xxx/CVE-2020-7786.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7786", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7787.json b/2020/7xxx/CVE-2020-7787.json new file mode 100644 index 00000000000..6c353c5d862 --- /dev/null +++ b/2020/7xxx/CVE-2020-7787.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7787", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7788.json b/2020/7xxx/CVE-2020-7788.json new file mode 100644 index 00000000000..eba5a055bc6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7788.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7788", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7789.json b/2020/7xxx/CVE-2020-7789.json new file mode 100644 index 00000000000..005c01c27cf --- /dev/null +++ b/2020/7xxx/CVE-2020-7789.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7789", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7790.json b/2020/7xxx/CVE-2020-7790.json new file mode 100644 index 00000000000..3bec1ece53d --- /dev/null +++ b/2020/7xxx/CVE-2020-7790.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7790", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7791.json b/2020/7xxx/CVE-2020-7791.json new file mode 100644 index 00000000000..b4a44c7cfbb --- /dev/null +++ b/2020/7xxx/CVE-2020-7791.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7791", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7792.json b/2020/7xxx/CVE-2020-7792.json new file mode 100644 index 00000000000..e564a3caa32 --- /dev/null +++ b/2020/7xxx/CVE-2020-7792.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7792", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7793.json b/2020/7xxx/CVE-2020-7793.json new file mode 100644 index 00000000000..59bae05c4e4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7793.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7793", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7794.json b/2020/7xxx/CVE-2020-7794.json new file mode 100644 index 00000000000..d939d90c2f7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7794.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7794", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7795.json b/2020/7xxx/CVE-2020-7795.json new file mode 100644 index 00000000000..957ee32f86b --- /dev/null +++ b/2020/7xxx/CVE-2020-7795.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7795", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 7aa68db402da9a1d3a68db02aa31920a3fc2c400 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 23:01:29 +0000 Subject: [PATCH 198/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7639.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7640.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7641.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7642.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7643.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7644.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7645.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7646.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7647.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7648.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7649.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7650.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7651.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7652.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7653.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7654.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7655.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7656.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7657.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7658.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7659.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7660.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7661.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7662.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7663.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7664.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7665.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7666.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7667.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7668.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7669.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7670.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7671.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7672.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7673.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7674.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7675.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7676.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7677.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7678.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7679.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7680.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7681.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7682.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7683.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7684.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7685.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7686.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7687.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7688.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7689.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7690.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7691.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7692.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7693.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7694.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7695.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7696.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7697.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7698.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7699.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7700.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7701.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7702.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7703.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7704.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7705.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7706.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7707.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7708.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7709.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7710.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7711.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7712.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7713.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7714.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7715.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7716.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7717.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7718.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7719.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7720.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7721.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7722.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7723.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7724.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7725.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7726.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7727.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7728.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7729.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7730.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7731.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7732.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7733.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7734.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7735.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7736.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7737.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7738.json | 18 ++++++++++++++++++ 100 files changed, 1800 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7639.json create mode 100644 2020/7xxx/CVE-2020-7640.json create mode 100644 2020/7xxx/CVE-2020-7641.json create mode 100644 2020/7xxx/CVE-2020-7642.json create mode 100644 2020/7xxx/CVE-2020-7643.json create mode 100644 2020/7xxx/CVE-2020-7644.json create mode 100644 2020/7xxx/CVE-2020-7645.json create mode 100644 2020/7xxx/CVE-2020-7646.json create mode 100644 2020/7xxx/CVE-2020-7647.json create mode 100644 2020/7xxx/CVE-2020-7648.json create mode 100644 2020/7xxx/CVE-2020-7649.json create mode 100644 2020/7xxx/CVE-2020-7650.json create mode 100644 2020/7xxx/CVE-2020-7651.json create mode 100644 2020/7xxx/CVE-2020-7652.json create mode 100644 2020/7xxx/CVE-2020-7653.json create mode 100644 2020/7xxx/CVE-2020-7654.json create mode 100644 2020/7xxx/CVE-2020-7655.json create mode 100644 2020/7xxx/CVE-2020-7656.json create mode 100644 2020/7xxx/CVE-2020-7657.json create mode 100644 2020/7xxx/CVE-2020-7658.json create mode 100644 2020/7xxx/CVE-2020-7659.json create mode 100644 2020/7xxx/CVE-2020-7660.json create mode 100644 2020/7xxx/CVE-2020-7661.json create mode 100644 2020/7xxx/CVE-2020-7662.json create mode 100644 2020/7xxx/CVE-2020-7663.json create mode 100644 2020/7xxx/CVE-2020-7664.json create mode 100644 2020/7xxx/CVE-2020-7665.json create mode 100644 2020/7xxx/CVE-2020-7666.json create mode 100644 2020/7xxx/CVE-2020-7667.json create mode 100644 2020/7xxx/CVE-2020-7668.json create mode 100644 2020/7xxx/CVE-2020-7669.json create mode 100644 2020/7xxx/CVE-2020-7670.json create mode 100644 2020/7xxx/CVE-2020-7671.json create mode 100644 2020/7xxx/CVE-2020-7672.json create mode 100644 2020/7xxx/CVE-2020-7673.json create mode 100644 2020/7xxx/CVE-2020-7674.json create mode 100644 2020/7xxx/CVE-2020-7675.json create mode 100644 2020/7xxx/CVE-2020-7676.json create mode 100644 2020/7xxx/CVE-2020-7677.json create mode 100644 2020/7xxx/CVE-2020-7678.json create mode 100644 2020/7xxx/CVE-2020-7679.json create mode 100644 2020/7xxx/CVE-2020-7680.json create mode 100644 2020/7xxx/CVE-2020-7681.json create mode 100644 2020/7xxx/CVE-2020-7682.json create mode 100644 2020/7xxx/CVE-2020-7683.json create mode 100644 2020/7xxx/CVE-2020-7684.json create mode 100644 2020/7xxx/CVE-2020-7685.json create mode 100644 2020/7xxx/CVE-2020-7686.json create mode 100644 2020/7xxx/CVE-2020-7687.json create mode 100644 2020/7xxx/CVE-2020-7688.json create mode 100644 2020/7xxx/CVE-2020-7689.json create mode 100644 2020/7xxx/CVE-2020-7690.json create mode 100644 2020/7xxx/CVE-2020-7691.json create mode 100644 2020/7xxx/CVE-2020-7692.json create mode 100644 2020/7xxx/CVE-2020-7693.json create mode 100644 2020/7xxx/CVE-2020-7694.json create mode 100644 2020/7xxx/CVE-2020-7695.json create mode 100644 2020/7xxx/CVE-2020-7696.json create mode 100644 2020/7xxx/CVE-2020-7697.json create mode 100644 2020/7xxx/CVE-2020-7698.json create mode 100644 2020/7xxx/CVE-2020-7699.json create mode 100644 2020/7xxx/CVE-2020-7700.json create mode 100644 2020/7xxx/CVE-2020-7701.json create mode 100644 2020/7xxx/CVE-2020-7702.json create mode 100644 2020/7xxx/CVE-2020-7703.json create mode 100644 2020/7xxx/CVE-2020-7704.json create mode 100644 2020/7xxx/CVE-2020-7705.json create mode 100644 2020/7xxx/CVE-2020-7706.json create mode 100644 2020/7xxx/CVE-2020-7707.json create mode 100644 2020/7xxx/CVE-2020-7708.json create mode 100644 2020/7xxx/CVE-2020-7709.json create mode 100644 2020/7xxx/CVE-2020-7710.json create mode 100644 2020/7xxx/CVE-2020-7711.json create mode 100644 2020/7xxx/CVE-2020-7712.json create mode 100644 2020/7xxx/CVE-2020-7713.json create mode 100644 2020/7xxx/CVE-2020-7714.json create mode 100644 2020/7xxx/CVE-2020-7715.json create mode 100644 2020/7xxx/CVE-2020-7716.json create mode 100644 2020/7xxx/CVE-2020-7717.json create mode 100644 2020/7xxx/CVE-2020-7718.json create mode 100644 2020/7xxx/CVE-2020-7719.json create mode 100644 2020/7xxx/CVE-2020-7720.json create mode 100644 2020/7xxx/CVE-2020-7721.json create mode 100644 2020/7xxx/CVE-2020-7722.json create mode 100644 2020/7xxx/CVE-2020-7723.json create mode 100644 2020/7xxx/CVE-2020-7724.json create mode 100644 2020/7xxx/CVE-2020-7725.json create mode 100644 2020/7xxx/CVE-2020-7726.json create mode 100644 2020/7xxx/CVE-2020-7727.json create mode 100644 2020/7xxx/CVE-2020-7728.json create mode 100644 2020/7xxx/CVE-2020-7729.json create mode 100644 2020/7xxx/CVE-2020-7730.json create mode 100644 2020/7xxx/CVE-2020-7731.json create mode 100644 2020/7xxx/CVE-2020-7732.json create mode 100644 2020/7xxx/CVE-2020-7733.json create mode 100644 2020/7xxx/CVE-2020-7734.json create mode 100644 2020/7xxx/CVE-2020-7735.json create mode 100644 2020/7xxx/CVE-2020-7736.json create mode 100644 2020/7xxx/CVE-2020-7737.json create mode 100644 2020/7xxx/CVE-2020-7738.json diff --git a/2020/7xxx/CVE-2020-7639.json b/2020/7xxx/CVE-2020-7639.json new file mode 100644 index 00000000000..637ba95d1eb --- /dev/null +++ b/2020/7xxx/CVE-2020-7639.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7639", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7640.json b/2020/7xxx/CVE-2020-7640.json new file mode 100644 index 00000000000..a32dfd19e7e --- /dev/null +++ b/2020/7xxx/CVE-2020-7640.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7640", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7641.json b/2020/7xxx/CVE-2020-7641.json new file mode 100644 index 00000000000..328b2005141 --- /dev/null +++ b/2020/7xxx/CVE-2020-7641.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7641", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7642.json b/2020/7xxx/CVE-2020-7642.json new file mode 100644 index 00000000000..7b5fada09db --- /dev/null +++ b/2020/7xxx/CVE-2020-7642.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7642", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7643.json b/2020/7xxx/CVE-2020-7643.json new file mode 100644 index 00000000000..96e544fbef7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7643.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7643", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7644.json b/2020/7xxx/CVE-2020-7644.json new file mode 100644 index 00000000000..f6e15b9a980 --- /dev/null +++ b/2020/7xxx/CVE-2020-7644.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7644", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7645.json b/2020/7xxx/CVE-2020-7645.json new file mode 100644 index 00000000000..5f7fa0e2159 --- /dev/null +++ b/2020/7xxx/CVE-2020-7645.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7645", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7646.json b/2020/7xxx/CVE-2020-7646.json new file mode 100644 index 00000000000..54d2c88532c --- /dev/null +++ b/2020/7xxx/CVE-2020-7646.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7646", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7647.json b/2020/7xxx/CVE-2020-7647.json new file mode 100644 index 00000000000..1e639da5b9b --- /dev/null +++ b/2020/7xxx/CVE-2020-7647.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7647", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7648.json b/2020/7xxx/CVE-2020-7648.json new file mode 100644 index 00000000000..8f32efe1fef --- /dev/null +++ b/2020/7xxx/CVE-2020-7648.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7648", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7649.json b/2020/7xxx/CVE-2020-7649.json new file mode 100644 index 00000000000..1973f9ea5cb --- /dev/null +++ b/2020/7xxx/CVE-2020-7649.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7649", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7650.json b/2020/7xxx/CVE-2020-7650.json new file mode 100644 index 00000000000..deb62e0ccc2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7650.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7650", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7651.json b/2020/7xxx/CVE-2020-7651.json new file mode 100644 index 00000000000..2c90da93917 --- /dev/null +++ b/2020/7xxx/CVE-2020-7651.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7651", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7652.json b/2020/7xxx/CVE-2020-7652.json new file mode 100644 index 00000000000..fd8ff7540e0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7652.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7652", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7653.json b/2020/7xxx/CVE-2020-7653.json new file mode 100644 index 00000000000..2ead0144801 --- /dev/null +++ b/2020/7xxx/CVE-2020-7653.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7653", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7654.json b/2020/7xxx/CVE-2020-7654.json new file mode 100644 index 00000000000..63eed26484b --- /dev/null +++ b/2020/7xxx/CVE-2020-7654.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7654", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7655.json b/2020/7xxx/CVE-2020-7655.json new file mode 100644 index 00000000000..4b0c714bbc5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7655.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7655", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7656.json b/2020/7xxx/CVE-2020-7656.json new file mode 100644 index 00000000000..87bbc3a16f6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7656.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7656", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7657.json b/2020/7xxx/CVE-2020-7657.json new file mode 100644 index 00000000000..f3e364cb918 --- /dev/null +++ b/2020/7xxx/CVE-2020-7657.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7657", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7658.json b/2020/7xxx/CVE-2020-7658.json new file mode 100644 index 00000000000..8d5f1a0490d --- /dev/null +++ b/2020/7xxx/CVE-2020-7658.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7658", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7659.json b/2020/7xxx/CVE-2020-7659.json new file mode 100644 index 00000000000..763b8150c83 --- /dev/null +++ b/2020/7xxx/CVE-2020-7659.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7659", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7660.json b/2020/7xxx/CVE-2020-7660.json new file mode 100644 index 00000000000..a68c17f51d2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7660.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7660", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7661.json b/2020/7xxx/CVE-2020-7661.json new file mode 100644 index 00000000000..f5019eda0af --- /dev/null +++ b/2020/7xxx/CVE-2020-7661.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7661", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7662.json b/2020/7xxx/CVE-2020-7662.json new file mode 100644 index 00000000000..3f2151e9138 --- /dev/null +++ b/2020/7xxx/CVE-2020-7662.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7662", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7663.json b/2020/7xxx/CVE-2020-7663.json new file mode 100644 index 00000000000..bbe447d6f82 --- /dev/null +++ b/2020/7xxx/CVE-2020-7663.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7663", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7664.json b/2020/7xxx/CVE-2020-7664.json new file mode 100644 index 00000000000..a2297822b43 --- /dev/null +++ b/2020/7xxx/CVE-2020-7664.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7664", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7665.json b/2020/7xxx/CVE-2020-7665.json new file mode 100644 index 00000000000..2914e6c13d7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7665.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7665", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7666.json b/2020/7xxx/CVE-2020-7666.json new file mode 100644 index 00000000000..84b30b093a6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7666.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7666", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7667.json b/2020/7xxx/CVE-2020-7667.json new file mode 100644 index 00000000000..5b2d610bfac --- /dev/null +++ b/2020/7xxx/CVE-2020-7667.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7667", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7668.json b/2020/7xxx/CVE-2020-7668.json new file mode 100644 index 00000000000..20b62f252bc --- /dev/null +++ b/2020/7xxx/CVE-2020-7668.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7668", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7669.json b/2020/7xxx/CVE-2020-7669.json new file mode 100644 index 00000000000..2b4fa80c321 --- /dev/null +++ b/2020/7xxx/CVE-2020-7669.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7669", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7670.json b/2020/7xxx/CVE-2020-7670.json new file mode 100644 index 00000000000..c14171ba67a --- /dev/null +++ b/2020/7xxx/CVE-2020-7670.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7670", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7671.json b/2020/7xxx/CVE-2020-7671.json new file mode 100644 index 00000000000..f217b5851ef --- /dev/null +++ b/2020/7xxx/CVE-2020-7671.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7671", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7672.json b/2020/7xxx/CVE-2020-7672.json new file mode 100644 index 00000000000..9b92463e43c --- /dev/null +++ b/2020/7xxx/CVE-2020-7672.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7672", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7673.json b/2020/7xxx/CVE-2020-7673.json new file mode 100644 index 00000000000..ddc6f185b6d --- /dev/null +++ b/2020/7xxx/CVE-2020-7673.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7673", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7674.json b/2020/7xxx/CVE-2020-7674.json new file mode 100644 index 00000000000..65f64f0f836 --- /dev/null +++ b/2020/7xxx/CVE-2020-7674.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7674", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7675.json b/2020/7xxx/CVE-2020-7675.json new file mode 100644 index 00000000000..17dc76bfdba --- /dev/null +++ b/2020/7xxx/CVE-2020-7675.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7675", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7676.json b/2020/7xxx/CVE-2020-7676.json new file mode 100644 index 00000000000..a4aa07f5767 --- /dev/null +++ b/2020/7xxx/CVE-2020-7676.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7676", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7677.json b/2020/7xxx/CVE-2020-7677.json new file mode 100644 index 00000000000..69d16bbef7b --- /dev/null +++ b/2020/7xxx/CVE-2020-7677.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7677", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7678.json b/2020/7xxx/CVE-2020-7678.json new file mode 100644 index 00000000000..0d8ec4ccada --- /dev/null +++ b/2020/7xxx/CVE-2020-7678.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7678", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7679.json b/2020/7xxx/CVE-2020-7679.json new file mode 100644 index 00000000000..46984701ed8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7679.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7679", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7680.json b/2020/7xxx/CVE-2020-7680.json new file mode 100644 index 00000000000..a67fb797b1f --- /dev/null +++ b/2020/7xxx/CVE-2020-7680.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7680", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7681.json b/2020/7xxx/CVE-2020-7681.json new file mode 100644 index 00000000000..fe85bdbdfce --- /dev/null +++ b/2020/7xxx/CVE-2020-7681.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7681", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7682.json b/2020/7xxx/CVE-2020-7682.json new file mode 100644 index 00000000000..aaea00735b9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7682.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7682", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7683.json b/2020/7xxx/CVE-2020-7683.json new file mode 100644 index 00000000000..cc09f065236 --- /dev/null +++ b/2020/7xxx/CVE-2020-7683.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7683", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7684.json b/2020/7xxx/CVE-2020-7684.json new file mode 100644 index 00000000000..62d16fd43f2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7684.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7684", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7685.json b/2020/7xxx/CVE-2020-7685.json new file mode 100644 index 00000000000..3cebf62ee82 --- /dev/null +++ b/2020/7xxx/CVE-2020-7685.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7685", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7686.json b/2020/7xxx/CVE-2020-7686.json new file mode 100644 index 00000000000..ed060756093 --- /dev/null +++ b/2020/7xxx/CVE-2020-7686.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7686", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7687.json b/2020/7xxx/CVE-2020-7687.json new file mode 100644 index 00000000000..935c66cb402 --- /dev/null +++ b/2020/7xxx/CVE-2020-7687.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7687", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7688.json b/2020/7xxx/CVE-2020-7688.json new file mode 100644 index 00000000000..3bf32cfc450 --- /dev/null +++ b/2020/7xxx/CVE-2020-7688.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7688", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7689.json b/2020/7xxx/CVE-2020-7689.json new file mode 100644 index 00000000000..1186195eeee --- /dev/null +++ b/2020/7xxx/CVE-2020-7689.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7689", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7690.json b/2020/7xxx/CVE-2020-7690.json new file mode 100644 index 00000000000..240e5030b30 --- /dev/null +++ b/2020/7xxx/CVE-2020-7690.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7690", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7691.json b/2020/7xxx/CVE-2020-7691.json new file mode 100644 index 00000000000..ab987aeaddf --- /dev/null +++ b/2020/7xxx/CVE-2020-7691.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7691", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7692.json b/2020/7xxx/CVE-2020-7692.json new file mode 100644 index 00000000000..c44036b1ccb --- /dev/null +++ b/2020/7xxx/CVE-2020-7692.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7692", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7693.json b/2020/7xxx/CVE-2020-7693.json new file mode 100644 index 00000000000..1db1ec58a40 --- /dev/null +++ b/2020/7xxx/CVE-2020-7693.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7693", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7694.json b/2020/7xxx/CVE-2020-7694.json new file mode 100644 index 00000000000..9dd67c51bb6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7694.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7694", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7695.json b/2020/7xxx/CVE-2020-7695.json new file mode 100644 index 00000000000..a847e5580db --- /dev/null +++ b/2020/7xxx/CVE-2020-7695.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7695", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7696.json b/2020/7xxx/CVE-2020-7696.json new file mode 100644 index 00000000000..5236bcecfeb --- /dev/null +++ b/2020/7xxx/CVE-2020-7696.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7696", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7697.json b/2020/7xxx/CVE-2020-7697.json new file mode 100644 index 00000000000..5f8406c3a5a --- /dev/null +++ b/2020/7xxx/CVE-2020-7697.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7697", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7698.json b/2020/7xxx/CVE-2020-7698.json new file mode 100644 index 00000000000..8da32032142 --- /dev/null +++ b/2020/7xxx/CVE-2020-7698.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7698", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7699.json b/2020/7xxx/CVE-2020-7699.json new file mode 100644 index 00000000000..7f6ac8a8913 --- /dev/null +++ b/2020/7xxx/CVE-2020-7699.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7699", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7700.json b/2020/7xxx/CVE-2020-7700.json new file mode 100644 index 00000000000..771ba36e47e --- /dev/null +++ b/2020/7xxx/CVE-2020-7700.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7700", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7701.json b/2020/7xxx/CVE-2020-7701.json new file mode 100644 index 00000000000..579fff4c8e3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7701.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7701", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7702.json b/2020/7xxx/CVE-2020-7702.json new file mode 100644 index 00000000000..ac22089dfc9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7702.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7702", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7703.json b/2020/7xxx/CVE-2020-7703.json new file mode 100644 index 00000000000..2b8c2a1d8a1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7703.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7703", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7704.json b/2020/7xxx/CVE-2020-7704.json new file mode 100644 index 00000000000..d7623d6376e --- /dev/null +++ b/2020/7xxx/CVE-2020-7704.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7704", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7705.json b/2020/7xxx/CVE-2020-7705.json new file mode 100644 index 00000000000..55955e7bdc3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7705.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7705", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7706.json b/2020/7xxx/CVE-2020-7706.json new file mode 100644 index 00000000000..01b9ac4b2da --- /dev/null +++ b/2020/7xxx/CVE-2020-7706.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7706", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7707.json b/2020/7xxx/CVE-2020-7707.json new file mode 100644 index 00000000000..17dc3c6e35a --- /dev/null +++ b/2020/7xxx/CVE-2020-7707.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7707", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7708.json b/2020/7xxx/CVE-2020-7708.json new file mode 100644 index 00000000000..47997852ad0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7708.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7708", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7709.json b/2020/7xxx/CVE-2020-7709.json new file mode 100644 index 00000000000..fa2c4f2a11f --- /dev/null +++ b/2020/7xxx/CVE-2020-7709.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7709", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7710.json b/2020/7xxx/CVE-2020-7710.json new file mode 100644 index 00000000000..f0f9072f367 --- /dev/null +++ b/2020/7xxx/CVE-2020-7710.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7710", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7711.json b/2020/7xxx/CVE-2020-7711.json new file mode 100644 index 00000000000..b5f75f43564 --- /dev/null +++ b/2020/7xxx/CVE-2020-7711.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7711", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7712.json b/2020/7xxx/CVE-2020-7712.json new file mode 100644 index 00000000000..e9308102f0b --- /dev/null +++ b/2020/7xxx/CVE-2020-7712.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7712", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7713.json b/2020/7xxx/CVE-2020-7713.json new file mode 100644 index 00000000000..d1b08b09d46 --- /dev/null +++ b/2020/7xxx/CVE-2020-7713.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7713", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7714.json b/2020/7xxx/CVE-2020-7714.json new file mode 100644 index 00000000000..f39c38ffa8c --- /dev/null +++ b/2020/7xxx/CVE-2020-7714.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7714", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7715.json b/2020/7xxx/CVE-2020-7715.json new file mode 100644 index 00000000000..aec459928da --- /dev/null +++ b/2020/7xxx/CVE-2020-7715.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7715", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7716.json b/2020/7xxx/CVE-2020-7716.json new file mode 100644 index 00000000000..e42b11e21cc --- /dev/null +++ b/2020/7xxx/CVE-2020-7716.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7716", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7717.json b/2020/7xxx/CVE-2020-7717.json new file mode 100644 index 00000000000..3d6951233e4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7717.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7717", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7718.json b/2020/7xxx/CVE-2020-7718.json new file mode 100644 index 00000000000..68ba4d05492 --- /dev/null +++ b/2020/7xxx/CVE-2020-7718.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7718", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7719.json b/2020/7xxx/CVE-2020-7719.json new file mode 100644 index 00000000000..5c6e6bde538 --- /dev/null +++ b/2020/7xxx/CVE-2020-7719.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7719", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7720.json b/2020/7xxx/CVE-2020-7720.json new file mode 100644 index 00000000000..d91d680f0b4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7720.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7720", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7721.json b/2020/7xxx/CVE-2020-7721.json new file mode 100644 index 00000000000..d7da1327e8a --- /dev/null +++ b/2020/7xxx/CVE-2020-7721.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7721", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7722.json b/2020/7xxx/CVE-2020-7722.json new file mode 100644 index 00000000000..fd8ec2cee75 --- /dev/null +++ b/2020/7xxx/CVE-2020-7722.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7722", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7723.json b/2020/7xxx/CVE-2020-7723.json new file mode 100644 index 00000000000..5b99dd0fcdf --- /dev/null +++ b/2020/7xxx/CVE-2020-7723.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7723", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7724.json b/2020/7xxx/CVE-2020-7724.json new file mode 100644 index 00000000000..37a6bcfa314 --- /dev/null +++ b/2020/7xxx/CVE-2020-7724.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7724", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7725.json b/2020/7xxx/CVE-2020-7725.json new file mode 100644 index 00000000000..89aa21055d2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7725.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7725", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7726.json b/2020/7xxx/CVE-2020-7726.json new file mode 100644 index 00000000000..fb4086115d8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7726.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7726", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7727.json b/2020/7xxx/CVE-2020-7727.json new file mode 100644 index 00000000000..46c568ee1a8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7727.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7727", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7728.json b/2020/7xxx/CVE-2020-7728.json new file mode 100644 index 00000000000..e818947974d --- /dev/null +++ b/2020/7xxx/CVE-2020-7728.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7728", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7729.json b/2020/7xxx/CVE-2020-7729.json new file mode 100644 index 00000000000..ff544be7fe3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7729.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7729", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7730.json b/2020/7xxx/CVE-2020-7730.json new file mode 100644 index 00000000000..c10efe6b1cc --- /dev/null +++ b/2020/7xxx/CVE-2020-7730.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7730", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7731.json b/2020/7xxx/CVE-2020-7731.json new file mode 100644 index 00000000000..d8ed896f488 --- /dev/null +++ b/2020/7xxx/CVE-2020-7731.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7731", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7732.json b/2020/7xxx/CVE-2020-7732.json new file mode 100644 index 00000000000..dc195c318da --- /dev/null +++ b/2020/7xxx/CVE-2020-7732.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7732", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7733.json b/2020/7xxx/CVE-2020-7733.json new file mode 100644 index 00000000000..f0129fbb680 --- /dev/null +++ b/2020/7xxx/CVE-2020-7733.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7733", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7734.json b/2020/7xxx/CVE-2020-7734.json new file mode 100644 index 00000000000..6ced024ae57 --- /dev/null +++ b/2020/7xxx/CVE-2020-7734.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7734", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7735.json b/2020/7xxx/CVE-2020-7735.json new file mode 100644 index 00000000000..39b436e2163 --- /dev/null +++ b/2020/7xxx/CVE-2020-7735.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7735", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7736.json b/2020/7xxx/CVE-2020-7736.json new file mode 100644 index 00000000000..977c8326623 --- /dev/null +++ b/2020/7xxx/CVE-2020-7736.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7736", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7737.json b/2020/7xxx/CVE-2020-7737.json new file mode 100644 index 00000000000..7fc6a2eb957 --- /dev/null +++ b/2020/7xxx/CVE-2020-7737.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7737", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7738.json b/2020/7xxx/CVE-2020-7738.json new file mode 100644 index 00000000000..dbc1a584455 --- /dev/null +++ b/2020/7xxx/CVE-2020-7738.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7738", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 9170b8c76d1550a1ec396f9888c1aa283e2ab4fb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 23:01:49 +0000 Subject: [PATCH 199/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7739.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7740.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7741.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7742.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7743.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7744.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7745.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7746.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7747.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7748.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7749.json | 18 ++++++++++++++++++ 11 files changed, 198 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7739.json create mode 100644 2020/7xxx/CVE-2020-7740.json create mode 100644 2020/7xxx/CVE-2020-7741.json create mode 100644 2020/7xxx/CVE-2020-7742.json create mode 100644 2020/7xxx/CVE-2020-7743.json create mode 100644 2020/7xxx/CVE-2020-7744.json create mode 100644 2020/7xxx/CVE-2020-7745.json create mode 100644 2020/7xxx/CVE-2020-7746.json create mode 100644 2020/7xxx/CVE-2020-7747.json create mode 100644 2020/7xxx/CVE-2020-7748.json create mode 100644 2020/7xxx/CVE-2020-7749.json diff --git a/2020/7xxx/CVE-2020-7739.json b/2020/7xxx/CVE-2020-7739.json new file mode 100644 index 00000000000..9e07e4d9c83 --- /dev/null +++ b/2020/7xxx/CVE-2020-7739.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7739", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7740.json b/2020/7xxx/CVE-2020-7740.json new file mode 100644 index 00000000000..41762edf2ea --- /dev/null +++ b/2020/7xxx/CVE-2020-7740.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7740", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7741.json b/2020/7xxx/CVE-2020-7741.json new file mode 100644 index 00000000000..0ad2ffe6950 --- /dev/null +++ b/2020/7xxx/CVE-2020-7741.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7741", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7742.json b/2020/7xxx/CVE-2020-7742.json new file mode 100644 index 00000000000..7efcd18ade5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7742.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7742", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7743.json b/2020/7xxx/CVE-2020-7743.json new file mode 100644 index 00000000000..9310fe56daf --- /dev/null +++ b/2020/7xxx/CVE-2020-7743.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7743", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7744.json b/2020/7xxx/CVE-2020-7744.json new file mode 100644 index 00000000000..43eb2cbaf8a --- /dev/null +++ b/2020/7xxx/CVE-2020-7744.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7744", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7745.json b/2020/7xxx/CVE-2020-7745.json new file mode 100644 index 00000000000..5a9b313818d --- /dev/null +++ b/2020/7xxx/CVE-2020-7745.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7745", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7746.json b/2020/7xxx/CVE-2020-7746.json new file mode 100644 index 00000000000..3e184d4d153 --- /dev/null +++ b/2020/7xxx/CVE-2020-7746.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7746", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7747.json b/2020/7xxx/CVE-2020-7747.json new file mode 100644 index 00000000000..90ca93a8ed1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7747.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7747", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7748.json b/2020/7xxx/CVE-2020-7748.json new file mode 100644 index 00000000000..206f749c8e9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7748.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7748", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7749.json b/2020/7xxx/CVE-2020-7749.json new file mode 100644 index 00000000000..0a7144a909e --- /dev/null +++ b/2020/7xxx/CVE-2020-7749.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7749", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From ca669a20048cae4140b124e70eb769eab24b2721 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 00:01:09 +0000 Subject: [PATCH 200/387] "-Synchronized-Data." --- 2018/16xxx/CVE-2018-16140.json | 5 +++++ 2019/14xxx/CVE-2019-14275.json | 5 +++++ 2019/19xxx/CVE-2019-19555.json | 5 +++++ 2019/6xxx/CVE-2019-6856.json | 5 +++++ 2019/6xxx/CVE-2019-6857.json | 5 +++++ 5 files changed, 25 insertions(+) diff --git a/2018/16xxx/CVE-2018-16140.json b/2018/16xxx/CVE-2018-16140.json index ee655067588..056398e1253 100644 --- a/2018/16xxx/CVE-2018-16140.json +++ b/2018/16xxx/CVE-2018-16140.json @@ -61,6 +61,11 @@ "name": "USN-3760-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3760-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200121 [SECURITY] [DLA 2073-1] transfig security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html" } ] } diff --git a/2019/14xxx/CVE-2019-14275.json b/2019/14xxx/CVE-2019-14275.json index 3fb81fdf181..63f4452a7cb 100644 --- a/2019/14xxx/CVE-2019-14275.json +++ b/2019/14xxx/CVE-2019-14275.json @@ -56,6 +56,11 @@ "url": "https://sourceforge.net/p/mcj/tickets/52/", "refsource": "MISC", "name": "https://sourceforge.net/p/mcj/tickets/52/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200121 [SECURITY] [DLA 2073-1] transfig security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html" } ] } diff --git a/2019/19xxx/CVE-2019-19555.json b/2019/19xxx/CVE-2019-19555.json index 7909160dabf..f2c16cb708f 100644 --- a/2019/19xxx/CVE-2019-19555.json +++ b/2019/19xxx/CVE-2019-19555.json @@ -56,6 +56,11 @@ "url": "https://sourceforge.net/p/mcj/tickets/55/", "refsource": "MISC", "name": "https://sourceforge.net/p/mcj/tickets/55/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200121 [SECURITY] [DLA 2073-1] transfig security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html" } ] } diff --git a/2019/6xxx/CVE-2019-6856.json b/2019/6xxx/CVE-2019-6856.json index 3d58c56169e..627ddb2e266 100644 --- a/2019/6xxx/CVE-2019-6856.json +++ b/2019/6xxx/CVE-2019-6856.json @@ -57,6 +57,11 @@ "refsource": "CONFIRM", "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01", "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01" } ] }, diff --git a/2019/6xxx/CVE-2019-6857.json b/2019/6xxx/CVE-2019-6857.json index f6242f63cdb..e9c97f82ab8 100644 --- a/2019/6xxx/CVE-2019-6857.json +++ b/2019/6xxx/CVE-2019-6857.json @@ -57,6 +57,11 @@ "refsource": "CONFIRM", "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01", "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01" } ] }, From 597f247034f3ca77a5f461d46a0c14fb5223ed62 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 01:01:07 +0000 Subject: [PATCH 201/387] "-Synchronized-Data." --- 2018/17xxx/CVE-2018-17981.json | 48 ++++++++++++++++++++++++++++++++-- 2020/5xxx/CVE-2020-5395.json | 5 ++++ 2020/5xxx/CVE-2020-5496.json | 5 ++++ 2020/7xxx/CVE-2020-7040.json | 5 ++++ 4 files changed, 61 insertions(+), 2 deletions(-) diff --git a/2018/17xxx/CVE-2018-17981.json b/2018/17xxx/CVE-2018-17981.json index 8f3d169dd9e..89773565487 100644 --- a/2018/17xxx/CVE-2018-17981.json +++ b/2018/17xxx/CVE-2018-17981.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17981", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lifesize Express ls ex2_4.7.10 2000 (14) devices allow XSS via the interface/interface.php brand parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/lifesize-devices-allow-xss-via.html", + "url": "https://sku11army.blogspot.com/2020/01/lifesize-devices-allow-xss-via.html" } ] } diff --git a/2020/5xxx/CVE-2020-5395.json b/2020/5xxx/CVE-2020-5395.json index 3013e3d730c..b2d7af2149f 100644 --- a/2020/5xxx/CVE-2020-5395.json +++ b/2020/5xxx/CVE-2020-5395.json @@ -56,6 +56,11 @@ "url": "https://github.com/fontforge/fontforge/issues/4084", "refsource": "MISC", "name": "https://github.com/fontforge/fontforge/issues/4084" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0089", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00041.html" } ] } diff --git a/2020/5xxx/CVE-2020-5496.json b/2020/5xxx/CVE-2020-5496.json index cda6d8729f7..799e6c15a45 100644 --- a/2020/5xxx/CVE-2020-5496.json +++ b/2020/5xxx/CVE-2020-5496.json @@ -56,6 +56,11 @@ "url": "https://github.com/fontforge/fontforge/issues/4085", "refsource": "MISC", "name": "https://github.com/fontforge/fontforge/issues/4085" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0089", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00041.html" } ] } diff --git a/2020/7xxx/CVE-2020-7040.json b/2020/7xxx/CVE-2020-7040.json index d1740948416..2d488684fe7 100644 --- a/2020/7xxx/CVE-2020-7040.json +++ b/2020/7xxx/CVE-2020-7040.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock", "url": "https://seclists.org/oss-sec/2020/q1/20" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200121 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock", + "url": "http://www.openwall.com/lists/oss-security/2020/01/21/2" } ] } From 361345e755d19d53cec86e8b30a7fdafb72f7f83 Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Tue, 21 Jan 2020 18:37:26 -0700 Subject: [PATCH 202/387] add CVE-2019-16791 for GHSA-h92m-42h4-82f6 --- 2019/16xxx/CVE-2019-16791.json | 88 ++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 2019/16xxx/CVE-2019-16791.json diff --git a/2019/16xxx/CVE-2019-16791.json b/2019/16xxx/CVE-2019-16791.json new file mode 100644 index 00000000000..b924bbce4a8 --- /dev/null +++ b/2019/16xxx/CVE-2019-16791.json @@ -0,0 +1,88 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", + "ID": "CVE-2019-16791", + "STATE": "PUBLIC", + "TITLE": "downgrade of effective Strict Transport Security (STS) policy in postfix-mta-sts-resolver" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "postfix-mta-sts-resolver", + "version": { + "version_data": [ + { + "version_value": "< 0.5.1" + } + ] + } + } + ] + }, + "vendor_name": "Snawoot" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Snawoot/postfix-mta-sts-resolver/security/advisories/GHSA-h92m-42h4-82f6", + "refsource": "CONFIRM", + "url": "https://github.com/Snawoot/postfix-mta-sts-resolver/security/advisories/GHSA-h92m-42h4-82f6" + }, + { + "name": "https://gist.github.com/Snawoot/b9da85d6b26dea5460673b29df1adc6b", + "refsource": "MISC", + "url": "https://gist.github.com/Snawoot/b9da85d6b26dea5460673b29df1adc6b" + } + ] + }, + "source": { + "advisory": "GHSA-h92m-42h4-82f6", + "discovery": "UNKNOWN" + } +} From aebb0130a043e0cf2d9185f681c203736a3c0c7f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 02:01:16 +0000 Subject: [PATCH 203/387] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17626.json | 5 +++++ 2020/2xxx/CVE-2020-2583.json | 5 +++++ 2020/2xxx/CVE-2020-2590.json | 5 +++++ 2020/2xxx/CVE-2020-2593.json | 5 +++++ 2020/2xxx/CVE-2020-2601.json | 5 +++++ 2020/2xxx/CVE-2020-2604.json | 5 +++++ 2020/2xxx/CVE-2020-2654.json | 5 +++++ 2020/2xxx/CVE-2020-2659.json | 5 +++++ 2020/7xxx/CVE-2020-7796.json | 18 ++++++++++++++++++ 9 files changed, 58 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7796.json diff --git a/2019/17xxx/CVE-2019-17626.json b/2019/17xxx/CVE-2019-17626.json index 8fdc0d532e3..8bbf24fbf92 100644 --- a/2019/17xxx/CVE-2019-17626.json +++ b/2019/17xxx/CVE-2019-17626.json @@ -66,6 +66,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0197", "url": "https://access.redhat.com/errata/RHSA-2020:0197" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0195", + "url": "https://access.redhat.com/errata/RHSA-2020:0195" } ] } diff --git a/2020/2xxx/CVE-2020-2583.json b/2020/2xxx/CVE-2020-2583.json index b470d474f92..c5bfc104933 100644 --- a/2020/2xxx/CVE-2020-2583.json +++ b/2020/2xxx/CVE-2020-2583.json @@ -86,6 +86,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0157", "url": "https://access.redhat.com/errata/RHSA-2020:0157" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0196", + "url": "https://access.redhat.com/errata/RHSA-2020:0196" } ] } diff --git a/2020/2xxx/CVE-2020-2590.json b/2020/2xxx/CVE-2020-2590.json index 2bc6d5c1ad1..7b8c378bc46 100644 --- a/2020/2xxx/CVE-2020-2590.json +++ b/2020/2xxx/CVE-2020-2590.json @@ -86,6 +86,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0157", "url": "https://access.redhat.com/errata/RHSA-2020:0157" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0196", + "url": "https://access.redhat.com/errata/RHSA-2020:0196" } ] } diff --git a/2020/2xxx/CVE-2020-2593.json b/2020/2xxx/CVE-2020-2593.json index d3a5a84a904..354ba7ae79d 100644 --- a/2020/2xxx/CVE-2020-2593.json +++ b/2020/2xxx/CVE-2020-2593.json @@ -86,6 +86,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0157", "url": "https://access.redhat.com/errata/RHSA-2020:0157" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0196", + "url": "https://access.redhat.com/errata/RHSA-2020:0196" } ] } diff --git a/2020/2xxx/CVE-2020-2601.json b/2020/2xxx/CVE-2020-2601.json index 9a7ee49eedb..7304dd7b3c6 100644 --- a/2020/2xxx/CVE-2020-2601.json +++ b/2020/2xxx/CVE-2020-2601.json @@ -86,6 +86,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0157", "url": "https://access.redhat.com/errata/RHSA-2020:0157" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0196", + "url": "https://access.redhat.com/errata/RHSA-2020:0196" } ] } diff --git a/2020/2xxx/CVE-2020-2604.json b/2020/2xxx/CVE-2020-2604.json index 99d36bc9fe7..cfb25946c61 100644 --- a/2020/2xxx/CVE-2020-2604.json +++ b/2020/2xxx/CVE-2020-2604.json @@ -71,6 +71,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0122", "url": "https://access.redhat.com/errata/RHSA-2020:0122" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0196", + "url": "https://access.redhat.com/errata/RHSA-2020:0196" } ] } diff --git a/2020/2xxx/CVE-2020-2654.json b/2020/2xxx/CVE-2020-2654.json index b5527885c7f..dbb564c68b2 100644 --- a/2020/2xxx/CVE-2020-2654.json +++ b/2020/2xxx/CVE-2020-2654.json @@ -82,6 +82,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0157", "url": "https://access.redhat.com/errata/RHSA-2020:0157" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0196", + "url": "https://access.redhat.com/errata/RHSA-2020:0196" } ] } diff --git a/2020/2xxx/CVE-2020-2659.json b/2020/2xxx/CVE-2020-2659.json index 391d37e1559..a7d6bf788f8 100644 --- a/2020/2xxx/CVE-2020-2659.json +++ b/2020/2xxx/CVE-2020-2659.json @@ -66,6 +66,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0157", "url": "https://access.redhat.com/errata/RHSA-2020:0157" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0196", + "url": "https://access.redhat.com/errata/RHSA-2020:0196" } ] } diff --git a/2020/7xxx/CVE-2020-7796.json b/2020/7xxx/CVE-2020-7796.json new file mode 100644 index 00000000000..5fc935d25c5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7796.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7796", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From c03dfc3388f1d1b009e560e09b2273e1d7498723 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 04:01:08 +0000 Subject: [PATCH 204/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7797.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7798.json | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7797.json create mode 100644 2020/7xxx/CVE-2020-7798.json diff --git a/2020/7xxx/CVE-2020-7797.json b/2020/7xxx/CVE-2020-7797.json new file mode 100644 index 00000000000..fb79061c071 --- /dev/null +++ b/2020/7xxx/CVE-2020-7797.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7797", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7798.json b/2020/7xxx/CVE-2020-7798.json new file mode 100644 index 00000000000..450cdbe1c28 --- /dev/null +++ b/2020/7xxx/CVE-2020-7798.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7798", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 469ceb7adcad68f718c7bafb09bbe91f9e108924 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 05:01:13 +0000 Subject: [PATCH 205/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7799.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7800.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7801.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7802.json | 18 ++++++++++++++++++ 4 files changed, 72 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7799.json create mode 100644 2020/7xxx/CVE-2020-7800.json create mode 100644 2020/7xxx/CVE-2020-7801.json create mode 100644 2020/7xxx/CVE-2020-7802.json diff --git a/2020/7xxx/CVE-2020-7799.json b/2020/7xxx/CVE-2020-7799.json new file mode 100644 index 00000000000..a559ad665f6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7799.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7799", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7800.json b/2020/7xxx/CVE-2020-7800.json new file mode 100644 index 00000000000..00ce42da9f0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7800.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7800", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7801.json b/2020/7xxx/CVE-2020-7801.json new file mode 100644 index 00000000000..3a91a64d963 --- /dev/null +++ b/2020/7xxx/CVE-2020-7801.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7801", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7802.json b/2020/7xxx/CVE-2020-7802.json new file mode 100644 index 00000000000..57ad3a87a07 --- /dev/null +++ b/2020/7xxx/CVE-2020-7802.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7802", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 21f6ccf9bc822b912dad70a6b43c486eef21228f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 06:01:08 +0000 Subject: [PATCH 206/387] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12490.json | 61 ++++++++++++++++++++++++++++++---- 2019/18xxx/CVE-2019-18844.json | 2 +- 2019/20xxx/CVE-2019-20389.json | 18 ++++++++++ 2019/20xxx/CVE-2019-20390.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6836.json | 5 +++ 5 files changed, 97 insertions(+), 7 deletions(-) create mode 100644 2019/20xxx/CVE-2019-20389.json create mode 100644 2019/20xxx/CVE-2019-20390.json diff --git a/2019/12xxx/CVE-2019-12490.json b/2019/12xxx/CVE-2019-12490.json index a727cc004a6..45ae88d4580 100644 --- a/2019/12xxx/CVE-2019-12490.json +++ b/2019/12xxx/CVE-2019-12490.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12490", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12490", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. Reverse tabnabbing can occur because of use of _blank for external links." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.simplemachines.org/community/index.php?topic=570986.0", + "url": "https://www.simplemachines.org/community/index.php?topic=570986.0" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=gCVeFoxZ1DI", + "url": "https://www.youtube.com/watch?v=gCVeFoxZ1DI" } ] } diff --git a/2019/18xxx/CVE-2019-18844.json b/2019/18xxx/CVE-2019-18844.json index b7b8a282f6d..75fea93083e 100644 --- a/2019/18xxx/CVE-2019-18844.json +++ b/2019/18xxx/CVE-2019-18844.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core." + "value": "The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1." } ] }, diff --git a/2019/20xxx/CVE-2019-20389.json b/2019/20xxx/CVE-2019-20389.json new file mode 100644 index 00000000000..7d766b175a0 --- /dev/null +++ b/2019/20xxx/CVE-2019-20389.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20389", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20390.json b/2019/20xxx/CVE-2019-20390.json new file mode 100644 index 00000000000..10c4c7961a4 --- /dev/null +++ b/2019/20xxx/CVE-2019-20390.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20390", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6836.json b/2020/6xxx/CVE-2020-6836.json index 2a57cf37757..aa243be3978 100644 --- a/2020/6xxx/CVE-2020-6836.json +++ b/2020/6xxx/CVE-2020-6836.json @@ -61,6 +61,11 @@ "url": "https://github.com/handsontable/formula-parser/commit/396b089738d4bf30eb570a4fe6a188affa95cd5e", "refsource": "MISC", "name": "https://github.com/handsontable/formula-parser/commit/396b089738d4bf30eb570a4fe6a188affa95cd5e" + }, + { + "refsource": "MISC", + "name": "https://blog.truesec.com/2020/01/17/reverse-shell-through-a-node-js-math-parser/", + "url": "https://blog.truesec.com/2020/01/17/reverse-shell-through-a-node-js-math-parser/" } ] } From 6e299457c71e734fca023b40dcd39231324e32bf Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 07:01:12 +0000 Subject: [PATCH 207/387] "-Synchronized-Data." --- 2017/5xxx/CVE-2017-5645.json | 20 ++++++++++++++++++++ 2018/10xxx/CVE-2018-10899.json | 10 ++++++++++ 2019/17xxx/CVE-2019-17571.json | 20 ++++++++++++++++++++ 3 files changed, 50 insertions(+) diff --git a/2017/5xxx/CVE-2017-5645.json b/2017/5xxx/CVE-2017-5645.json index 78fc86f1eb1..b9fb2a01c1c 100644 --- a/2017/5xxx/CVE-2017-5645.json +++ b/2017/5xxx/CVE-2017-5645.json @@ -321,6 +321,26 @@ "refsource": "MLIST", "name": "[tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", "url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", + "url": "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Updated] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", + "url": "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211@%3Cissues.activemq.apache.org%3E" } ] } diff --git a/2018/10xxx/CVE-2018-10899.json b/2018/10xxx/CVE-2018-10899.json index 6449c3346c7..782016d9f6d 100644 --- a/2018/10xxx/CVE-2018-10899.json +++ b/2018/10xxx/CVE-2018-10899.json @@ -73,6 +73,16 @@ "refsource": "MLIST", "name": "[activemq-issues] 20200120 [jira] [Work logged] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899", "url": "https://lists.apache.org/thread.html/rc169dac018d07e8ddf2a3bb2fd1efc6cbda4f83f1bbf7a8c798e7f4f@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Updated] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899", + "url": "https://lists.apache.org/thread.html/rf33ffbba619a4281ce592a6ed259c07a557aefb4975619d83c4122ea@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899", + "url": "https://lists.apache.org/thread.html/rdb0a59d7851e721b75beea13d6488e345a3e2735838e89d9269d7d32@%3Cissues.activemq.apache.org%3E" } ] }, diff --git a/2019/17xxx/CVE-2019-17571.json b/2019/17xxx/CVE-2019-17571.json index 7c18ce7f8ae..1a3104e6a31 100644 --- a/2019/17xxx/CVE-2019-17571.json +++ b/2019/17xxx/CVE-2019-17571.json @@ -228,6 +228,26 @@ "refsource": "MLIST", "name": "[zookeeper-issues] 20200118 [jira] [Resolved] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer", "url": "https://lists.apache.org/thread.html/rd6254837403e8cbfc7018baa9be29705f3f06bd007c83708f9a97679@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", + "url": "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Updated] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", + "url": "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211@%3Cissues.activemq.apache.org%3E" } ] }, From fbfe934a3cc77eb8d717e4c870a1a3339d9a3261 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 09:01:08 +0000 Subject: [PATCH 208/387] "-Synchronized-Data." --- 2019/14xxx/CVE-2019-14973.json | 5 +++++ 2019/17xxx/CVE-2019-17546.json | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/2019/14xxx/CVE-2019-14973.json b/2019/14xxx/CVE-2019-14973.json index 6ca3bf6e09d..9bc33f8fb35 100644 --- a/2019/14xxx/CVE-2019-14973.json +++ b/2019/14xxx/CVE-2019-14973.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-e45019c690", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63BVT6N5KQPHWOWM4B3I7Z3ODBXUVNPS/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200121 [SECURITY] [DSA 4608-1] tiff security update", + "url": "https://seclists.org/bugtraq/2020/Jan/32" } ] } diff --git a/2019/17xxx/CVE-2019-17546.json b/2019/17xxx/CVE-2019-17546.json index f1e5eb85a3e..12aea368d5d 100644 --- a/2019/17xxx/CVE-2019-17546.json +++ b/2019/17xxx/CVE-2019-17546.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update", "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20200121 [SECURITY] [DSA 4608-1] tiff security update", + "url": "https://seclists.org/bugtraq/2020/Jan/32" } ] } From c040b32f117459984db7e5dab8ec7530e122ec8d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 11:01:07 +0000 Subject: [PATCH 209/387] "-Synchronized-Data." --- 2019/13xxx/CVE-2019-13117.json | 5 +++++ 2019/13xxx/CVE-2019-13118.json | 5 +++++ 2019/14xxx/CVE-2019-14902.json | 5 +++++ 2019/14xxx/CVE-2019-14907.json | 5 +++++ 2019/16xxx/CVE-2019-16168.json | 5 +++++ 2019/19xxx/CVE-2019-19344.json | 5 +++++ 2019/1xxx/CVE-2019-1547.json | 5 +++++ 2020/2xxx/CVE-2020-2572.json | 5 +++++ 2020/2xxx/CVE-2020-2573.json | 5 +++++ 2020/2xxx/CVE-2020-2574.json | 5 +++++ 2020/2xxx/CVE-2020-2577.json | 5 +++++ 2020/2xxx/CVE-2020-2579.json | 5 +++++ 2020/2xxx/CVE-2020-2580.json | 5 +++++ 2020/2xxx/CVE-2020-2583.json | 5 +++++ 2020/2xxx/CVE-2020-2584.json | 5 +++++ 2020/2xxx/CVE-2020-2585.json | 7 ++++++- 2020/2xxx/CVE-2020-2588.json | 5 +++++ 2020/2xxx/CVE-2020-2589.json | 5 +++++ 2020/2xxx/CVE-2020-2590.json | 5 +++++ 2020/2xxx/CVE-2020-2593.json | 5 +++++ 2020/2xxx/CVE-2020-2601.json | 5 +++++ 2020/2xxx/CVE-2020-2604.json | 5 +++++ 2020/2xxx/CVE-2020-2627.json | 5 +++++ 2020/2xxx/CVE-2020-2654.json | 5 +++++ 2020/2xxx/CVE-2020-2655.json | 5 +++++ 2020/2xxx/CVE-2020-2659.json | 5 +++++ 2020/2xxx/CVE-2020-2660.json | 5 +++++ 2020/2xxx/CVE-2020-2679.json | 5 +++++ 2020/2xxx/CVE-2020-2686.json | 5 +++++ 2020/2xxx/CVE-2020-2694.json | 5 +++++ 2020/6xxx/CVE-2020-6859.json | 5 +++++ 31 files changed, 156 insertions(+), 1 deletion(-) diff --git a/2019/13xxx/CVE-2019-13117.json b/2019/13xxx/CVE-2019-13117.json index a384ae250ef..b7b568bb968 100644 --- a/2019/13xxx/CVE-2019-13117.json +++ b/2019/13xxx/CVE-2019-13117.json @@ -96,6 +96,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" } ] } diff --git a/2019/13xxx/CVE-2019-13118.json b/2019/13xxx/CVE-2019-13118.json index dc0e75a7493..39e9178b0e6 100644 --- a/2019/13xxx/CVE-2019-13118.json +++ b/2019/13xxx/CVE-2019-13118.json @@ -236,6 +236,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" } ] } diff --git a/2019/14xxx/CVE-2019-14902.json b/2019/14xxx/CVE-2019-14902.json index a05ebbe9eb1..f3ca253f03c 100644 --- a/2019/14xxx/CVE-2019-14902.json +++ b/2019/14xxx/CVE-2019-14902.json @@ -59,6 +59,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902", "refsource": "CONFIRM" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0001/" } ] }, diff --git a/2019/14xxx/CVE-2019-14907.json b/2019/14xxx/CVE-2019-14907.json index 8aa3d1a7886..5ef75ecc042 100644 --- a/2019/14xxx/CVE-2019-14907.json +++ b/2019/14xxx/CVE-2019-14907.json @@ -59,6 +59,11 @@ "url": "https://www.samba.org/samba/security/CVE-2019-14907.html", "refsource": "MISC", "name": "https://www.samba.org/samba/security/CVE-2019-14907.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0001/" } ] }, diff --git a/2019/16xxx/CVE-2019-16168.json b/2019/16xxx/CVE-2019-16168.json index 006b4f02c16..7cdef268456 100644 --- a/2019/16xxx/CVE-2019-16168.json +++ b/2019/16xxx/CVE-2019-16168.json @@ -96,6 +96,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" } ] } diff --git a/2019/19xxx/CVE-2019-19344.json b/2019/19xxx/CVE-2019-19344.json index 143dcd5d47f..d57be201eb7 100644 --- a/2019/19xxx/CVE-2019-19344.json +++ b/2019/19xxx/CVE-2019-19344.json @@ -59,6 +59,11 @@ "url": "https://www.samba.org/samba/security/CVE-2019-19344.html", "refsource": "MISC", "name": "https://www.samba.org/samba/security/CVE-2019-19344.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0001/" } ] }, diff --git a/2019/1xxx/CVE-2019-1547.json b/2019/1xxx/CVE-2019-1547.json index de336fddf1c..2ee34f8e513 100644 --- a/2019/1xxx/CVE-2019-1547.json +++ b/2019/1xxx/CVE-2019-1547.json @@ -197,6 +197,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2572.json b/2020/2xxx/CVE-2020-2572.json index d4ee5749ddf..661e507b38b 100644 --- a/2020/2xxx/CVE-2020-2572.json +++ b/2020/2xxx/CVE-2020-2572.json @@ -61,6 +61,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2573.json b/2020/2xxx/CVE-2020-2573.json index 772e62cb391..6aff777100c 100644 --- a/2020/2xxx/CVE-2020-2573.json +++ b/2020/2xxx/CVE-2020-2573.json @@ -61,6 +61,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2574.json b/2020/2xxx/CVE-2020-2574.json index 1ffef79e5a9..b8772d3c77d 100644 --- a/2020/2xxx/CVE-2020-2574.json +++ b/2020/2xxx/CVE-2020-2574.json @@ -65,6 +65,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2577.json b/2020/2xxx/CVE-2020-2577.json index e590d4f7a8d..7f64a12ad0d 100644 --- a/2020/2xxx/CVE-2020-2577.json +++ b/2020/2xxx/CVE-2020-2577.json @@ -61,6 +61,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2579.json b/2020/2xxx/CVE-2020-2579.json index f2f4d4cc260..dff64c3762c 100644 --- a/2020/2xxx/CVE-2020-2579.json +++ b/2020/2xxx/CVE-2020-2579.json @@ -65,6 +65,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2580.json b/2020/2xxx/CVE-2020-2580.json index 4e947188ab0..54d7f86d490 100644 --- a/2020/2xxx/CVE-2020-2580.json +++ b/2020/2xxx/CVE-2020-2580.json @@ -57,6 +57,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2583.json b/2020/2xxx/CVE-2020-2583.json index c5bfc104933..63b6e1db978 100644 --- a/2020/2xxx/CVE-2020-2583.json +++ b/2020/2xxx/CVE-2020-2583.json @@ -91,6 +91,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0196", "url": "https://access.redhat.com/errata/RHSA-2020:0196" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" } ] } diff --git a/2020/2xxx/CVE-2020-2584.json b/2020/2xxx/CVE-2020-2584.json index 367967e871c..7e7c027d0d1 100644 --- a/2020/2xxx/CVE-2020-2584.json +++ b/2020/2xxx/CVE-2020-2584.json @@ -61,6 +61,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2585.json b/2020/2xxx/CVE-2020-2585.json index a1dd610c81d..86a71ecb10b 100644 --- a/2020/2xxx/CVE-2020-2585.json +++ b/2020/2xxx/CVE-2020-2585.json @@ -57,7 +57,12 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" } ] } -} +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2588.json b/2020/2xxx/CVE-2020-2588.json index c658909b5b1..8ceff3f65f2 100644 --- a/2020/2xxx/CVE-2020-2588.json +++ b/2020/2xxx/CVE-2020-2588.json @@ -57,6 +57,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2589.json b/2020/2xxx/CVE-2020-2589.json index c2f29e11104..f23eab13de3 100644 --- a/2020/2xxx/CVE-2020-2589.json +++ b/2020/2xxx/CVE-2020-2589.json @@ -61,6 +61,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2590.json b/2020/2xxx/CVE-2020-2590.json index 7b8c378bc46..d29861b3a45 100644 --- a/2020/2xxx/CVE-2020-2590.json +++ b/2020/2xxx/CVE-2020-2590.json @@ -91,6 +91,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0196", "url": "https://access.redhat.com/errata/RHSA-2020:0196" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" } ] } diff --git a/2020/2xxx/CVE-2020-2593.json b/2020/2xxx/CVE-2020-2593.json index 354ba7ae79d..3950f4c142e 100644 --- a/2020/2xxx/CVE-2020-2593.json +++ b/2020/2xxx/CVE-2020-2593.json @@ -91,6 +91,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0196", "url": "https://access.redhat.com/errata/RHSA-2020:0196" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" } ] } diff --git a/2020/2xxx/CVE-2020-2601.json b/2020/2xxx/CVE-2020-2601.json index 7304dd7b3c6..02cea4304b1 100644 --- a/2020/2xxx/CVE-2020-2601.json +++ b/2020/2xxx/CVE-2020-2601.json @@ -91,6 +91,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0196", "url": "https://access.redhat.com/errata/RHSA-2020:0196" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" } ] } diff --git a/2020/2xxx/CVE-2020-2604.json b/2020/2xxx/CVE-2020-2604.json index cfb25946c61..652e6c88c03 100644 --- a/2020/2xxx/CVE-2020-2604.json +++ b/2020/2xxx/CVE-2020-2604.json @@ -76,6 +76,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0196", "url": "https://access.redhat.com/errata/RHSA-2020:0196" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" } ] } diff --git a/2020/2xxx/CVE-2020-2627.json b/2020/2xxx/CVE-2020-2627.json index 94a913e1492..fc5e7cb58be 100644 --- a/2020/2xxx/CVE-2020-2627.json +++ b/2020/2xxx/CVE-2020-2627.json @@ -57,6 +57,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2654.json b/2020/2xxx/CVE-2020-2654.json index dbb564c68b2..7b8a0c19c58 100644 --- a/2020/2xxx/CVE-2020-2654.json +++ b/2020/2xxx/CVE-2020-2654.json @@ -87,6 +87,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0196", "url": "https://access.redhat.com/errata/RHSA-2020:0196" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" } ] } diff --git a/2020/2xxx/CVE-2020-2655.json b/2020/2xxx/CVE-2020-2655.json index 06078099b78..1159d50f2ab 100644 --- a/2020/2xxx/CVE-2020-2655.json +++ b/2020/2xxx/CVE-2020-2655.json @@ -77,6 +77,11 @@ "refsource": "BUGTRAQ", "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", "url": "https://seclists.org/bugtraq/2020/Jan/24" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" } ] } diff --git a/2020/2xxx/CVE-2020-2659.json b/2020/2xxx/CVE-2020-2659.json index a7d6bf788f8..18e6915a268 100644 --- a/2020/2xxx/CVE-2020-2659.json +++ b/2020/2xxx/CVE-2020-2659.json @@ -71,6 +71,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0196", "url": "https://access.redhat.com/errata/RHSA-2020:0196" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" } ] } diff --git a/2020/2xxx/CVE-2020-2660.json b/2020/2xxx/CVE-2020-2660.json index 5378660c003..79636260ecb 100644 --- a/2020/2xxx/CVE-2020-2660.json +++ b/2020/2xxx/CVE-2020-2660.json @@ -61,6 +61,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2679.json b/2020/2xxx/CVE-2020-2679.json index d7e2b87fca8..cf4a49927d0 100644 --- a/2020/2xxx/CVE-2020-2679.json +++ b/2020/2xxx/CVE-2020-2679.json @@ -57,6 +57,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2686.json b/2020/2xxx/CVE-2020-2686.json index f92e644d171..2003602606e 100644 --- a/2020/2xxx/CVE-2020-2686.json +++ b/2020/2xxx/CVE-2020-2686.json @@ -57,6 +57,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2694.json b/2020/2xxx/CVE-2020-2694.json index 7b8ca756d8a..23f753eae7b 100644 --- a/2020/2xxx/CVE-2020-2694.json +++ b/2020/2xxx/CVE-2020-2694.json @@ -57,6 +57,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/6xxx/CVE-2020-6859.json b/2020/6xxx/CVE-2020-6859.json index 9c413d23595..36f5df15252 100644 --- a/2020/6xxx/CVE-2020-6859.json +++ b/2020/6xxx/CVE-2020-6859.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://github.com/ultimatemember/ultimatemember/commit/249682559012734a4f7d71f52609b2f301ea55b1", "url": "https://github.com/ultimatemember/ultimatemember/commit/249682559012734a4f7d71f52609b2f301ea55b1" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10041", + "url": "https://wpvulndb.com/vulnerabilities/10041" } ] } From 18fb0e6128529f8adbe2d658bab84b3bb00cd001 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 12:01:08 +0000 Subject: [PATCH 210/387] "-Synchronized-Data." --- 2019/14xxx/CVE-2019-14973.json | 5 +++++ 2019/17xxx/CVE-2019-17546.json | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/2019/14xxx/CVE-2019-14973.json b/2019/14xxx/CVE-2019-14973.json index 9bc33f8fb35..1d095df7c9a 100644 --- a/2019/14xxx/CVE-2019-14973.json +++ b/2019/14xxx/CVE-2019-14973.json @@ -86,6 +86,11 @@ "refsource": "BUGTRAQ", "name": "20200121 [SECURITY] [DSA 4608-1] tiff security update", "url": "https://seclists.org/bugtraq/2020/Jan/32" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4608", + "url": "https://www.debian.org/security/2020/dsa-4608" } ] } diff --git a/2019/17xxx/CVE-2019-17546.json b/2019/17xxx/CVE-2019-17546.json index 12aea368d5d..04964716223 100644 --- a/2019/17xxx/CVE-2019-17546.json +++ b/2019/17xxx/CVE-2019-17546.json @@ -76,6 +76,11 @@ "refsource": "BUGTRAQ", "name": "20200121 [SECURITY] [DSA 4608-1] tiff security update", "url": "https://seclists.org/bugtraq/2020/Jan/32" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4608", + "url": "https://www.debian.org/security/2020/dsa-4608" } ] } From cfa9eaf599ae1ae405036a42b4d2f04db28be184 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 13:01:19 +0000 Subject: [PATCH 211/387] "-Synchronized-Data." --- 2011/4xxx/CVE-2011-4943.json | 50 +++++++++++++++++++++++++-- 2018/16xxx/CVE-2018-16262.json | 58 +++++++++++++++++++++++++++++-- 2018/16xxx/CVE-2018-16263.json | 58 +++++++++++++++++++++++++++++-- 2018/16xxx/CVE-2018-16264.json | 58 +++++++++++++++++++++++++++++-- 2018/16xxx/CVE-2018-16265.json | 63 ++++++++++++++++++++++++++++++++-- 2018/16xxx/CVE-2018-16266.json | 58 +++++++++++++++++++++++++++++-- 2018/16xxx/CVE-2018-16267.json | 58 +++++++++++++++++++++++++++++-- 2018/16xxx/CVE-2018-16268.json | 58 +++++++++++++++++++++++++++++-- 2018/16xxx/CVE-2018-16269.json | 53 ++++++++++++++++++++++++++-- 9 files changed, 495 insertions(+), 19 deletions(-) diff --git a/2011/4xxx/CVE-2011-4943.json b/2011/4xxx/CVE-2011-4943.json index 660df24f456..7a1e9d2a83f 100644 --- a/2011/4xxx/CVE-2011-4943.json +++ b/2011/4xxx/CVE-2011-4943.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4943", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ImpressPages CMS", + "version": { + "version_data": [ + { + "version_value": "before v1.0.13" + } + ] + } + } + ] + }, + "vendor_name": "ImpressPages CMS" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/03/23/16", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/03/23/16" } ] } diff --git a/2018/16xxx/CVE-2018-16262.json b/2018/16xxx/CVE-2018-16262.json index becac13452e..0271d338624 100644 --- a/2018/16xxx/CVE-2018-16262.json +++ b/2018/16xxx/CVE-2018-16262.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16262", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The pkgmgr system service in Tizen allows an unprivileged process to perform package management actions, due to improper D-Bus security policy configurations. Such actions include installing, decrypting, and killing other packages. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://review.tizen.org/git/?p=platform/core/appfw/pkgmgr-server.git;a=commit;h=aac8a95859828a058d8e06893982b11ebc81dd78", + "refsource": "MISC", + "name": "https://review.tizen.org/git/?p=platform/core/appfw/pkgmgr-server.git;a=commit;h=aac8a95859828a058d8e06893982b11ebc81dd78" + }, + { + "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf", + "refsource": "MISC", + "name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be", + "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be" } ] } diff --git a/2018/16xxx/CVE-2018-16263.json b/2018/16xxx/CVE-2018-16263.json index 4f0ef3d76d1..5bc02719404 100644 --- a/2018/16xxx/CVE-2018-16263.json +++ b/2018/16xxx/CVE-2018-16263.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16263", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The PulseAudio system service in Tizen allows an unprivileged process to control its A2DP MediaEndpoint, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf", + "refsource": "MISC", + "name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf" + }, + { + "url": "https://review.tizen.org/git/?p=platform/upstream/pulseaudio.git;a=commit;h=81e8ba9f3ab0917da4fdfa094f49333be57964c6", + "refsource": "MISC", + "name": "https://review.tizen.org/git/?p=platform/upstream/pulseaudio.git;a=commit;h=81e8ba9f3ab0917da4fdfa094f49333be57964c6" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be", + "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be" } ] } diff --git a/2018/16xxx/CVE-2018-16264.json b/2018/16xxx/CVE-2018-16264.json index 3702e967f06..8826382f310 100644 --- a/2018/16xxx/CVE-2018-16264.json +++ b/2018/16xxx/CVE-2018-16264.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16264", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf", + "refsource": "MISC", + "name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf" + }, + { + "url": "https://review.tizen.org/git/?p=platform/upstream/bluez.git;a=commit;h=ff9878c95efc12d4a4495153ab51e3a09f8d3c01", + "refsource": "MISC", + "name": "https://review.tizen.org/git/?p=platform/upstream/bluez.git;a=commit;h=ff9878c95efc12d4a4495153ab51e3a09f8d3c01" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be", + "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be" } ] } diff --git a/2018/16xxx/CVE-2018-16265.json b/2018/16xxx/CVE-2018-16265.json index 587de13e202..43bf3abee22 100644 --- a/2018/16xxx/CVE-2018-16265.json +++ b/2018/16xxx/CVE-2018-16265.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16265", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The bt/bt_core system service in Tizen allows an unprivileged process to create a system user interface and control the Bluetooth pairing process, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf", + "refsource": "MISC", + "name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf" + }, + { + "url": "https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git;a=commit;h=074dfc9709d8cee84564fc815796b0ef0c3273f5", + "refsource": "MISC", + "name": "https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git;a=commit;h=074dfc9709d8cee84564fc815796b0ef0c3273f5" + }, + { + "url": "https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git;a=commit;h=bafbd66906ae5712874dc0d7dd6288d2c1ae4db2", + "refsource": "MISC", + "name": "https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git;a=commit;h=bafbd66906ae5712874dc0d7dd6288d2c1ae4db2" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be", + "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be" } ] } diff --git a/2018/16xxx/CVE-2018-16266.json b/2018/16xxx/CVE-2018-16266.json index 7fdd27a0c45..a34be50d1a2 100644 --- a/2018/16xxx/CVE-2018-16266.json +++ b/2018/16xxx/CVE-2018-16266.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16266", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture windows, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf", + "refsource": "MISC", + "name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf" + }, + { + "url": "https://review.tizen.org/git/?p=platform/upstream/enlightenment.git;a=commit;h=8ff5c24d04f97b1c84b463535876600b22128fb4", + "refsource": "MISC", + "name": "https://review.tizen.org/git/?p=platform/upstream/enlightenment.git;a=commit;h=8ff5c24d04f97b1c84b463535876600b22128fb4" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be", + "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be" } ] } diff --git a/2018/16xxx/CVE-2018-16267.json b/2018/16xxx/CVE-2018-16267.json index 46437f0d44c..1069d337fa4 100644 --- a/2018/16xxx/CVE-2018-16267.json +++ b/2018/16xxx/CVE-2018-16267.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16267", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The system-popup system service in Tizen allows an unprivileged process to perform popup-related system actions, due to improper D-Bus security policy configurations. Such actions include the triggering system poweroff menu, and prompting a popup with arbitrary strings. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf", + "refsource": "MISC", + "name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf" + }, + { + "url": "https://review.tizen.org/git/?p=platform/core/system/system-popup.git;a=commit;h=57b3c2f3cd61c6f432e7abe3a2d8b0df72fd4b0e", + "refsource": "MISC", + "name": "https://review.tizen.org/git/?p=platform/core/system/system-popup.git;a=commit;h=57b3c2f3cd61c6f432e7abe3a2d8b0df72fd4b0e" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be", + "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be" } ] } diff --git a/2018/16xxx/CVE-2018-16268.json b/2018/16xxx/CVE-2018-16268.json index 8f2bdb87d22..907bb80cece 100644 --- a/2018/16xxx/CVE-2018-16268.json +++ b/2018/16xxx/CVE-2018-16268.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16268", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-related system actions, due to improper D-Bus security policy configurations. Such actions include playing an arbitrary sound file or DTMF tones. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf", + "refsource": "MISC", + "name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf" + }, + { + "url": "https://review.tizen.org/git/?p=platform/core/multimedia/libmm-sound.git;a=commit;h=7fce6f2d6d480b3bd0e84a5ba3f72173a37e36db", + "refsource": "MISC", + "name": "https://review.tizen.org/git/?p=platform/core/multimedia/libmm-sound.git;a=commit;h=7fce6f2d6d480b3bd0e84a5ba3f72173a37e36db" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be", + "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be" } ] } diff --git a/2018/16xxx/CVE-2018-16269.json b/2018/16xxx/CVE-2018-16269.json index 6b822e59a15..6c7a9764453 100644 --- a/2018/16xxx/CVE-2018-16269.json +++ b/2018/16xxx/CVE-2018-16269.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16269", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf", + "refsource": "MISC", + "name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be", + "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be" } ] } From 27576f03538be3bc8e18edc04498549d8732d6ee Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 14:01:07 +0000 Subject: [PATCH 212/387] "-Synchronized-Data." --- 2018/16xxx/CVE-2018-16270.json | 53 +++++++++++++++++++++++++++++-- 2018/16xxx/CVE-2018-16271.json | 53 +++++++++++++++++++++++++++++-- 2018/16xxx/CVE-2018-16272.json | 53 +++++++++++++++++++++++++++++-- 2019/10xxx/CVE-2019-10780.json | 50 +++++++++++++++++++++++++++-- 2019/14xxx/CVE-2019-14902.json | 5 +++ 2019/14xxx/CVE-2019-14907.json | 5 +++ 2019/17xxx/CVE-2019-17650.json | 5 +++ 2019/19xxx/CVE-2019-19344.json | 5 +++ 2019/6xxx/CVE-2019-6858.json | 58 ++++++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7803.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7804.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7805.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7806.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7807.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7808.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7809.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7810.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7811.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7812.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7813.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7814.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7815.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7816.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7817.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7818.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7819.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7820.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7821.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7822.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7823.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7824.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7825.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7826.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7827.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7828.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7829.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7830.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7831.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7832.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7833.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7834.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7835.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7836.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7837.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7838.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7839.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7840.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7841.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7842.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7843.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7844.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7845.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7846.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7847.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7848.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7849.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7850.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7851.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7852.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7853.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7854.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7855.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7856.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7857.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7858.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7859.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7860.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7861.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7862.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7863.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7864.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7865.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7866.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7867.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7868.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7869.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7870.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7871.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7872.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7873.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7874.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7875.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7876.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7877.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7878.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7879.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7880.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7881.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7882.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7883.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7884.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7885.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7886.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7887.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7888.json | 18 +++++++++++ 95 files changed, 1819 insertions(+), 16 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7803.json create mode 100644 2020/7xxx/CVE-2020-7804.json create mode 100644 2020/7xxx/CVE-2020-7805.json create mode 100644 2020/7xxx/CVE-2020-7806.json create mode 100644 2020/7xxx/CVE-2020-7807.json create mode 100644 2020/7xxx/CVE-2020-7808.json create mode 100644 2020/7xxx/CVE-2020-7809.json create mode 100644 2020/7xxx/CVE-2020-7810.json create mode 100644 2020/7xxx/CVE-2020-7811.json create mode 100644 2020/7xxx/CVE-2020-7812.json create mode 100644 2020/7xxx/CVE-2020-7813.json create mode 100644 2020/7xxx/CVE-2020-7814.json create mode 100644 2020/7xxx/CVE-2020-7815.json create mode 100644 2020/7xxx/CVE-2020-7816.json create mode 100644 2020/7xxx/CVE-2020-7817.json create mode 100644 2020/7xxx/CVE-2020-7818.json create mode 100644 2020/7xxx/CVE-2020-7819.json create mode 100644 2020/7xxx/CVE-2020-7820.json create mode 100644 2020/7xxx/CVE-2020-7821.json create mode 100644 2020/7xxx/CVE-2020-7822.json create mode 100644 2020/7xxx/CVE-2020-7823.json create mode 100644 2020/7xxx/CVE-2020-7824.json create mode 100644 2020/7xxx/CVE-2020-7825.json create mode 100644 2020/7xxx/CVE-2020-7826.json create mode 100644 2020/7xxx/CVE-2020-7827.json create mode 100644 2020/7xxx/CVE-2020-7828.json create mode 100644 2020/7xxx/CVE-2020-7829.json create mode 100644 2020/7xxx/CVE-2020-7830.json create mode 100644 2020/7xxx/CVE-2020-7831.json create mode 100644 2020/7xxx/CVE-2020-7832.json create mode 100644 2020/7xxx/CVE-2020-7833.json create mode 100644 2020/7xxx/CVE-2020-7834.json create mode 100644 2020/7xxx/CVE-2020-7835.json create mode 100644 2020/7xxx/CVE-2020-7836.json create mode 100644 2020/7xxx/CVE-2020-7837.json create mode 100644 2020/7xxx/CVE-2020-7838.json create mode 100644 2020/7xxx/CVE-2020-7839.json create mode 100644 2020/7xxx/CVE-2020-7840.json create mode 100644 2020/7xxx/CVE-2020-7841.json create mode 100644 2020/7xxx/CVE-2020-7842.json create mode 100644 2020/7xxx/CVE-2020-7843.json create mode 100644 2020/7xxx/CVE-2020-7844.json create mode 100644 2020/7xxx/CVE-2020-7845.json create mode 100644 2020/7xxx/CVE-2020-7846.json create mode 100644 2020/7xxx/CVE-2020-7847.json create mode 100644 2020/7xxx/CVE-2020-7848.json create mode 100644 2020/7xxx/CVE-2020-7849.json create mode 100644 2020/7xxx/CVE-2020-7850.json create mode 100644 2020/7xxx/CVE-2020-7851.json create mode 100644 2020/7xxx/CVE-2020-7852.json create mode 100644 2020/7xxx/CVE-2020-7853.json create mode 100644 2020/7xxx/CVE-2020-7854.json create mode 100644 2020/7xxx/CVE-2020-7855.json create mode 100644 2020/7xxx/CVE-2020-7856.json create mode 100644 2020/7xxx/CVE-2020-7857.json create mode 100644 2020/7xxx/CVE-2020-7858.json create mode 100644 2020/7xxx/CVE-2020-7859.json create mode 100644 2020/7xxx/CVE-2020-7860.json create mode 100644 2020/7xxx/CVE-2020-7861.json create mode 100644 2020/7xxx/CVE-2020-7862.json create mode 100644 2020/7xxx/CVE-2020-7863.json create mode 100644 2020/7xxx/CVE-2020-7864.json create mode 100644 2020/7xxx/CVE-2020-7865.json create mode 100644 2020/7xxx/CVE-2020-7866.json create mode 100644 2020/7xxx/CVE-2020-7867.json create mode 100644 2020/7xxx/CVE-2020-7868.json create mode 100644 2020/7xxx/CVE-2020-7869.json create mode 100644 2020/7xxx/CVE-2020-7870.json create mode 100644 2020/7xxx/CVE-2020-7871.json create mode 100644 2020/7xxx/CVE-2020-7872.json create mode 100644 2020/7xxx/CVE-2020-7873.json create mode 100644 2020/7xxx/CVE-2020-7874.json create mode 100644 2020/7xxx/CVE-2020-7875.json create mode 100644 2020/7xxx/CVE-2020-7876.json create mode 100644 2020/7xxx/CVE-2020-7877.json create mode 100644 2020/7xxx/CVE-2020-7878.json create mode 100644 2020/7xxx/CVE-2020-7879.json create mode 100644 2020/7xxx/CVE-2020-7880.json create mode 100644 2020/7xxx/CVE-2020-7881.json create mode 100644 2020/7xxx/CVE-2020-7882.json create mode 100644 2020/7xxx/CVE-2020-7883.json create mode 100644 2020/7xxx/CVE-2020-7884.json create mode 100644 2020/7xxx/CVE-2020-7885.json create mode 100644 2020/7xxx/CVE-2020-7886.json create mode 100644 2020/7xxx/CVE-2020-7887.json create mode 100644 2020/7xxx/CVE-2020-7888.json diff --git a/2018/16xxx/CVE-2018-16270.json b/2018/16xxx/CVE-2018-16270.json index 33f8b99018c..18f029840ff 100644 --- a/2018/16xxx/CVE-2018-16270.json +++ b/2018/16xxx/CVE-2018-16270.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16270", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf", + "refsource": "MISC", + "name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be", + "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be" } ] } diff --git a/2018/16xxx/CVE-2018-16271.json b/2018/16xxx/CVE-2018-16271.json index 842a75bf7e1..58695cee2ed 100644 --- a/2018/16xxx/CVE-2018-16271.json +++ b/2018/16xxx/CVE-2018-16271.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16271", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user's mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf", + "refsource": "MISC", + "name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be", + "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be" } ] } diff --git a/2018/16xxx/CVE-2018-16272.json b/2018/16xxx/CVE-2018-16272.json index a2d15c01089..6aa4c44deef 100644 --- a/2018/16xxx/CVE-2018-16272.json +++ b/2018/16xxx/CVE-2018-16272.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16272", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf", + "refsource": "MISC", + "name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be", + "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be" } ] } diff --git a/2019/10xxx/CVE-2019-10780.json b/2019/10xxx/CVE-2019-10780.json index 0a70c0b81c7..8e12ebb5427 100644 --- a/2019/10xxx/CVE-2019-10780.json +++ b/2019/10xxx/CVE-2019-10780.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10780", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BibTeX-ruby", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 5.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-RUBY-BIBTEXRUBY-542602", + "url": "https://snyk.io/vuln/SNYK-RUBY-BIBTEXRUBY-542602" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open." } ] } diff --git a/2019/14xxx/CVE-2019-14902.json b/2019/14xxx/CVE-2019-14902.json index f3ca253f03c..ccee8c0dadb 100644 --- a/2019/14xxx/CVE-2019-14902.json +++ b/2019/14xxx/CVE-2019-14902.json @@ -64,6 +64,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200122-0001/", "url": "https://security.netapp.com/advisory/ntap-20200122-0001/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.synology.com/security/advisory/Synology_SA_20_01", + "url": "https://www.synology.com/security/advisory/Synology_SA_20_01" } ] }, diff --git a/2019/14xxx/CVE-2019-14907.json b/2019/14xxx/CVE-2019-14907.json index 5ef75ecc042..dd8142f692a 100644 --- a/2019/14xxx/CVE-2019-14907.json +++ b/2019/14xxx/CVE-2019-14907.json @@ -64,6 +64,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200122-0001/", "url": "https://security.netapp.com/advisory/ntap-20200122-0001/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.synology.com/security/advisory/Synology_SA_20_01", + "url": "https://www.synology.com/security/advisory/Synology_SA_20_01" } ] }, diff --git a/2019/17xxx/CVE-2019-17650.json b/2019/17xxx/CVE-2019-17650.json index 87369687430..14253563f51 100644 --- a/2019/17xxx/CVE-2019-17650.json +++ b/2019/17xxx/CVE-2019-17650.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://fortiguard.com/advisory/FG-IR-19-210", "url": "https://fortiguard.com/advisory/FG-IR-19-210" + }, + { + "refsource": "MISC", + "name": "https://danishcyberdefence.dk/blog/forticlient_mac", + "url": "https://danishcyberdefence.dk/blog/forticlient_mac" } ] }, diff --git a/2019/19xxx/CVE-2019-19344.json b/2019/19xxx/CVE-2019-19344.json index d57be201eb7..10e6e3c854c 100644 --- a/2019/19xxx/CVE-2019-19344.json +++ b/2019/19xxx/CVE-2019-19344.json @@ -64,6 +64,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200122-0001/", "url": "https://security.netapp.com/advisory/ntap-20200122-0001/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.synology.com/security/advisory/Synology_SA_20_01", + "url": "https://www.synology.com/security/advisory/Synology_SA_20_01" } ] }, diff --git a/2019/6xxx/CVE-2019-6858.json b/2019/6xxx/CVE-2019-6858.json index 4798289f4d6..8b088f54077 100644 --- a/2019/6xxx/CVE-2019-6858.json +++ b/2019/6xxx/CVE-2019-6858.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6858", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6858", + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MSX Configurator (Software Version prior to V1.0.8.1)", + "version": { + "version_data": [ + { + "version_value": "MSX Configurator (Software Version prior to V1.0.8.1)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-427:Uncontrolled Search Path Element" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-014-01", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-014-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX Configurator (Software Version prior to V1.0.8.1), which could cause privilege escalation when injecting a malicious DLL." } ] } diff --git a/2020/7xxx/CVE-2020-7803.json b/2020/7xxx/CVE-2020-7803.json new file mode 100644 index 00000000000..0f8b026c93f --- /dev/null +++ b/2020/7xxx/CVE-2020-7803.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7803", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7804.json b/2020/7xxx/CVE-2020-7804.json new file mode 100644 index 00000000000..da8a1c4859b --- /dev/null +++ b/2020/7xxx/CVE-2020-7804.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7804", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7805.json b/2020/7xxx/CVE-2020-7805.json new file mode 100644 index 00000000000..7e6c2ae130b --- /dev/null +++ b/2020/7xxx/CVE-2020-7805.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7805", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7806.json b/2020/7xxx/CVE-2020-7806.json new file mode 100644 index 00000000000..3db0c62ed3c --- /dev/null +++ b/2020/7xxx/CVE-2020-7806.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7806", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7807.json b/2020/7xxx/CVE-2020-7807.json new file mode 100644 index 00000000000..9abe1f034c1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7807.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7807", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7808.json b/2020/7xxx/CVE-2020-7808.json new file mode 100644 index 00000000000..d666eb95d99 --- /dev/null +++ b/2020/7xxx/CVE-2020-7808.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7808", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7809.json b/2020/7xxx/CVE-2020-7809.json new file mode 100644 index 00000000000..9c39def3e36 --- /dev/null +++ b/2020/7xxx/CVE-2020-7809.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7809", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7810.json b/2020/7xxx/CVE-2020-7810.json new file mode 100644 index 00000000000..8940b894e84 --- /dev/null +++ b/2020/7xxx/CVE-2020-7810.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7810", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7811.json b/2020/7xxx/CVE-2020-7811.json new file mode 100644 index 00000000000..a11db5de1cf --- /dev/null +++ b/2020/7xxx/CVE-2020-7811.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7811", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7812.json b/2020/7xxx/CVE-2020-7812.json new file mode 100644 index 00000000000..095124fbc60 --- /dev/null +++ b/2020/7xxx/CVE-2020-7812.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7812", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7813.json b/2020/7xxx/CVE-2020-7813.json new file mode 100644 index 00000000000..3d4a3e75a54 --- /dev/null +++ b/2020/7xxx/CVE-2020-7813.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7813", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7814.json b/2020/7xxx/CVE-2020-7814.json new file mode 100644 index 00000000000..7d4e1bac08f --- /dev/null +++ b/2020/7xxx/CVE-2020-7814.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7814", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7815.json b/2020/7xxx/CVE-2020-7815.json new file mode 100644 index 00000000000..3f951c7d79f --- /dev/null +++ b/2020/7xxx/CVE-2020-7815.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7815", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7816.json b/2020/7xxx/CVE-2020-7816.json new file mode 100644 index 00000000000..dfdd55bf8ae --- /dev/null +++ b/2020/7xxx/CVE-2020-7816.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7816", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7817.json b/2020/7xxx/CVE-2020-7817.json new file mode 100644 index 00000000000..cdb99f8bfee --- /dev/null +++ b/2020/7xxx/CVE-2020-7817.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7817", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7818.json b/2020/7xxx/CVE-2020-7818.json new file mode 100644 index 00000000000..5c2479d7193 --- /dev/null +++ b/2020/7xxx/CVE-2020-7818.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7818", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7819.json b/2020/7xxx/CVE-2020-7819.json new file mode 100644 index 00000000000..55d9f549339 --- /dev/null +++ b/2020/7xxx/CVE-2020-7819.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7819", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7820.json b/2020/7xxx/CVE-2020-7820.json new file mode 100644 index 00000000000..4cedfee0af8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7820.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7820", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7821.json b/2020/7xxx/CVE-2020-7821.json new file mode 100644 index 00000000000..489c9efa300 --- /dev/null +++ b/2020/7xxx/CVE-2020-7821.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7821", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7822.json b/2020/7xxx/CVE-2020-7822.json new file mode 100644 index 00000000000..b3a022d57a3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7822.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7822", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7823.json b/2020/7xxx/CVE-2020-7823.json new file mode 100644 index 00000000000..9b0ef3760d0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7823.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7823", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7824.json b/2020/7xxx/CVE-2020-7824.json new file mode 100644 index 00000000000..6d8b85b4667 --- /dev/null +++ b/2020/7xxx/CVE-2020-7824.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7824", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7825.json b/2020/7xxx/CVE-2020-7825.json new file mode 100644 index 00000000000..284525fb5fc --- /dev/null +++ b/2020/7xxx/CVE-2020-7825.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7825", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7826.json b/2020/7xxx/CVE-2020-7826.json new file mode 100644 index 00000000000..bf1239063ba --- /dev/null +++ b/2020/7xxx/CVE-2020-7826.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7826", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7827.json b/2020/7xxx/CVE-2020-7827.json new file mode 100644 index 00000000000..37ed9e063a3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7827.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7827", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7828.json b/2020/7xxx/CVE-2020-7828.json new file mode 100644 index 00000000000..d6afe3008f5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7828.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7828", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7829.json b/2020/7xxx/CVE-2020-7829.json new file mode 100644 index 00000000000..c14fe144ae8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7829.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7829", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7830.json b/2020/7xxx/CVE-2020-7830.json new file mode 100644 index 00000000000..5b8eb3a2098 --- /dev/null +++ b/2020/7xxx/CVE-2020-7830.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7830", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7831.json b/2020/7xxx/CVE-2020-7831.json new file mode 100644 index 00000000000..777ea6e8eaa --- /dev/null +++ b/2020/7xxx/CVE-2020-7831.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7831", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7832.json b/2020/7xxx/CVE-2020-7832.json new file mode 100644 index 00000000000..780ed1f52bb --- /dev/null +++ b/2020/7xxx/CVE-2020-7832.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7832", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7833.json b/2020/7xxx/CVE-2020-7833.json new file mode 100644 index 00000000000..bf43ddc2f0c --- /dev/null +++ b/2020/7xxx/CVE-2020-7833.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7833", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7834.json b/2020/7xxx/CVE-2020-7834.json new file mode 100644 index 00000000000..422f4c8f1bb --- /dev/null +++ b/2020/7xxx/CVE-2020-7834.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7834", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7835.json b/2020/7xxx/CVE-2020-7835.json new file mode 100644 index 00000000000..f212e9924b8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7835.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7835", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7836.json b/2020/7xxx/CVE-2020-7836.json new file mode 100644 index 00000000000..1bcd3717e94 --- /dev/null +++ b/2020/7xxx/CVE-2020-7836.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7836", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7837.json b/2020/7xxx/CVE-2020-7837.json new file mode 100644 index 00000000000..394fe8c4977 --- /dev/null +++ b/2020/7xxx/CVE-2020-7837.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7837", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7838.json b/2020/7xxx/CVE-2020-7838.json new file mode 100644 index 00000000000..525aae20cdc --- /dev/null +++ b/2020/7xxx/CVE-2020-7838.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7838", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7839.json b/2020/7xxx/CVE-2020-7839.json new file mode 100644 index 00000000000..e2593d4ba04 --- /dev/null +++ b/2020/7xxx/CVE-2020-7839.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7839", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7840.json b/2020/7xxx/CVE-2020-7840.json new file mode 100644 index 00000000000..f3f8e9f14a1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7840.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7840", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7841.json b/2020/7xxx/CVE-2020-7841.json new file mode 100644 index 00000000000..3f52643f9b1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7841.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7841", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7842.json b/2020/7xxx/CVE-2020-7842.json new file mode 100644 index 00000000000..cf2fcb6e84c --- /dev/null +++ b/2020/7xxx/CVE-2020-7842.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7842", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7843.json b/2020/7xxx/CVE-2020-7843.json new file mode 100644 index 00000000000..6e516fc699c --- /dev/null +++ b/2020/7xxx/CVE-2020-7843.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7843", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7844.json b/2020/7xxx/CVE-2020-7844.json new file mode 100644 index 00000000000..f00753820d8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7844.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7844", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7845.json b/2020/7xxx/CVE-2020-7845.json new file mode 100644 index 00000000000..67837e4bf5e --- /dev/null +++ b/2020/7xxx/CVE-2020-7845.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7845", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7846.json b/2020/7xxx/CVE-2020-7846.json new file mode 100644 index 00000000000..c6483927114 --- /dev/null +++ b/2020/7xxx/CVE-2020-7846.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7846", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7847.json b/2020/7xxx/CVE-2020-7847.json new file mode 100644 index 00000000000..45f7b5beb24 --- /dev/null +++ b/2020/7xxx/CVE-2020-7847.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7847", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7848.json b/2020/7xxx/CVE-2020-7848.json new file mode 100644 index 00000000000..25a4780cc95 --- /dev/null +++ b/2020/7xxx/CVE-2020-7848.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7848", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7849.json b/2020/7xxx/CVE-2020-7849.json new file mode 100644 index 00000000000..155c5fed740 --- /dev/null +++ b/2020/7xxx/CVE-2020-7849.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7849", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7850.json b/2020/7xxx/CVE-2020-7850.json new file mode 100644 index 00000000000..40126b2100d --- /dev/null +++ b/2020/7xxx/CVE-2020-7850.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7850", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7851.json b/2020/7xxx/CVE-2020-7851.json new file mode 100644 index 00000000000..446d0d4fba7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7851.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7851", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7852.json b/2020/7xxx/CVE-2020-7852.json new file mode 100644 index 00000000000..3b14d652982 --- /dev/null +++ b/2020/7xxx/CVE-2020-7852.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7852", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7853.json b/2020/7xxx/CVE-2020-7853.json new file mode 100644 index 00000000000..24f02bf95e6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7853.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7853", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7854.json b/2020/7xxx/CVE-2020-7854.json new file mode 100644 index 00000000000..1b1a8044910 --- /dev/null +++ b/2020/7xxx/CVE-2020-7854.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7854", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7855.json b/2020/7xxx/CVE-2020-7855.json new file mode 100644 index 00000000000..ba0375e6311 --- /dev/null +++ b/2020/7xxx/CVE-2020-7855.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7855", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7856.json b/2020/7xxx/CVE-2020-7856.json new file mode 100644 index 00000000000..5d03cac2ef7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7856.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7856", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7857.json b/2020/7xxx/CVE-2020-7857.json new file mode 100644 index 00000000000..97d5abe4f44 --- /dev/null +++ b/2020/7xxx/CVE-2020-7857.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7857", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7858.json b/2020/7xxx/CVE-2020-7858.json new file mode 100644 index 00000000000..953c6ad90c6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7858.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7858", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7859.json b/2020/7xxx/CVE-2020-7859.json new file mode 100644 index 00000000000..c2b826282b5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7859.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7859", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7860.json b/2020/7xxx/CVE-2020-7860.json new file mode 100644 index 00000000000..71ee0b15932 --- /dev/null +++ b/2020/7xxx/CVE-2020-7860.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7860", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7861.json b/2020/7xxx/CVE-2020-7861.json new file mode 100644 index 00000000000..5d4467af914 --- /dev/null +++ b/2020/7xxx/CVE-2020-7861.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7861", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7862.json b/2020/7xxx/CVE-2020-7862.json new file mode 100644 index 00000000000..af72b91013f --- /dev/null +++ b/2020/7xxx/CVE-2020-7862.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7862", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7863.json b/2020/7xxx/CVE-2020-7863.json new file mode 100644 index 00000000000..350a5d60ab7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7863.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7863", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7864.json b/2020/7xxx/CVE-2020-7864.json new file mode 100644 index 00000000000..648ee4d1731 --- /dev/null +++ b/2020/7xxx/CVE-2020-7864.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7864", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7865.json b/2020/7xxx/CVE-2020-7865.json new file mode 100644 index 00000000000..f795646627a --- /dev/null +++ b/2020/7xxx/CVE-2020-7865.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7865", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7866.json b/2020/7xxx/CVE-2020-7866.json new file mode 100644 index 00000000000..4d748ff9daf --- /dev/null +++ b/2020/7xxx/CVE-2020-7866.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7866", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7867.json b/2020/7xxx/CVE-2020-7867.json new file mode 100644 index 00000000000..bf35240eb2a --- /dev/null +++ b/2020/7xxx/CVE-2020-7867.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7867", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7868.json b/2020/7xxx/CVE-2020-7868.json new file mode 100644 index 00000000000..528b03a88de --- /dev/null +++ b/2020/7xxx/CVE-2020-7868.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7868", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7869.json b/2020/7xxx/CVE-2020-7869.json new file mode 100644 index 00000000000..b62c02a47d6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7869.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7869", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7870.json b/2020/7xxx/CVE-2020-7870.json new file mode 100644 index 00000000000..2d6f6f88e61 --- /dev/null +++ b/2020/7xxx/CVE-2020-7870.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7870", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7871.json b/2020/7xxx/CVE-2020-7871.json new file mode 100644 index 00000000000..6eefcf82770 --- /dev/null +++ b/2020/7xxx/CVE-2020-7871.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7871", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7872.json b/2020/7xxx/CVE-2020-7872.json new file mode 100644 index 00000000000..d9762209b7b --- /dev/null +++ b/2020/7xxx/CVE-2020-7872.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7872", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7873.json b/2020/7xxx/CVE-2020-7873.json new file mode 100644 index 00000000000..e6901b7fc06 --- /dev/null +++ b/2020/7xxx/CVE-2020-7873.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7873", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7874.json b/2020/7xxx/CVE-2020-7874.json new file mode 100644 index 00000000000..d2b54c929e7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7874.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7874", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7875.json b/2020/7xxx/CVE-2020-7875.json new file mode 100644 index 00000000000..65ff46933fc --- /dev/null +++ b/2020/7xxx/CVE-2020-7875.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7875", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7876.json b/2020/7xxx/CVE-2020-7876.json new file mode 100644 index 00000000000..8b3f80a27f8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7876.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7876", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7877.json b/2020/7xxx/CVE-2020-7877.json new file mode 100644 index 00000000000..ef83c7bb6ce --- /dev/null +++ b/2020/7xxx/CVE-2020-7877.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7877", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7878.json b/2020/7xxx/CVE-2020-7878.json new file mode 100644 index 00000000000..4bd5a34ace4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7878.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7878", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7879.json b/2020/7xxx/CVE-2020-7879.json new file mode 100644 index 00000000000..7024eff19ad --- /dev/null +++ b/2020/7xxx/CVE-2020-7879.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7879", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7880.json b/2020/7xxx/CVE-2020-7880.json new file mode 100644 index 00000000000..8abf86209e5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7880.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7880", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7881.json b/2020/7xxx/CVE-2020-7881.json new file mode 100644 index 00000000000..f2aeea41cfe --- /dev/null +++ b/2020/7xxx/CVE-2020-7881.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7881", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7882.json b/2020/7xxx/CVE-2020-7882.json new file mode 100644 index 00000000000..769a82fa5a4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7882.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7882", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7883.json b/2020/7xxx/CVE-2020-7883.json new file mode 100644 index 00000000000..c2efa8fe8c1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7883.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7883", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7884.json b/2020/7xxx/CVE-2020-7884.json new file mode 100644 index 00000000000..df88e359d15 --- /dev/null +++ b/2020/7xxx/CVE-2020-7884.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7884", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7885.json b/2020/7xxx/CVE-2020-7885.json new file mode 100644 index 00000000000..07990a605ed --- /dev/null +++ b/2020/7xxx/CVE-2020-7885.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7885", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7886.json b/2020/7xxx/CVE-2020-7886.json new file mode 100644 index 00000000000..8fa9e8e2d37 --- /dev/null +++ b/2020/7xxx/CVE-2020-7886.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7886", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7887.json b/2020/7xxx/CVE-2020-7887.json new file mode 100644 index 00000000000..afaaf30b4e7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7887.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7887", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7888.json b/2020/7xxx/CVE-2020-7888.json new file mode 100644 index 00000000000..e1322d508d2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7888.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7888", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From c9c2972bf3e6df44d57f353426118e9576bb0be8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 14:01:28 +0000 Subject: [PATCH 213/387] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10781.json | 55 ++++++++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7889.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7890.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7891.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7892.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7893.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7894.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7895.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7896.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7897.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7898.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7899.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7900.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7901.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7902.json | 18 +++++++++++ 15 files changed, 304 insertions(+), 3 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7889.json create mode 100644 2020/7xxx/CVE-2020-7890.json create mode 100644 2020/7xxx/CVE-2020-7891.json create mode 100644 2020/7xxx/CVE-2020-7892.json create mode 100644 2020/7xxx/CVE-2020-7893.json create mode 100644 2020/7xxx/CVE-2020-7894.json create mode 100644 2020/7xxx/CVE-2020-7895.json create mode 100644 2020/7xxx/CVE-2020-7896.json create mode 100644 2020/7xxx/CVE-2020-7897.json create mode 100644 2020/7xxx/CVE-2020-7898.json create mode 100644 2020/7xxx/CVE-2020-7899.json create mode 100644 2020/7xxx/CVE-2020-7900.json create mode 100644 2020/7xxx/CVE-2020-7901.json create mode 100644 2020/7xxx/CVE-2020-7902.json diff --git a/2019/10xxx/CVE-2019-10781.json b/2019/10xxx/CVE-2019-10781.json index 9be17fc7ce5..21853b7a518 100644 --- a/2019/10xxx/CVE-2019-10781.json +++ b/2019/10xxx/CVE-2019-10781.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10781", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Snyk", + "product": { + "product_data": [ + { + "product_name": "schema-inspector", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 1.6.9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Internal Property Tampering" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-SCHEMAINSPECTOR-536970", + "url": "https://snyk.io/vuln/SNYK-JS-SCHEMAINSPECTOR-536970" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/Atinux/schema-inspector/commit/345a7b2eed11bb6128421150d65f4f83fdbb737d", + "url": "https://github.com/Atinux/schema-inspector/commit/345a7b2eed11bb6128421150d65f4f83fdbb737d" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector." } ] } diff --git a/2020/7xxx/CVE-2020-7889.json b/2020/7xxx/CVE-2020-7889.json new file mode 100644 index 00000000000..88ce486b7fa --- /dev/null +++ b/2020/7xxx/CVE-2020-7889.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7889", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7890.json b/2020/7xxx/CVE-2020-7890.json new file mode 100644 index 00000000000..166f9a82364 --- /dev/null +++ b/2020/7xxx/CVE-2020-7890.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7890", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7891.json b/2020/7xxx/CVE-2020-7891.json new file mode 100644 index 00000000000..80e815660c5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7891.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7891", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7892.json b/2020/7xxx/CVE-2020-7892.json new file mode 100644 index 00000000000..8a64a656669 --- /dev/null +++ b/2020/7xxx/CVE-2020-7892.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7892", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7893.json b/2020/7xxx/CVE-2020-7893.json new file mode 100644 index 00000000000..ff73416a2db --- /dev/null +++ b/2020/7xxx/CVE-2020-7893.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7893", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7894.json b/2020/7xxx/CVE-2020-7894.json new file mode 100644 index 00000000000..75a4808baeb --- /dev/null +++ b/2020/7xxx/CVE-2020-7894.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7894", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7895.json b/2020/7xxx/CVE-2020-7895.json new file mode 100644 index 00000000000..6a8edc50cce --- /dev/null +++ b/2020/7xxx/CVE-2020-7895.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7895", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7896.json b/2020/7xxx/CVE-2020-7896.json new file mode 100644 index 00000000000..1f92a423493 --- /dev/null +++ b/2020/7xxx/CVE-2020-7896.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7896", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7897.json b/2020/7xxx/CVE-2020-7897.json new file mode 100644 index 00000000000..c7305990e53 --- /dev/null +++ b/2020/7xxx/CVE-2020-7897.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7897", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7898.json b/2020/7xxx/CVE-2020-7898.json new file mode 100644 index 00000000000..208fab80825 --- /dev/null +++ b/2020/7xxx/CVE-2020-7898.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7898", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7899.json b/2020/7xxx/CVE-2020-7899.json new file mode 100644 index 00000000000..745f39c7c66 --- /dev/null +++ b/2020/7xxx/CVE-2020-7899.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7899", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7900.json b/2020/7xxx/CVE-2020-7900.json new file mode 100644 index 00000000000..66ef118659c --- /dev/null +++ b/2020/7xxx/CVE-2020-7900.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7900", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7901.json b/2020/7xxx/CVE-2020-7901.json new file mode 100644 index 00000000000..915ab999180 --- /dev/null +++ b/2020/7xxx/CVE-2020-7901.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7901", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7902.json b/2020/7xxx/CVE-2020-7902.json new file mode 100644 index 00000000000..efb0524739c --- /dev/null +++ b/2020/7xxx/CVE-2020-7902.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7902", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From eb87ddfbbcaebfe93b30b5ddfcad6708921a6f4b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 15:01:03 +0000 Subject: [PATCH 214/387] "-Synchronized-Data." --- 2011/3xxx/CVE-2011-3582.json | 50 ++++++++++++++++++++++++++-- 2018/10xxx/CVE-2018-10899.json | 15 +++++++++ 2019/18xxx/CVE-2019-18583.json | 18 ++++++++++ 2019/18xxx/CVE-2019-18584.json | 18 ++++++++++ 2019/18xxx/CVE-2019-18585.json | 18 ++++++++++ 2019/18xxx/CVE-2019-18586.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6959.json | 50 ++++++++++++++++++++++++++-- 2020/6xxx/CVE-2020-6960.json | 50 ++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7228.json | 61 ++++++++++++++++++++++++++++++---- 9 files changed, 283 insertions(+), 15 deletions(-) create mode 100644 2019/18xxx/CVE-2019-18583.json create mode 100644 2019/18xxx/CVE-2019-18584.json create mode 100644 2019/18xxx/CVE-2019-18585.json create mode 100644 2019/18xxx/CVE-2019-18586.json diff --git a/2011/3xxx/CVE-2011-3582.json b/2011/3xxx/CVE-2011-3582.json index 2d0a1b22181..0b3304f6e4c 100644 --- a/2011/3xxx/CVE-2011-3582.json +++ b/2011/3xxx/CVE-2011-3582.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3582", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Electron Inc.", + "product": { + "product_data": [ + { + "product_name": "Advanced Electron Forums (AEF)", + "version": { + "version_data": [ + { + "version_value": "through 1.0.9" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CSRF" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/09/30/3", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/09/30/3" } ] } diff --git a/2018/10xxx/CVE-2018-10899.json b/2018/10xxx/CVE-2018-10899.json index 782016d9f6d..5f08f15efd6 100644 --- a/2018/10xxx/CVE-2018-10899.json +++ b/2018/10xxx/CVE-2018-10899.json @@ -83,6 +83,21 @@ "refsource": "MLIST", "name": "[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899", "url": "https://lists.apache.org/thread.html/rdb0a59d7851e721b75beea13d6488e345a3e2735838e89d9269d7d32@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Commented] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899", + "url": "https://lists.apache.org/thread.html/r64701caec91c43efd7416d6bddef88447371101e00e8562741ede262@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Work logged] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899", + "url": "https://lists.apache.org/thread.html/r46f6dbc029f49e1f638c6eb82accb94b7f990d818cb3b3bc0007dd0a@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Resolved] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899", + "url": "https://lists.apache.org/thread.html/r67cdc50af9caf89c9ebe1bde08393a343dcd89edba1c63677f68f43b@%3Cissues.activemq.apache.org%3E" } ] }, diff --git a/2019/18xxx/CVE-2019-18583.json b/2019/18xxx/CVE-2019-18583.json new file mode 100644 index 00000000000..6799c4adccf --- /dev/null +++ b/2019/18xxx/CVE-2019-18583.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18583", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18584.json b/2019/18xxx/CVE-2019-18584.json new file mode 100644 index 00000000000..22be8b61480 --- /dev/null +++ b/2019/18xxx/CVE-2019-18584.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18584", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18585.json b/2019/18xxx/CVE-2019-18585.json new file mode 100644 index 00000000000..5394b48462b --- /dev/null +++ b/2019/18xxx/CVE-2019-18585.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18585", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18586.json b/2019/18xxx/CVE-2019-18586.json new file mode 100644 index 00000000000..d467ba53bf8 --- /dev/null +++ b/2019/18xxx/CVE-2019-18586.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18586", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6959.json b/2020/6xxx/CVE-2020-6959.json index ed743b88aa6..6bf5e85aab2 100644 --- a/2020/6xxx/CVE-2020-6959.json +++ b/2020/6xxx/CVE-2020-6959.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6959", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Honeywell Maxpro VMS & NVR", + "version": { + "version_data": [ + { + "version_value": "The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DESERIALIZATION OF UNTRUSTED DATA CWE-502" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-021-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-021-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely modify deserialized data without authentication using a specially crafted web request, resulting in remote code execution." } ] } diff --git a/2020/6xxx/CVE-2020-6960.json b/2020/6xxx/CVE-2020-6960.json index 3c4e0ae98c3..5fb854ea313 100644 --- a/2020/6xxx/CVE-2020-6960.json +++ b/2020/6xxx/CVE-2020-6960.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6960", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Honeywell Maxpro VMS & NVR", + "version": { + "version_data": [ + { + "version_value": "The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND CWE-89" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-021-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-021-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch contain an SQL injection vulnerability that could give an attacker remote unauthenticated access to the web user interface with administrator-level privileges." } ] } diff --git a/2020/7xxx/CVE-2020-7228.json b/2020/7xxx/CVE-2020-7228.json index ecc96b9c58c..9a602492c88 100644 --- a/2020/7xxx/CVE-2020-7228.json +++ b/2020/7xxx/CVE-2020-7228.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7228", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7228", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/calculated-fields-form/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/calculated-fields-form/#developers" + }, + { + "refsource": "MISC", + "name": "https://spider-security.co.uk/blog-cve-2020-7228", + "url": "https://spider-security.co.uk/blog-cve-2020-7228" } ] } From 2d6c1e3acdb8936758a22956fd0039b4b5c136fe Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 16:01:08 +0000 Subject: [PATCH 215/387] "-Synchronized-Data." --- 2011/3xxx/CVE-2011-3595.json | 60 ++++++++++++++++++++++++++++++++-- 2011/3xxx/CVE-2011-3610.json | 60 ++++++++++++++++++++++++++++++++-- 2018/13xxx/CVE-2018-13380.json | 2 +- 2018/13xxx/CVE-2018-13383.json | 2 +- 2018/19xxx/CVE-2018-19442.json | 5 +++ 2018/1xxx/CVE-2018-1351.json | 2 +- 2020/7xxx/CVE-2020-7040.json | 10 ++++++ 7 files changed, 132 insertions(+), 9 deletions(-) diff --git a/2011/3xxx/CVE-2011-3595.json b/2011/3xxx/CVE-2011-3595.json index 81b3e1c7392..89e0428eca5 100644 --- a/2011/3xxx/CVE-2011-3595.json +++ b/2011/3xxx/CVE-2011-3595.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3595", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla!", + "product": { + "product_data": [ + { + "product_name": "Joomla!", + "version": { + "version_data": [ + { + "version_value": "<= 1.7.0" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/10/04/7", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/10/04/7" + }, + { + "refsource": "MISC", + "name": "https://www.rapid7.com/db/vulnerabilities/joomla-20110902-core-xss-vulnerability", + "url": "https://www.rapid7.com/db/vulnerabilities/joomla-20110902-core-xss-vulnerability" + }, + { + "refsource": "MISC", + "name": "http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-stable%5D_cross_site_scripting%28XSS%29", + "url": "http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-stable%5D_cross_site_scripting%28XSS%29" } ] } diff --git a/2011/3xxx/CVE-2011-3610.json b/2011/3xxx/CVE-2011-3610.json index dfd2c4ffb9f..2c2a68fecb6 100644 --- a/2011/3xxx/CVE-2011-3610.json +++ b/2011/3xxx/CVE-2011-3610.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3610", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Serendipity", + "product": { + "product_data": [ + { + "product_name": "serendipity freetag plugin", + "version": { + "version_data": [ + { + "version_value": "before 3.30" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/10/10/3", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/10/10/3" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/105054/Secunia-Security-Advisory-46005.html", + "url": "https://packetstormsecurity.com/files/105054/Secunia-Security-Advisory-46005.html" + }, + { + "refsource": "MISC", + "name": "https://git.schokokeks.org/freewvs.git/blob/ddc4be296c9c49987b53be064d6d2a9d12f50452/freewvsdb/plugins.freewvs", + "url": "https://git.schokokeks.org/freewvs.git/blob/ddc4be296c9c49987b53be064d6d2a9d12f50452/freewvsdb/plugins.freewvs" } ] } diff --git a/2018/13xxx/CVE-2018-13380.json b/2018/13xxx/CVE-2018-13380.json index da010726c0b..ee7fb9181d6 100644 --- a/2018/13xxx/CVE-2018-13380.json +++ b/2018/13xxx/CVE-2018-13380.json @@ -71,7 +71,7 @@ "description_data": [ { "lang": "eng", - "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters." + "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters." } ] } diff --git a/2018/13xxx/CVE-2018-13383.json b/2018/13xxx/CVE-2018-13383.json index 0d204691c6f..6b854e7ca24 100644 --- a/2018/13xxx/CVE-2018-13383.json +++ b/2018/13xxx/CVE-2018-13383.json @@ -70,7 +70,7 @@ "description_data": [ { "lang": "eng", - "value": "A heap buffer overflow in Fortinet FortiOS all versions below 6.0.5 in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages." + "value": "A heap buffer overflow in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.10, 5.4.0 to 5.4.12, 5.2.14 and below in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages." } ] } diff --git a/2018/19xxx/CVE-2018-19442.json b/2018/19xxx/CVE-2018-19442.json index ed19ea60a9c..7f5169fefc2 100644 --- a/2018/19xxx/CVE-2018-19442.json +++ b/2018/19xxx/CVE-2018-19442.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://media.ccc.de/v/eh19-157-smart-vacuum-cleaners-as-remote-wiretapping-devices#t=1779", "url": "https://media.ccc.de/v/eh19-157-smart-vacuum-cleaners-as-remote-wiretapping-devices#t=1779" + }, + { + "refsource": "MISC", + "name": "https://www.usenix.org/system/files/woot19-paper_ullrich.pdf", + "url": "https://www.usenix.org/system/files/woot19-paper_ullrich.pdf" } ] } diff --git a/2018/1xxx/CVE-2018-1351.json b/2018/1xxx/CVE-2018-1351.json index 93cf1ac38eb..ab863d09a11 100644 --- a/2018/1xxx/CVE-2018-1351.json +++ b/2018/1xxx/CVE-2018-1351.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0 and below versions allows attacker to execute HTML/javascript code via managed remote devices' CLI commands by viewing the remote device CLI config installation log." + "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log." } ] }, diff --git a/2020/7xxx/CVE-2020-7040.json b/2020/7xxx/CVE-2020-7040.json index 2d488684fe7..ce8c6c279f7 100644 --- a/2020/7xxx/CVE-2020-7040.json +++ b/2020/7xxx/CVE-2020-7040.json @@ -71,6 +71,16 @@ "refsource": "MLIST", "name": "[oss-security] 20200121 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock", "url": "http://www.openwall.com/lists/oss-security/2020/01/21/2" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200122 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock", + "url": "http://www.openwall.com/lists/oss-security/2020/01/22/2" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200122 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock", + "url": "http://www.openwall.com/lists/oss-security/2020/01/22/3" } ] } From c10e766bf504af714080dbae88d003b10831aead Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 17:01:07 +0000 Subject: [PATCH 216/387] "-Synchronized-Data." --- 2011/3xxx/CVE-2011-3611.json | 60 ++++++++++++++++++++++++++++++++-- 2018/13xxx/CVE-2018-13379.json | 2 +- 2019/19xxx/CVE-2019-19592.json | 2 +- 2019/6xxx/CVE-2019-6146.json | 58 ++++++++++++++++++++++++++++---- 2019/6xxx/CVE-2019-6695.json | 2 +- 2020/7xxx/CVE-2020-7109.json | 56 +++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7903.json | 18 ++++++++++ 7 files changed, 179 insertions(+), 19 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7903.json diff --git a/2011/3xxx/CVE-2011-3611.json b/2011/3xxx/CVE-2011-3611.json index 918d926b2bd..1cb41f2f681 100644 --- a/2011/3xxx/CVE-2011-3611.json +++ b/2011/3xxx/CVE-2011-3611.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3611", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "UseBB", + "version": { + "version_data": [ + { + "version_value": "before 1.0.12" + } + ] + } + } + ] + }, + "vendor_name": "UseBB" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local File Inclusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/10/10/4", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/10/10/4" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/100103/UseBB-1.0.11-Cross-Site-Request-Forgery-Local-File-Inclusion.html", + "url": "https://packetstormsecurity.com/files/100103/UseBB-1.0.11-Cross-Site-Request-Forgery-Local-File-Inclusion.html" + }, + { + "refsource": "MISC", + "name": "https://www.immuniweb.com/advisory/HTB22913", + "url": "https://www.immuniweb.com/advisory/HTB22913" } ] } diff --git a/2018/13xxx/CVE-2018-13379.json b/2018/13xxx/CVE-2018-13379.json index 2a05c9186c2..4c824af5f7c 100644 --- a/2018/13xxx/CVE-2018-13379.json +++ b/2018/13xxx/CVE-2018-13379.json @@ -83,7 +83,7 @@ "description_data": [ { "lang": "eng", - "value": "An Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests." + "value": "An Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests." } ] } diff --git a/2019/19xxx/CVE-2019-19592.json b/2019/19xxx/CVE-2019-19592.json index 5f2ad3c0ca7..cb5243b9af3 100644 --- a/2019/19xxx/CVE-2019-19592.json +++ b/2019/19xxx/CVE-2019-19592.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Jama Connect 8.44.0 has XSS via the \"Import File and Destination\" tab on the \"Data import wizard\" screen." + "value": "Jama Connect 8.44.0 is vulnerable to stored Cross-Site Scripting" } ] }, diff --git a/2019/6xxx/CVE-2019-6146.json b/2019/6xxx/CVE-2019-6146.json index 62f1bdc14fa..d409d27223f 100644 --- a/2019/6xxx/CVE-2019-6146.json +++ b/2019/6xxx/CVE-2019-6146.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6146", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6146", + "ASSIGNER": "psirt@forcepoint.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Forcepoint Web Security", + "version": { + "version_data": [ + { + "version_value": "8.5, 8.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.forcepoint.com/KBArticle?id=000017702", + "url": "https://support.forcepoint.com/KBArticle?id=000017702" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 (Medium) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)" } ] } diff --git a/2019/6xxx/CVE-2019-6695.json b/2019/6xxx/CVE-2019-6695.json index 45e9d53892d..9e5cc15c8b8 100644 --- a/2019/6xxx/CVE-2019-6695.json +++ b/2019/6xxx/CVE-2019-6695.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods." + "value": "Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods." } ] } diff --git a/2020/7xxx/CVE-2020-7109.json b/2020/7xxx/CVE-2020-7109.json index d280ff03a4b..4cfa1dc0cab 100644 --- a/2020/7xxx/CVE-2020-7109.json +++ b/2020/7xxx/CVE-2020-7109.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7109", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7109", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/elementor/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/elementor/#developers" } ] } diff --git a/2020/7xxx/CVE-2020-7903.json b/2020/7xxx/CVE-2020-7903.json new file mode 100644 index 00000000000..afc73b62d4c --- /dev/null +++ b/2020/7xxx/CVE-2020-7903.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7903", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 3de3d04d20be361443a4d921f38d2aa16393a844 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 18:01:16 +0000 Subject: [PATCH 217/387] "-Synchronized-Data." --- 2011/3xxx/CVE-2011-3612.json | 60 ++++++++++++++++++++++++++++++++++-- 2011/3xxx/CVE-2011-3613.json | 55 +++++++++++++++++++++++++++++++-- 2011/3xxx/CVE-2011-3614.json | 55 +++++++++++++++++++++++++++++++-- 2011/3xxx/CVE-2011-3621.json | 55 +++++++++++++++++++++++++++++++-- 4 files changed, 213 insertions(+), 12 deletions(-) diff --git a/2011/3xxx/CVE-2011-3612.json b/2011/3xxx/CVE-2011-3612.json index 18325f4a92b..4ffd4e0d979 100644 --- a/2011/3xxx/CVE-2011-3612.json +++ b/2011/3xxx/CVE-2011-3612.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3612", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "UseBB", + "version": { + "version_data": [ + { + "version_value": "before 1.0.12" + } + ] + } + } + ] + }, + "vendor_name": "UseBB" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CSRF" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/10/10/4", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/10/10/4" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/100103/UseBB-1.0.11-Cross-Site-Request-Forgery-Local-File-Inclusion.html", + "url": "https://packetstormsecurity.com/files/100103/UseBB-1.0.11-Cross-Site-Request-Forgery-Local-File-Inclusion.html" + }, + { + "refsource": "MISC", + "name": "https://www.immuniweb.com/advisory/HTB22913", + "url": "https://www.immuniweb.com/advisory/HTB22913" } ] } diff --git a/2011/3xxx/CVE-2011-3613.json b/2011/3xxx/CVE-2011-3613.json index 73d866de283..4e6098e44ab 100644 --- a/2011/3xxx/CVE-2011-3613.json +++ b/2011/3xxx/CVE-2011-3613.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3613", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Vanilla", + "product": { + "product_data": [ + { + "product_name": "Vanilla Forums", + "version": { + "version_data": [ + { + "version_value": "before 2.0.17.9" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cookie theft" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/10/10/5", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/10/10/5" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html", + "url": "https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html" } ] } diff --git a/2011/3xxx/CVE-2011-3614.json b/2011/3xxx/CVE-2011-3614.json index 83ab13ba0d4..6369efb7c79 100644 --- a/2011/3xxx/CVE-2011-3614.json +++ b/2011/3xxx/CVE-2011-3614.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3614", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Vanilla", + "product": { + "product_data": [ + { + "product_name": "Vanilla Forums", + "version": { + "version_data": [ + { + "version_value": "before 2.0.17.9" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "incorrect access control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/10/10/5", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/10/10/5" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html", + "url": "https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html" } ] } diff --git a/2011/3xxx/CVE-2011-3621.json b/2011/3xxx/CVE-2011-3621.json index da5aac69f26..d8ec627a28d 100644 --- a/2011/3xxx/CVE-2011-3621.json +++ b/2011/3xxx/CVE-2011-3621.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3621", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FluxBB", + "product": { + "product_data": [ + { + "product_name": "FluxBB", + "version": { + "version_data": [ + { + "version_value": "before 1.4.7" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "mishandles reverse proxying" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/10/18/8", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/10/18/8" + }, + { + "refsource": "MISC", + "name": "https://fluxbb.org/forums/viewtopic.php?id=5751", + "url": "https://fluxbb.org/forums/viewtopic.php?id=5751" } ] } From e2a2c9364ec93d18b9bc5358a7b885f1702ea20f Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Wed, 22 Jan 2020 11:26:28 -0700 Subject: [PATCH 218/387] add CVE-2019-16792 for GHSA-4ppp-gpcr-7qf6 --- 2019/16xxx/CVE-2019-16792.json | 95 ++++++++++++++++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 2019/16xxx/CVE-2019-16792.json diff --git a/2019/16xxx/CVE-2019-16792.json b/2019/16xxx/CVE-2019-16792.json new file mode 100644 index 00000000000..43d55710043 --- /dev/null +++ b/2019/16xxx/CVE-2019-16792.json @@ -0,0 +1,95 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", + "ID": "CVE-2019-16792", + "STATE": "PUBLIC", + "TITLE": "HTTP Request Smuggling: Content-Length Sent Twice in Waitress" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Waitress", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 1.3.1", + "version_value": "1.3.1" + } + ] + } + } + ] + }, + "vendor_name": "Pylons" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining.\n\nThis issue is fixed in Waitress 1.4.0." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6", + "refsource": "CONFIRM", + "url": "https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6" + }, + { + "name": "https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes", + "refsource": "MISC", + "url": "https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes" + }, + { + "name": "https://github.com/Pylons/waitress/commit/575994cd42e83fd772a5f7ec98b2c56751bd3f65", + "refsource": "MISC", + "url": "https://github.com/Pylons/waitress/commit/575994cd42e83fd772a5f7ec98b2c56751bd3f65" + } + ] + }, + "source": { + "advisory": "GHSA-4ppp-gpcr-7qf6", + "discovery": "UNKNOWN" + } +} From b5845bdec10e099ef2d0451b37387ed7878fded1 Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Wed, 22 Jan 2020 11:44:44 -0700 Subject: [PATCH 219/387] add CVE-2020-5221 for GHSA-wmx8-v7mx-6x9h --- 2020/5xxx/CVE-2020-5221.json | 84 +++++++++++++++++++++++++++++++++--- 1 file changed, 77 insertions(+), 7 deletions(-) diff --git a/2020/5xxx/CVE-2020-5221.json b/2020/5xxx/CVE-2020-5221.json index d621245101a..17891b023bd 100644 --- a/2020/5xxx/CVE-2020-5221.json +++ b/2020/5xxx/CVE-2020-5221.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5221", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Directory Traversal (Chroot Escape) vulnerability in uftpd" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "uftpd", + "version": { + "version_data": [ + { + "version_value": "< 2.11" + } + ] + } + } + ] + }, + "vendor_name": "troglobit" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has been fixed in version 2.11" } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/troglobit/uftpd/security/advisories/GHSA-wmx8-v7mx-6x9h", + "refsource": "CONFIRM", + "url": "https://github.com/troglobit/uftpd/security/advisories/GHSA-wmx8-v7mx-6x9h" + }, + { + "name": "https://github.com/troglobit/uftpd/commit/455b47d3756aed162d2d0ef7f40b549f3b5b30fe", + "refsource": "MISC", + "url": "https://github.com/troglobit/uftpd/commit/455b47d3756aed162d2d0ef7f40b549f3b5b30fe" + } + ] + }, + "source": { + "advisory": "GHSA-wmx8-v7mx-6x9h", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} From 401445b8b52028e430f75dc356761730622d0dee Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 19:01:16 +0000 Subject: [PATCH 220/387] "-Synchronized-Data." --- 2012/4xxx/CVE-2012-4919.json | 55 ++++++++++++++++++++++++++-- 2016/4xxx/CVE-2016-4761.json | 55 ++++++++++++++++++++++++++-- 2018/10xxx/CVE-2018-10653.json | 5 +++ 2018/5xxx/CVE-2018-5333.json | 5 +++ 2019/16xxx/CVE-2019-16792.json | 14 ++++---- 2019/17xxx/CVE-2019-17015.json | 5 +++ 2019/17xxx/CVE-2019-17016.json | 5 +++ 2019/17xxx/CVE-2019-17017.json | 5 +++ 2019/17xxx/CVE-2019-17021.json | 5 +++ 2019/17xxx/CVE-2019-17022.json | 5 +++ 2019/17xxx/CVE-2019-17024.json | 5 +++ 2019/17xxx/CVE-2019-17621.json | 5 +++ 2019/19xxx/CVE-2019-19834.json | 66 ++++++++++++++++++++++++++++++---- 2019/19xxx/CVE-2019-19836.json | 66 ++++++++++++++++++++++++++++++---- 2019/19xxx/CVE-2019-19843.json | 66 ++++++++++++++++++++++++++++++---- 2019/20xxx/CVE-2019-20330.json | 30 ++++++++++++++++ 2019/6xxx/CVE-2019-6205.json | 5 +++ 2019/9xxx/CVE-2019-9213.json | 5 +++ 2020/7xxx/CVE-2020-7228.json | 5 +++ 19 files changed, 381 insertions(+), 31 deletions(-) diff --git a/2012/4xxx/CVE-2012-4919.json b/2012/4xxx/CVE-2012-4919.json index 0d32279b375..4fed5a84ced 100644 --- a/2012/4xxx/CVE-2012-4919.json +++ b/2012/4xxx/CVE-2012-4919.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2012-4919", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Gallery Plugin authors", + "product": { + "product_data": [ + { + "product_name": "Gallery", + "version": { + "version_data": [ + { + "version_value": "1.4" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote File Include" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/57650", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/57650" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81713", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81713" } ] } diff --git a/2016/4xxx/CVE-2016-4761.json b/2016/4xxx/CVE-2016-4761.json index f8c809dc72c..d12ced345d4 100644 --- a/2016/4xxx/CVE-2016-4761.json +++ b/2016/4xxx/CVE-2016-4761.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "product-security@apple.com", "ID": "CVE-2016-4761", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebKitGTK+", + "version": { + "version_data": [ + { + "version_value": "before 2.14.0" + } + ] + } + } + ] + }, + "vendor_name": "WebKitGTK+" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2016/11/04/14", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/11/04/14" + }, + { + "url": "http://www.ubuntu.com/usn/USN-3166-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3166-1" } ] } diff --git a/2018/10xxx/CVE-2018-10653.json b/2018/10xxx/CVE-2018-10653.json index 98d5326fbae..82e19ccd7d2 100644 --- a/2018/10xxx/CVE-2018-10653.json +++ b/2018/10xxx/CVE-2018-10653.json @@ -56,6 +56,11 @@ "name": "https://support.citrix.com/article/CTX234879", "refsource": "CONFIRM", "url": "https://support.citrix.com/article/CTX234879" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156037/Citrix-XenMobile-Server-10.8-XML-Injection.html", + "url": "http://packetstormsecurity.com/files/156037/Citrix-XenMobile-Server-10.8-XML-Injection.html" } ] } diff --git a/2018/5xxx/CVE-2018-5333.json b/2018/5xxx/CVE-2018-5333.json index b950ad4ab44..7fa4ad8ce9c 100644 --- a/2018/5xxx/CVE-2018-5333.json +++ b/2018/5xxx/CVE-2018-5333.json @@ -121,6 +121,11 @@ "name": "USN-3619-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-1/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html" } ] } diff --git a/2019/16xxx/CVE-2019-16792.json b/2019/16xxx/CVE-2019-16792.json index 43d55710043..4ecd6816e22 100644 --- a/2019/16xxx/CVE-2019-16792.json +++ b/2019/16xxx/CVE-2019-16792.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining.\n\nThis issue is fixed in Waitress 1.4.0." + "value": "Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0." } ] }, @@ -71,16 +71,16 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6", - "refsource": "CONFIRM", - "url": "https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6" - }, { "name": "https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes", "refsource": "MISC", "url": "https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes" }, + { + "name": "https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6", + "refsource": "CONFIRM", + "url": "https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6" + }, { "name": "https://github.com/Pylons/waitress/commit/575994cd42e83fd772a5f7ec98b2c56751bd3f65", "refsource": "MISC", @@ -92,4 +92,4 @@ "advisory": "GHSA-4ppp-gpcr-7qf6", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17015.json b/2019/17xxx/CVE-2019-17015.json index aa4c0fca029..eef6e83b660 100644 --- a/2019/17xxx/CVE-2019-17015.json +++ b/2019/17xxx/CVE-2019-17015.json @@ -83,6 +83,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0060", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0094", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17016.json b/2019/17xxx/CVE-2019-17016.json index 4dda9947338..fe69164d88d 100644 --- a/2019/17xxx/CVE-2019-17016.json +++ b/2019/17xxx/CVE-2019-17016.json @@ -153,6 +153,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2071-1] thunderbird security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0094", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17017.json b/2019/17xxx/CVE-2019-17017.json index e0f89fee1f6..d954fb99d5f 100644 --- a/2019/17xxx/CVE-2019-17017.json +++ b/2019/17xxx/CVE-2019-17017.json @@ -153,6 +153,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2071-1] thunderbird security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0094", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17021.json b/2019/17xxx/CVE-2019-17021.json index 2d8c5c24c83..da9fb94ca88 100644 --- a/2019/17xxx/CVE-2019-17021.json +++ b/2019/17xxx/CVE-2019-17021.json @@ -83,6 +83,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0060", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0094", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17022.json b/2019/17xxx/CVE-2019-17022.json index e759fbccaf0..ea28b1223b4 100644 --- a/2019/17xxx/CVE-2019-17022.json +++ b/2019/17xxx/CVE-2019-17022.json @@ -153,6 +153,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2071-1] thunderbird security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0094", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17024.json b/2019/17xxx/CVE-2019-17024.json index 8f55d5b36ff..0caf2fe36b2 100644 --- a/2019/17xxx/CVE-2019-17024.json +++ b/2019/17xxx/CVE-2019-17024.json @@ -153,6 +153,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2071-1] thunderbird security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0094", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17621.json b/2019/17xxx/CVE-2019-17621.json index ba5cdc63ca4..b1f7d8c1581 100644 --- a/2019/17xxx/CVE-2019-17621.json +++ b/2019/17xxx/CVE-2019-17621.json @@ -81,6 +81,11 @@ "refsource": "MISC", "name": "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", "url": "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html" } ] } diff --git a/2019/19xxx/CVE-2019-19834.json b/2019/19xxx/CVE-2019-19834.json index bbe1690e1ae..20afd64b22c 100644 --- a/2019/19xxx/CVE-2019-19834.json +++ b/2019/19xxx/CVE-2019-19834.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19834", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19834", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html", + "refsource": "MISC", + "name": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html" + }, + { + "refsource": "MISC", + "name": "https://www.ruckuswireless.com/security/299/view/txt", + "url": "https://www.ruckuswireless.com/security/299/view/txt" + }, + { + "refsource": "MISC", + "name": "https://alephsecurity.com/2020/01/14/ruckus-wireless", + "url": "https://alephsecurity.com/2020/01/14/ruckus-wireless" } ] } diff --git a/2019/19xxx/CVE-2019-19836.json b/2019/19xxx/CVE-2019-19836.json index 6774b62063f..947a03748e2 100644 --- a/2019/19xxx/CVE-2019-19836.json +++ b/2019/19xxx/CVE-2019-19836.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19836", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19836", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html", + "refsource": "MISC", + "name": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html" + }, + { + "refsource": "MISC", + "name": "https://www.ruckuswireless.com/security/299/view/txt", + "url": "https://www.ruckuswireless.com/security/299/view/txt" + }, + { + "refsource": "MISC", + "name": "https://alephsecurity.com/2020/01/14/ruckus-wireless", + "url": "https://alephsecurity.com/2020/01/14/ruckus-wireless" } ] } diff --git a/2019/19xxx/CVE-2019-19843.json b/2019/19xxx/CVE-2019-19843.json index 180c4c3e20a..c9ab96affd0 100644 --- a/2019/19xxx/CVE-2019-19843.json +++ b/2019/19xxx/CVE-2019-19843.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19843", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19843", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html", + "refsource": "MISC", + "name": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html" + }, + { + "refsource": "MISC", + "name": "https://www.ruckuswireless.com/security/299/view/txt", + "url": "https://www.ruckuswireless.com/security/299/view/txt" + }, + { + "refsource": "MISC", + "name": "https://alephsecurity.com/2020/01/14/ruckus-wireless", + "url": "https://alephsecurity.com/2020/01/14/ruckus-wireless" } ] } diff --git a/2019/20xxx/CVE-2019-20330.json b/2019/20xxx/CVE-2019-20330.json index 334ba3642ed..aa95f508601 100644 --- a/2019/20xxx/CVE-2019-20330.json +++ b/2019/20xxx/CVE-2019-20330.json @@ -106,6 +106,36 @@ "refsource": "MLIST", "name": "[zookeeper-issues] 20200118 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330", "url": "https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200122 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-dev] 20200122 Re: 3.5.7", + "url": "https://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c@%3Cdev.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200122 [jira] [Assigned] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20200122 [GitHub] [zookeeper] phunt commented on issue #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8@%3Cnotifications.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200122 [jira] [Updated] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20200122 [GitHub] [zookeeper] phunt opened a new pull request #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0@%3Cnotifications.zookeeper.apache.org%3E" } ] } diff --git a/2019/6xxx/CVE-2019-6205.json b/2019/6xxx/CVE-2019-6205.json index a5052cc006b..612a2370b29 100644 --- a/2019/6xxx/CVE-2019-6205.json +++ b/2019/6xxx/CVE-2019-6205.json @@ -99,6 +99,11 @@ "name": "https://support.apple.com/HT209447", "refsource": "CONFIRM", "url": "https://support.apple.com/HT209447" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156051/XNU-vm_map_copy-Insufficient-Fix.html", + "url": "http://packetstormsecurity.com/files/156051/XNU-vm_map_copy-Insufficient-Fix.html" } ] } diff --git a/2019/9xxx/CVE-2019-9213.json b/2019/9xxx/CVE-2019-9213.json index d4d2095c96a..2629628b366 100644 --- a/2019/9xxx/CVE-2019-9213.json +++ b/2019/9xxx/CVE-2019-9213.json @@ -176,6 +176,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1480", "url": "https://access.redhat.com/errata/RHSA-2019:1480" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html" } ] } diff --git a/2020/7xxx/CVE-2020-7228.json b/2020/7xxx/CVE-2020-7228.json index 9a602492c88..0e6a526b62a 100644 --- a/2020/7xxx/CVE-2020-7228.json +++ b/2020/7xxx/CVE-2020-7228.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://spider-security.co.uk/blog-cve-2020-7228", "url": "https://spider-security.co.uk/blog-cve-2020-7228" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10043", + "url": "https://wpvulndb.com/vulnerabilities/10043" } ] } From abdcdc312e85b18bc2e40091206c1acc4ae9272d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 20:01:09 +0000 Subject: [PATCH 221/387] "-Synchronized-Data." --- 2011/3xxx/CVE-2011-3622.json | 55 ++++++++++++++++++++++++++++++++++-- 1 file changed, 52 insertions(+), 3 deletions(-) diff --git a/2011/3xxx/CVE-2011-3622.json b/2011/3xxx/CVE-2011-3622.json index 7b9339ea16f..43f5b174300 100644 --- a/2011/3xxx/CVE-2011-3622.json +++ b/2011/3xxx/CVE-2011-3622.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3622", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Phorum", + "product": { + "product_data": [ + { + "product_name": "Phorum", + "version": { + "version_data": [ + { + "version_value": "before 5.2.18" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/10/18/9", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/10/18/9" + }, + { + "refsource": "MISC", + "name": "https://www.phorum.org/phorum5/read.php?64,149588", + "url": "https://www.phorum.org/phorum5/read.php?64,149588" } ] } From 132f82f5ba03728880027d28ea0065864ecd6d25 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 21:01:05 +0000 Subject: [PATCH 222/387] "-Synchronized-Data." --- 2019/19xxx/CVE-2019-19840.json | 66 ++++++++++++++++++++++++++++++---- 2019/19xxx/CVE-2019-19841.json | 66 ++++++++++++++++++++++++++++++---- 2019/19xxx/CVE-2019-19842.json | 66 ++++++++++++++++++++++++++++++---- 3 files changed, 180 insertions(+), 18 deletions(-) diff --git a/2019/19xxx/CVE-2019-19840.json b/2019/19xxx/CVE-2019-19840.json index ad90ec177a0..1d55ce8e1b0 100644 --- a/2019/19xxx/CVE-2019-19840.json +++ b/2019/19xxx/CVE-2019-19840.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19840", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19840", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html", + "refsource": "MISC", + "name": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html" + }, + { + "refsource": "MISC", + "name": "https://www.ruckuswireless.com/security/299/view/txt", + "url": "https://www.ruckuswireless.com/security/299/view/txt" + }, + { + "refsource": "MISC", + "name": "https://alephsecurity.com/2020/01/14/ruckus-wireless", + "url": "https://alephsecurity.com/2020/01/14/ruckus-wireless" } ] } diff --git a/2019/19xxx/CVE-2019-19841.json b/2019/19xxx/CVE-2019-19841.json index 82352a10e87..4c3138f8aa2 100644 --- a/2019/19xxx/CVE-2019-19841.json +++ b/2019/19xxx/CVE-2019-19841.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19841", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19841", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html", + "refsource": "MISC", + "name": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html" + }, + { + "refsource": "MISC", + "name": "https://www.ruckuswireless.com/security/299/view/txt", + "url": "https://www.ruckuswireless.com/security/299/view/txt" + }, + { + "refsource": "MISC", + "name": "https://alephsecurity.com/2020/01/14/ruckus-wireless", + "url": "https://alephsecurity.com/2020/01/14/ruckus-wireless" } ] } diff --git a/2019/19xxx/CVE-2019-19842.json b/2019/19xxx/CVE-2019-19842.json index d447b41cccb..0ecdc0be38a 100644 --- a/2019/19xxx/CVE-2019-19842.json +++ b/2019/19xxx/CVE-2019-19842.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19842", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19842", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html", + "refsource": "MISC", + "name": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html" + }, + { + "refsource": "MISC", + "name": "https://www.ruckuswireless.com/security/299/view/txt", + "url": "https://www.ruckuswireless.com/security/299/view/txt" + }, + { + "refsource": "MISC", + "name": "https://alephsecurity.com/2020/01/14/ruckus-wireless", + "url": "https://alephsecurity.com/2020/01/14/ruckus-wireless" } ] } From 334ccc76494601d4c682db2d239b3b5b60592c19 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 22:01:08 +0000 Subject: [PATCH 223/387] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20391.json | 77 ++++++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20392.json | 77 ++++++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20393.json | 77 ++++++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20394.json | 77 ++++++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20395.json | 77 ++++++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20396.json | 72 +++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20397.json | 77 ++++++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20398.json | 77 ++++++++++++++++++++++++++++++++++ 8 files changed, 611 insertions(+) create mode 100644 2019/20xxx/CVE-2019-20391.json create mode 100644 2019/20xxx/CVE-2019-20392.json create mode 100644 2019/20xxx/CVE-2019-20393.json create mode 100644 2019/20xxx/CVE-2019-20394.json create mode 100644 2019/20xxx/CVE-2019-20395.json create mode 100644 2019/20xxx/CVE-2019-20396.json create mode 100644 2019/20xxx/CVE-2019-20397.json create mode 100644 2019/20xxx/CVE-2019-20398.json diff --git a/2019/20xxx/CVE-2019-20391.json b/2019/20xxx/CVE-2019-20391.json new file mode 100644 index 00000000000..abd41bbb929 --- /dev/null +++ b/2019/20xxx/CVE-2019-20391.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CESNET/libyang/commit/bdb596ddc07596fa212f231135b87d0b9178f6f8", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/commit/bdb596ddc07596fa212f231135b87d0b9178f6f8" + }, + { + "url": "https://github.com/CESNET/libyang/issues/772", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/issues/772" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793934", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793934" + }, + { + "url": "https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20392.json b/2019/20xxx/CVE-2019-20392.json new file mode 100644 index 00000000000..39c2d81f8b6 --- /dev/null +++ b/2019/20xxx/CVE-2019-20392.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5" + }, + { + "url": "https://github.com/CESNET/libyang/issues/723", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/issues/723" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922" + }, + { + "url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20393.json b/2019/20xxx/CVE-2019-20393.json new file mode 100644 index 00000000000..285015fc62e --- /dev/null +++ b/2019/20xxx/CVE-2019-20393.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1" + }, + { + "url": "https://github.com/CESNET/libyang/issues/742", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/issues/742" + }, + { + "url": "https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793930", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793930" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20394.json b/2019/20xxx/CVE-2019-20394.json new file mode 100644 index 00000000000..9a24648b26d --- /dev/null +++ b/2019/20xxx/CVE-2019-20394.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3" + }, + { + "url": "https://github.com/CESNET/libyang/issues/769", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/issues/769" + }, + { + "url": "https://github.com/CESNET/libyang/commit/6cc51b1757dfbb7cff92de074ada65e8523289a6", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/commit/6cc51b1757dfbb7cff92de074ada65e8523289a6" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793932", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793932" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20395.json b/2019/20xxx/CVE-2019-20395.json new file mode 100644 index 00000000000..cc4c7703b2d --- /dev/null +++ b/2019/20xxx/CVE-2019-20395.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1" + }, + { + "url": "https://github.com/CESNET/libyang/issues/724", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/issues/724" + }, + { + "url": "https://github.com/CESNET/libyang/commit/4e610ccd87a2ba9413819777d508f71163fcc237", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/commit/4e610ccd87a2ba9413819777d508f71163fcc237" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793924", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793924" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20396.json b/2019/20xxx/CVE-2019-20396.json new file mode 100644 index 00000000000..afe7da8eaea --- /dev/null +++ b/2019/20xxx/CVE-2019-20396.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1" + }, + { + "url": "https://github.com/CESNET/libyang/issues/740", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/issues/740" + }, + { + "url": "https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20397.json b/2019/20xxx/CVE-2019-20397.json new file mode 100644 index 00000000000..faa77fcaaa0 --- /dev/null +++ b/2019/20xxx/CVE-2019-20397.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1" + }, + { + "url": "https://github.com/CESNET/libyang/issues/739", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/issues/739" + }, + { + "url": "https://github.com/CESNET/libyang/commit/88bd6c548ba79bce176cd875e9b56e7e0ef4d8d4", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/commit/88bd6c548ba79bce176cd875e9b56e7e0ef4d8d4" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793928", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793928" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20398.json b/2019/20xxx/CVE-2019-20398.json new file mode 100644 index 00000000000..efeed5fef71 --- /dev/null +++ b/2019/20xxx/CVE-2019-20398.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3" + }, + { + "url": "https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08" + }, + { + "url": "https://github.com/CESNET/libyang/issues/773", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/issues/773" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793935", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793935" + } + ] + } +} \ No newline at end of file From 96870e4d3856aff7cbd6f9c1bbfb31db1a27361e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 23:01:08 +0000 Subject: [PATCH 224/387] "-Synchronized-Data." --- 2012/1xxx/CVE-2012-1592.json | 5 +++ 2020/7xxx/CVE-2020-7904.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7905.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7906.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7907.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7908.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7909.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7910.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7911.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7912.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7913.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7914.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7915.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7916.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7917.json | 18 +++++++++++ 15 files changed, 301 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7904.json create mode 100644 2020/7xxx/CVE-2020-7905.json create mode 100644 2020/7xxx/CVE-2020-7906.json create mode 100644 2020/7xxx/CVE-2020-7907.json create mode 100644 2020/7xxx/CVE-2020-7908.json create mode 100644 2020/7xxx/CVE-2020-7909.json create mode 100644 2020/7xxx/CVE-2020-7910.json create mode 100644 2020/7xxx/CVE-2020-7911.json create mode 100644 2020/7xxx/CVE-2020-7912.json create mode 100644 2020/7xxx/CVE-2020-7913.json create mode 100644 2020/7xxx/CVE-2020-7914.json create mode 100644 2020/7xxx/CVE-2020-7915.json create mode 100644 2020/7xxx/CVE-2020-7916.json create mode 100644 2020/7xxx/CVE-2020-7917.json diff --git a/2012/1xxx/CVE-2012-1592.json b/2012/1xxx/CVE-2012-1592.json index a8d0f999c7d..06384fa915e 100644 --- a/2012/1xxx/CVE-2012-1592.json +++ b/2012/1xxx/CVE-2012-1592.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2012/03/28/12", "url": "http://www.openwall.com/lists/oss-security/2012/03/28/12" + }, + { + "refsource": "MLIST", + "name": "[struts-issues] 20200122 [jira] [Created] (WW-5055) Fix for security vulnerability CVE-2012-1592 identified in the National Vulnerability Database", + "url": "https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E" } ] } diff --git a/2020/7xxx/CVE-2020-7904.json b/2020/7xxx/CVE-2020-7904.json new file mode 100644 index 00000000000..6c411f7b530 --- /dev/null +++ b/2020/7xxx/CVE-2020-7904.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7904", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7905.json b/2020/7xxx/CVE-2020-7905.json new file mode 100644 index 00000000000..a1f759d07b8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7905.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7905", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7906.json b/2020/7xxx/CVE-2020-7906.json new file mode 100644 index 00000000000..38ae78d0a79 --- /dev/null +++ b/2020/7xxx/CVE-2020-7906.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7906", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7907.json b/2020/7xxx/CVE-2020-7907.json new file mode 100644 index 00000000000..a574a24fd7b --- /dev/null +++ b/2020/7xxx/CVE-2020-7907.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7907", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7908.json b/2020/7xxx/CVE-2020-7908.json new file mode 100644 index 00000000000..f06fa696f26 --- /dev/null +++ b/2020/7xxx/CVE-2020-7908.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7908", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7909.json b/2020/7xxx/CVE-2020-7909.json new file mode 100644 index 00000000000..e23f1fa6894 --- /dev/null +++ b/2020/7xxx/CVE-2020-7909.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7909", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7910.json b/2020/7xxx/CVE-2020-7910.json new file mode 100644 index 00000000000..7d7cfd53f71 --- /dev/null +++ b/2020/7xxx/CVE-2020-7910.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7910", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7911.json b/2020/7xxx/CVE-2020-7911.json new file mode 100644 index 00000000000..6e85dc61f0b --- /dev/null +++ b/2020/7xxx/CVE-2020-7911.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7911", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7912.json b/2020/7xxx/CVE-2020-7912.json new file mode 100644 index 00000000000..8d6772a7b73 --- /dev/null +++ b/2020/7xxx/CVE-2020-7912.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7912", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7913.json b/2020/7xxx/CVE-2020-7913.json new file mode 100644 index 00000000000..abbd988ba56 --- /dev/null +++ b/2020/7xxx/CVE-2020-7913.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7913", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7914.json b/2020/7xxx/CVE-2020-7914.json new file mode 100644 index 00000000000..d36e59a4da3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7914.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7914", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7915.json b/2020/7xxx/CVE-2020-7915.json new file mode 100644 index 00000000000..430b3f1b497 --- /dev/null +++ b/2020/7xxx/CVE-2020-7915.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI field allows XSS attacks by an administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/eaton-authenticated-stored-cross-site.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/eaton-authenticated-stored-cross-site.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7916.json b/2020/7xxx/CVE-2020-7916.json new file mode 100644 index 00000000000..f9b26146178 --- /dev/null +++ b/2020/7xxx/CVE-2020-7916.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7916", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7917.json b/2020/7xxx/CVE-2020-7917.json new file mode 100644 index 00000000000..0b121199c9f --- /dev/null +++ b/2020/7xxx/CVE-2020-7917.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7917", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 604118f507d46f0fae2a3136c5a2e63caff11929 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Jan 2020 00:01:08 +0000 Subject: [PATCH 225/387] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20399.json | 62 ++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7918.json | 18 ++++++++++ 2 files changed, 80 insertions(+) create mode 100644 2019/20xxx/CVE-2019-20399.json create mode 100644 2020/7xxx/CVE-2020-7918.json diff --git a/2019/20xxx/CVE-2019-20399.json b/2019/20xxx/CVE-2019-20399.json new file mode 100644 index 00000000000..1358c874608 --- /dev/null +++ b/2019/20xxx/CVE-2019-20399.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20399", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/paritytech/libsecp256k1/commit/11ba23a9766a5079918cd9f515bc100bc8164b50", + "refsource": "MISC", + "name": "https://github.com/paritytech/libsecp256k1/commit/11ba23a9766a5079918cd9f515bc100bc8164b50" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7918.json b/2020/7xxx/CVE-2020-7918.json new file mode 100644 index 00000000000..291846da119 --- /dev/null +++ b/2020/7xxx/CVE-2020-7918.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7918", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 5ddd41dacc265b43d773fd09c6e9eb63a6de483d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Jan 2020 01:01:11 +0000 Subject: [PATCH 226/387] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20009.json | 5 +++++ 2019/20xxx/CVE-2019-20010.json | 5 +++++ 2019/20xxx/CVE-2019-20011.json | 5 +++++ 2019/20xxx/CVE-2019-20012.json | 5 +++++ 2019/20xxx/CVE-2019-20013.json | 5 +++++ 2019/20xxx/CVE-2019-20014.json | 5 +++++ 2019/20xxx/CVE-2019-20015.json | 5 +++++ 2019/9xxx/CVE-2019-9770.json | 5 +++++ 2019/9xxx/CVE-2019-9771.json | 5 +++++ 2019/9xxx/CVE-2019-9772.json | 5 +++++ 2019/9xxx/CVE-2019-9773.json | 5 +++++ 2019/9xxx/CVE-2019-9774.json | 5 +++++ 2019/9xxx/CVE-2019-9775.json | 5 +++++ 2019/9xxx/CVE-2019-9776.json | 5 +++++ 2019/9xxx/CVE-2019-9777.json | 5 +++++ 2019/9xxx/CVE-2019-9778.json | 5 +++++ 2019/9xxx/CVE-2019-9779.json | 5 +++++ 17 files changed, 85 insertions(+) diff --git a/2019/20xxx/CVE-2019-20009.json b/2019/20xxx/CVE-2019-20009.json index e819f473c48..57c2a3c9186 100644 --- a/2019/20xxx/CVE-2019-20009.json +++ b/2019/20xxx/CVE-2019-20009.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0068", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/20xxx/CVE-2019-20010.json b/2019/20xxx/CVE-2019-20010.json index 44deb4afe62..4f601a1fc2e 100644 --- a/2019/20xxx/CVE-2019-20010.json +++ b/2019/20xxx/CVE-2019-20010.json @@ -66,6 +66,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0068", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/20xxx/CVE-2019-20011.json b/2019/20xxx/CVE-2019-20011.json index 1eeac942dcc..e9b07669e56 100644 --- a/2019/20xxx/CVE-2019-20011.json +++ b/2019/20xxx/CVE-2019-20011.json @@ -66,6 +66,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0068", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/20xxx/CVE-2019-20012.json b/2019/20xxx/CVE-2019-20012.json index f6c6d6a1846..c3cf51b8545 100644 --- a/2019/20xxx/CVE-2019-20012.json +++ b/2019/20xxx/CVE-2019-20012.json @@ -66,6 +66,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0068", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/20xxx/CVE-2019-20013.json b/2019/20xxx/CVE-2019-20013.json index 49d297010fb..e0d7dcf4177 100644 --- a/2019/20xxx/CVE-2019-20013.json +++ b/2019/20xxx/CVE-2019-20013.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0068", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/20xxx/CVE-2019-20014.json b/2019/20xxx/CVE-2019-20014.json index 17bf25e3839..65688d788b9 100644 --- a/2019/20xxx/CVE-2019-20014.json +++ b/2019/20xxx/CVE-2019-20014.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0068", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/20xxx/CVE-2019-20015.json b/2019/20xxx/CVE-2019-20015.json index 396608c2085..d46d9e9b174 100644 --- a/2019/20xxx/CVE-2019-20015.json +++ b/2019/20xxx/CVE-2019-20015.json @@ -66,6 +66,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0068", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/9xxx/CVE-2019-9770.json b/2019/9xxx/CVE-2019-9770.json index 97a9d854372..f00be15e3d3 100644 --- a/2019/9xxx/CVE-2019-9770.json +++ b/2019/9xxx/CVE-2019-9770.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0068", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/9xxx/CVE-2019-9771.json b/2019/9xxx/CVE-2019-9771.json index fa8119ba0e0..13a2cc16f99 100644 --- a/2019/9xxx/CVE-2019-9771.json +++ b/2019/9xxx/CVE-2019-9771.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0068", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/9xxx/CVE-2019-9772.json b/2019/9xxx/CVE-2019-9772.json index ae82e4d292a..0a99969bae8 100644 --- a/2019/9xxx/CVE-2019-9772.json +++ b/2019/9xxx/CVE-2019-9772.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0068", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/9xxx/CVE-2019-9773.json b/2019/9xxx/CVE-2019-9773.json index 0fce88e629c..5ce9be47c83 100644 --- a/2019/9xxx/CVE-2019-9773.json +++ b/2019/9xxx/CVE-2019-9773.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0068", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/9xxx/CVE-2019-9774.json b/2019/9xxx/CVE-2019-9774.json index de3e91154e6..6f8ba44ce1f 100644 --- a/2019/9xxx/CVE-2019-9774.json +++ b/2019/9xxx/CVE-2019-9774.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0068", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/9xxx/CVE-2019-9775.json b/2019/9xxx/CVE-2019-9775.json index eb690c43fa0..abcdcebfcec 100644 --- a/2019/9xxx/CVE-2019-9775.json +++ b/2019/9xxx/CVE-2019-9775.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0068", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/9xxx/CVE-2019-9776.json b/2019/9xxx/CVE-2019-9776.json index 347d4bbda19..8aa07ecc7f0 100644 --- a/2019/9xxx/CVE-2019-9776.json +++ b/2019/9xxx/CVE-2019-9776.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0068", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/9xxx/CVE-2019-9777.json b/2019/9xxx/CVE-2019-9777.json index e92c1c073a9..6e9eabf7965 100644 --- a/2019/9xxx/CVE-2019-9777.json +++ b/2019/9xxx/CVE-2019-9777.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0068", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/9xxx/CVE-2019-9778.json b/2019/9xxx/CVE-2019-9778.json index 6ed99cc875a..1d925acc435 100644 --- a/2019/9xxx/CVE-2019-9778.json +++ b/2019/9xxx/CVE-2019-9778.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0068", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/9xxx/CVE-2019-9779.json b/2019/9xxx/CVE-2019-9779.json index 2099b340d1e..a73dc51d675 100644 --- a/2019/9xxx/CVE-2019-9779.json +++ b/2019/9xxx/CVE-2019-9779.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0068", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } From 01a8ce4bcf7aeb86fe98e53a56431363b49f1eb5 Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Wed, 22 Jan 2020 18:29:39 -0700 Subject: [PATCH 227/387] add CVE-2020-5223 for GHSA-8j72-p2wm-6738 --- 2020/5xxx/CVE-2020-5223.json | 97 +++++++++++++++++++++++++++++++++--- 1 file changed, 90 insertions(+), 7 deletions(-) diff --git a/2020/5xxx/CVE-2020-5223.json b/2020/5xxx/CVE-2020-5223.json index 805e8ffdb96..933c23b951b 100644 --- a/2020/5xxx/CVE-2020-5223.json +++ b/2020/5xxx/CVE-2020-5223.json @@ -1,18 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5223", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Persistent XSS vulnerability in filename of attached file in PrivateBin" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PrivateBin", + "version": { + "version_data": [ + { + "version_value": ">= 1.2.0, < 1.2.2" + }, + { + "version_value": ">= 1.3.0, < 1.3.2" + } + ] + } + } + ] + }, + "vendor_name": "PrivateBin" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible.\n\nUnder certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting (XSS) vulnerability. \n\nThe vulnerability has been fixed in PrivateBin v1.3.2 & v1.2.2. Admins are urged to upgrade to these versions to protect the affected users." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-8j72-p2wm-6738", + "refsource": "CONFIRM", + "url": "https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-8j72-p2wm-6738" + }, + { + "name": "https://privatebin.info/news/v1.3.2-v1.2.2-release.html", + "refsource": "MISC", + "url": "https://privatebin.info/news/v1.3.2-v1.2.2-release.html" + }, + { + "name": "https://github.com/PrivateBin/PrivateBin/commit/8d0ac336d23cd8c98e71d5f21cdadcae9c8a26e6", + "refsource": "MISC", + "url": "https://github.com/PrivateBin/PrivateBin/commit/8d0ac336d23cd8c98e71d5f21cdadcae9c8a26e6" + }, + { + "name": "https://github.com/PrivateBin/PrivateBin/issues/554", + "refsource": "MISC", + "url": "https://github.com/PrivateBin/PrivateBin/issues/554" + } + ] + }, + "source": { + "advisory": "GHSA-8j72-p2wm-6738", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} From e10af35dbddebb394a0cf79b307466a295fddadd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Jan 2020 02:01:15 +0000 Subject: [PATCH 228/387] "-Synchronized-Data." --- 2020/5xxx/CVE-2020-5223.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2020/5xxx/CVE-2020-5223.json b/2020/5xxx/CVE-2020-5223.json index 933c23b951b..e0529a9f295 100644 --- a/2020/5xxx/CVE-2020-5223.json +++ b/2020/5xxx/CVE-2020-5223.json @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible.\n\nUnder certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting (XSS) vulnerability. \n\nThe vulnerability has been fixed in PrivateBin v1.3.2 & v1.2.2. Admins are urged to upgrade to these versions to protect the affected users." + "value": "In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting (XSS) vulnerability. The vulnerability has been fixed in PrivateBin v1.3.2 & v1.2.2. Admins are urged to upgrade to these versions to protect the affected users." } ] }, @@ -98,4 +98,4 @@ "advisory": "GHSA-8j72-p2wm-6738", "discovery": "UNKNOWN" } -} +} \ No newline at end of file From 52d381d5864424d69b253955eba5e80b6055f123 Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Wed, 22 Jan 2020 19:11:10 -0700 Subject: [PATCH 229/387] add CVE-2020-5217 for GHSA-xq52-rv6w-397c --- 2020/5xxx/CVE-2020-5217.json | 100 ++++++++++++++++++++++++++++++++--- 1 file changed, 93 insertions(+), 7 deletions(-) diff --git a/2020/5xxx/CVE-2020-5217.json b/2020/5xxx/CVE-2020-5217.json index 0b1d34d0fdf..4bff5856b5d 100644 --- a/2020/5xxx/CVE-2020-5217.json +++ b/2020/5xxx/CVE-2020-5217.json @@ -1,18 +1,104 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5217", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Directive injection when using dynamic overrides with user input in RubyGems secure_headers" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "secure_headers", + "version": { + "version_data": [ + { + "version_value": "< 3.8.0" + }, + { + "version_value": ">= 5.0.0, < 5.1.0" + }, + { + "version_value": ">= 6.0.0, < 6.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Twitter" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0.\n\nIf user-supplied input was passed into append/override_content_security_policy_directives, a semicolon could be injected leading to directive injection.\n\nThis could be used to e.g. override a script-src directive. Duplicate directives are ignored and the first one wins. The directives in secure_headers are sorted alphabetically so they pretty much all come before script-src. A previously undefined directive would receive a value even if SecureHeaders::OPT_OUT was supplied.\n\nThe fixed versions will silently convert the semicolons to spaces and emit a deprecation warning when this happens. This will result in innocuous browser console messages if being exploited/accidentally used. In future releases, we will raise application errors resulting in 500s.\n\nDepending on what major version you are using, the fixed versions are 6.2.0, 5.1.0, 3.8.0." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/twitter/secure_headers/security/advisories/GHSA-xq52-rv6w-397c", + "refsource": "CONFIRM", + "url": "https://github.com/twitter/secure_headers/security/advisories/GHSA-xq52-rv6w-397c" + }, + { + "name": "https://github.com/twitter/secure_headers/issues/418", + "refsource": "MISC", + "url": "https://github.com/twitter/secure_headers/issues/418" + }, + { + "name": "https://github.com/twitter/secure_headers/pull/421", + "refsource": "MISC", + "url": "https://github.com/twitter/secure_headers/pull/421" + }, + { + "name": "https://github.com/twitter/secure_headers/commit/936a160e3e9659737a9f9eafce13eea36b5c9fa3", + "refsource": "MISC", + "url": "https://github.com/twitter/secure_headers/commit/936a160e3e9659737a9f9eafce13eea36b5c9fa3" + } + ] + }, + "source": { + "advisory": "GHSA-xq52-rv6w-397c", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} From ac4feb70cd30ecbdc79385637dce6c010b872c2e Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Wed, 22 Jan 2020 19:25:41 -0700 Subject: [PATCH 230/387] add CVE-2020-5216 for GHSA-w978-rmpf-qmwg --- 2020/5xxx/CVE-2020-5216.json | 90 +++++++++++++++++++++++++++++++++--- 1 file changed, 83 insertions(+), 7 deletions(-) diff --git a/2020/5xxx/CVE-2020-5216.json b/2020/5xxx/CVE-2020-5216.json index 683c12eba4a..66e5d12ca0b 100644 --- a/2020/5xxx/CVE-2020-5216.json +++ b/2020/5xxx/CVE-2020-5216.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5216", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Limited header injection when using dynamic overrides with user input in RubyGems secure_headers" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "secure_headers", + "version": { + "version_data": [ + { + "version_value": "< 3.9.0" + }, + { + "version_value": ">= 5.0.0, < 5.2.0" + }, + { + "version_value": ">= 6.0.0, < 6.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Twitter" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0.\n\nIf user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection.\n\nUpon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original string. It will continue to create new headers for each newline.\n\nThis has been fixed in 6.3.0, 5.2.0, and 3.9.0." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/twitter/secure_headers/security/advisories/GHSA-w978-rmpf-qmwg", + "refsource": "CONFIRM", + "url": "https://github.com/twitter/secure_headers/security/advisories/GHSA-w978-rmpf-qmwg" + }, + { + "name": "https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0", + "refsource": "MISC", + "url": "https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0" + } + ] + }, + "source": { + "advisory": "GHSA-w978-rmpf-qmwg", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} From fe1e4cc8c1b2f7c68fd19e2b70db6aa7a98df79c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Jan 2020 03:01:16 +0000 Subject: [PATCH 231/387] "-Synchronized-Data." --- 2020/5xxx/CVE-2020-5216.json | 4 ++-- 2020/5xxx/CVE-2020-5217.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/2020/5xxx/CVE-2020-5216.json b/2020/5xxx/CVE-2020-5216.json index 66e5d12ca0b..64d08b85484 100644 --- a/2020/5xxx/CVE-2020-5216.json +++ b/2020/5xxx/CVE-2020-5216.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0.\n\nIf user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection.\n\nUpon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original string. It will continue to create new headers for each newline.\n\nThis has been fixed in 6.3.0, 5.2.0, and 3.9.0." + "value": "In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original string. It will continue to create new headers for each newline. This has been fixed in 6.3.0, 5.2.0, and 3.9.0." } ] }, @@ -91,4 +91,4 @@ "advisory": "GHSA-w978-rmpf-qmwg", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5217.json b/2020/5xxx/CVE-2020-5217.json index 4bff5856b5d..1614edf2e40 100644 --- a/2020/5xxx/CVE-2020-5217.json +++ b/2020/5xxx/CVE-2020-5217.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0.\n\nIf user-supplied input was passed into append/override_content_security_policy_directives, a semicolon could be injected leading to directive injection.\n\nThis could be used to e.g. override a script-src directive. Duplicate directives are ignored and the first one wins. The directives in secure_headers are sorted alphabetically so they pretty much all come before script-src. A previously undefined directive would receive a value even if SecureHeaders::OPT_OUT was supplied.\n\nThe fixed versions will silently convert the semicolons to spaces and emit a deprecation warning when this happens. This will result in innocuous browser console messages if being exploited/accidentally used. In future releases, we will raise application errors resulting in 500s.\n\nDepending on what major version you are using, the fixed versions are 6.2.0, 5.1.0, 3.8.0." + "value": "In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/override_content_security_policy_directives, a semicolon could be injected leading to directive injection. This could be used to e.g. override a script-src directive. Duplicate directives are ignored and the first one wins. The directives in secure_headers are sorted alphabetically so they pretty much all come before script-src. A previously undefined directive would receive a value even if SecureHeaders::OPT_OUT was supplied. The fixed versions will silently convert the semicolons to spaces and emit a deprecation warning when this happens. This will result in innocuous browser console messages if being exploited/accidentally used. In future releases, we will raise application errors resulting in 500s. Depending on what major version you are using, the fixed versions are 6.2.0, 5.1.0, 3.8.0." } ] }, @@ -101,4 +101,4 @@ "advisory": "GHSA-xq52-rv6w-397c", "discovery": "UNKNOWN" } -} +} \ No newline at end of file From e9cd5aac3ad7a08676a0409c0f513896ac76fe1a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Jan 2020 06:01:06 +0000 Subject: [PATCH 232/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7919.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7920.json | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7919.json create mode 100644 2020/7xxx/CVE-2020-7920.json diff --git a/2020/7xxx/CVE-2020-7919.json b/2020/7xxx/CVE-2020-7919.json new file mode 100644 index 00000000000..4cd4685c8e6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7919.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7919", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7920.json b/2020/7xxx/CVE-2020-7920.json new file mode 100644 index 00000000000..0e8643a8a63 --- /dev/null +++ b/2020/7xxx/CVE-2020-7920.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7920", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From c7cf4ed8df59faf3427bf4b7367ce0e3b54d267f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Jan 2020 07:01:22 +0000 Subject: [PATCH 233/387] "-Synchronized-Data." --- 2017/5xxx/CVE-2017-5645.json | 5 +++++ 2019/17xxx/CVE-2019-17571.json | 5 +++++ 2020/6xxx/CVE-2020-6609.json | 5 +++++ 2020/6xxx/CVE-2020-6610.json | 5 +++++ 2020/6xxx/CVE-2020-6611.json | 5 +++++ 2020/6xxx/CVE-2020-6612.json | 5 +++++ 2020/6xxx/CVE-2020-6613.json | 5 +++++ 2020/6xxx/CVE-2020-6614.json | 5 +++++ 2020/6xxx/CVE-2020-6615.json | 5 +++++ 9 files changed, 45 insertions(+) diff --git a/2017/5xxx/CVE-2017-5645.json b/2017/5xxx/CVE-2017-5645.json index b9fb2a01c1c..6bdc5d85ea9 100644 --- a/2017/5xxx/CVE-2017-5645.json +++ b/2017/5xxx/CVE-2017-5645.json @@ -341,6 +341,11 @@ "refsource": "MLIST", "name": "[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", "url": "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Resolved] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", + "url": "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919@%3Cissues.activemq.apache.org%3E" } ] } diff --git a/2019/17xxx/CVE-2019-17571.json b/2019/17xxx/CVE-2019-17571.json index 1a3104e6a31..aaf861d02bb 100644 --- a/2019/17xxx/CVE-2019-17571.json +++ b/2019/17xxx/CVE-2019-17571.json @@ -248,6 +248,11 @@ "refsource": "MLIST", "name": "[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", "url": "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Resolved] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", + "url": "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919@%3Cissues.activemq.apache.org%3E" } ] }, diff --git a/2020/6xxx/CVE-2020-6609.json b/2020/6xxx/CVE-2020-6609.json index e1b798206a1..350eb01ad94 100644 --- a/2020/6xxx/CVE-2020-6609.json +++ b/2020/6xxx/CVE-2020-6609.json @@ -56,6 +56,11 @@ "url": "https://github.com/LibreDWG/libredwg/issues/179#issue-544834443", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/179#issue-544834443" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0096", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html" } ] } diff --git a/2020/6xxx/CVE-2020-6610.json b/2020/6xxx/CVE-2020-6610.json index f4ebb777a1e..a9994e9c0f0 100644 --- a/2020/6xxx/CVE-2020-6610.json +++ b/2020/6xxx/CVE-2020-6610.json @@ -56,6 +56,11 @@ "url": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447120", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447120" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0096", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html" } ] } diff --git a/2020/6xxx/CVE-2020-6611.json b/2020/6xxx/CVE-2020-6611.json index 15360508fd9..40f7d9a1b2c 100644 --- a/2020/6xxx/CVE-2020-6611.json +++ b/2020/6xxx/CVE-2020-6611.json @@ -56,6 +56,11 @@ "url": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447190", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447190" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0096", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html" } ] } diff --git a/2020/6xxx/CVE-2020-6612.json b/2020/6xxx/CVE-2020-6612.json index c6ad7e1c247..4882c0bdb95 100644 --- a/2020/6xxx/CVE-2020-6612.json +++ b/2020/6xxx/CVE-2020-6612.json @@ -56,6 +56,11 @@ "url": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447169", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447169" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0096", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html" } ] } diff --git a/2020/6xxx/CVE-2020-6613.json b/2020/6xxx/CVE-2020-6613.json index 9a7e85bc657..c0c35fa7409 100644 --- a/2020/6xxx/CVE-2020-6613.json +++ b/2020/6xxx/CVE-2020-6613.json @@ -56,6 +56,11 @@ "url": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447025", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447025" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0096", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html" } ] } diff --git a/2020/6xxx/CVE-2020-6614.json b/2020/6xxx/CVE-2020-6614.json index 9153b8d96ff..1c64227d3b9 100644 --- a/2020/6xxx/CVE-2020-6614.json +++ b/2020/6xxx/CVE-2020-6614.json @@ -56,6 +56,11 @@ "url": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447068", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447068" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0096", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html" } ] } diff --git a/2020/6xxx/CVE-2020-6615.json b/2020/6xxx/CVE-2020-6615.json index c0b40e350b3..c3380b80538 100644 --- a/2020/6xxx/CVE-2020-6615.json +++ b/2020/6xxx/CVE-2020-6615.json @@ -56,6 +56,11 @@ "url": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447223", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447223" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0096", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html" } ] } From 52e07651b8438ce15c4bcc0dda98368e9bd2e9f2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Jan 2020 10:01:08 +0000 Subject: [PATCH 234/387] "-Synchronized-Data." --- 2012/1xxx/CVE-2012-1592.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2012/1xxx/CVE-2012-1592.json b/2012/1xxx/CVE-2012-1592.json index 06384fa915e..53bb3b4bf4d 100644 --- a/2012/1xxx/CVE-2012-1592.json +++ b/2012/1xxx/CVE-2012-1592.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[struts-issues] 20200122 [jira] [Created] (WW-5055) Fix for security vulnerability CVE-2012-1592 identified in the National Vulnerability Database", "url": "https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[struts-issues] 20200123 [jira] [Closed] (WW-5055) Fix for security vulnerability CVE-2012-1592 identified in the National Vulnerability Database", + "url": "https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E" } ] } From 7ef3b47a1273abeaa72bd69cbdcf3532bf787db6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Jan 2020 12:01:07 +0000 Subject: [PATCH 235/387] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20330.json | 40 ++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/2019/20xxx/CVE-2019-20330.json b/2019/20xxx/CVE-2019-20330.json index aa95f508601..a5353c8950a 100644 --- a/2019/20xxx/CVE-2019-20330.json +++ b/2019/20xxx/CVE-2019-20330.json @@ -136,6 +136,46 @@ "refsource": "MLIST", "name": "[zookeeper-notifications] 20200122 [GitHub] [zookeeper] phunt opened a new pull request #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330", "url": "https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0@%3Cnotifications.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200123 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-commits] 20200123 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-commits] 20200123 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200123 [jira] [Resolved] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20200123 [GitHub] [zookeeper] asfgit closed pull request #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2@%3Cnotifications.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20200123 [GitHub] [zookeeper] nkalmar commented on issue #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44@%3Cnotifications.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200123 [jira] [Updated] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-commits] 20200123 [zookeeper] branch master updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63@%3Ccommits.zookeeper.apache.org%3E" } ] } From eeb598b98e74e9ed579c3ed8d67175609001fd87 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Jan 2020 13:01:18 +0000 Subject: [PATCH 236/387] "-Synchronized-Data." --- 2019/19xxx/CVE-2019-19835.json | 66 ++++++++++++++++++++++++++++++---- 2019/19xxx/CVE-2019-19837.json | 66 ++++++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7210.json | 61 +++++++++++++++++++++++++++---- 3 files changed, 175 insertions(+), 18 deletions(-) diff --git a/2019/19xxx/CVE-2019-19835.json b/2019/19xxx/CVE-2019-19835.json index ff297c82d33..e75e3f33d77 100644 --- a/2019/19xxx/CVE-2019-19835.json +++ b/2019/19xxx/CVE-2019-19835.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19835", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19835", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html", + "refsource": "MISC", + "name": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html" + }, + { + "refsource": "MISC", + "name": "https://www.ruckuswireless.com/security/299/view/txt", + "url": "https://www.ruckuswireless.com/security/299/view/txt" + }, + { + "refsource": "MISC", + "name": "https://alephsecurity.com/2020/01/14/ruckus-wireless", + "url": "https://alephsecurity.com/2020/01/14/ruckus-wireless" } ] } diff --git a/2019/19xxx/CVE-2019-19837.json b/2019/19xxx/CVE-2019-19837.json index 2c23ce70772..494658875de 100644 --- a/2019/19xxx/CVE-2019-19837.json +++ b/2019/19xxx/CVE-2019-19837.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19837", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19837", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html", + "refsource": "MISC", + "name": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html" + }, + { + "refsource": "MISC", + "name": "https://www.ruckuswireless.com/security/299/view/txt", + "url": "https://www.ruckuswireless.com/security/299/view/txt" + }, + { + "refsource": "MISC", + "name": "https://alephsecurity.com/2020/01/14/ruckus-wireless", + "url": "https://alephsecurity.com/2020/01/14/ruckus-wireless" } ] } diff --git a/2020/7xxx/CVE-2020-7210.json b/2020/7xxx/CVE-2020-7210.json index 153278a7790..8e59795b521 100644 --- a/2020/7xxx/CVE-2020-7210.json +++ b/2020/7xxx/CVE-2020-7210.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7210", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7210", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html", + "refsource": "MISC", + "name": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html" + }, + { + "refsource": "MISC", + "name": "https://sec-consult.com/en/blog/advisories/cross-site-request-forgery-csrf-in-umbraco-cms/", + "url": "https://sec-consult.com/en/blog/advisories/cross-site-request-forgery-csrf-in-umbraco-cms/" } ] } From db2ec226642d8969b3e9b8a23a7502a60966ebe3 Mon Sep 17 00:00:00 2001 From: Guilherme de Almeida Suckevicz Date: Thu, 23 Jan 2020 09:58:32 -0300 Subject: [PATCH 237/387] CVE-2019-14888 init. --- 2019/14xxx/CVE-2019-14888.json | 71 ++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 2019/14xxx/CVE-2019-14888.json diff --git a/2019/14xxx/CVE-2019-14888.json b/2019/14xxx/CVE-2019-14888.json new file mode 100644 index 00000000000..106a60a76fb --- /dev/null +++ b/2019/14xxx/CVE-2019-14888.json @@ -0,0 +1,71 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14888", + "ASSIGNER": "gsuckevi@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "undertow", + "version": { + "version_data": [ + { + "version_value": "All versions before 2.0.28.SP1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888", + "refsource": "CONFIRM" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] + } +} \ No newline at end of file From a2c9ed6d5f7753fb01d32c0d50753ec817eb8533 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Thu, 23 Jan 2020 14:52:19 +0100 Subject: [PATCH 238/387] data for CVE-2019-18898 --- 2019/18xxx/CVE-2019-18898.json | 117 +++++++++++++++++++++++++++++++++ 1 file changed, 117 insertions(+) create mode 100644 2019/18xxx/CVE-2019-18898.json diff --git a/2019/18xxx/CVE-2019-18898.json b/2019/18xxx/CVE-2019-18898.json new file mode 100644 index 00000000000..a25caa5e219 --- /dev/null +++ b/2019/18xxx/CVE-2019-18898.json @@ -0,0 +1,117 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2019-11-26T00:00:00.000Z", + "ID": "CVE-2019-18898", + "STATE": "PUBLIC", + "TITLE": "trousers: Local privilege escalation from tss to root" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SUSE Linux Enterprise Server 15 SP1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "trousers", + "version_value": "0.3.14-6.3.1" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + }, + { + "product": { + "product_data": [ + { + "product_name": "Factory", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "trousers", + "version_value": "0.3.14-7.1" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Johannes Segitz from SUSE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root.\nThis issue affects:\nSUSE SUSE Linux Enterprise Server 15 SP1\ntrousers versions prior to 0.3.14-6.3.1.\nopenSUSE Factory\ntrousers versions prior to 0.3.14-7.1." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1157651", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157651" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1157651", + "defect": [ + "1157651" + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file From 240939de38bd8a25efdebc9e60669855bfc21001 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Thu, 23 Jan 2020 15:44:54 +0100 Subject: [PATCH 239/387] data for CVE-2019-18899 --- 2019/18xxx/CVE-2019-18899.json | 98 ++++++++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100644 2019/18xxx/CVE-2019-18899.json diff --git a/2019/18xxx/CVE-2019-18899.json b/2019/18xxx/CVE-2019-18899.json new file mode 100644 index 00000000000..ff1355aad3b --- /dev/null +++ b/2019/18xxx/CVE-2019-18899.json @@ -0,0 +1,98 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2020-01-20T00:00:00.000Z", + "ID": "CVE-2019-18899", + "STATE": "PUBLIC", + "TITLE": " apt-cacher-ng insecure use of /run/apt-cacher-ng" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Leap 15.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "apt-cacher-ng", + "version_value": "3.1-lp151.3.3.1" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Matthias Gerstner of SUSE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations.\nThis issue affects:\nopenSUSE Leap 15.1\napt-cacher-ng versions prior to 3.1-lp151.3.3.1." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-250: Execution with Unnecessary Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1157703", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157703" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1157703", + "defect": [ + "1157703" + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file From c3b6a51e66c219fe305fa5fa6a2a978c171f59db Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Jan 2020 15:01:17 +0000 Subject: [PATCH 240/387] "-Synchronized-Data." --- 2008/7xxx/CVE-2008-7314.json | 55 +++++++++++++++++++-- 2012/2xxx/CVE-2012-2087.json | 65 +++++++++++++++++++++++-- 2012/4xxx/CVE-2012-4863.json | 58 +++++++++++++++++++++-- 2012/4xxx/CVE-2012-4900.json | 58 ++++++++++++++++++++++- 2012/4xxx/CVE-2012-4981.json | 53 ++++++++++++++++++++- 2012/5xxx/CVE-2012-5698.json | 53 ++++++++++++++++++++- 2012/5xxx/CVE-2012-5699.json | 53 ++++++++++++++++++++- 2012/5xxx/CVE-2012-5867.json | 53 ++++++++++++++++++++- 2013/4xxx/CVE-2013-4175.json | 55 +++++++++++++++++++-- 2013/4xxx/CVE-2013-4176.json | 55 +++++++++++++++++++-- 2013/6xxx/CVE-2013-6358.json | 48 ++++++++++++++++++- 2013/6xxx/CVE-2013-6772.json | 48 ++++++++++++++++++- 2013/6xxx/CVE-2013-6773.json | 48 ++++++++++++++++++- 2013/6xxx/CVE-2013-6785.json | 48 ++++++++++++++++++- 2013/6xxx/CVE-2013-6792.json | 48 ++++++++++++++++++- 2014/7xxx/CVE-2014-7238.json | 48 ++++++++++++++++++- 2016/1000xxx/CVE-2016-1000237.json | 53 ++++++++++++++++++++- 2019/17xxx/CVE-2019-17201.json | 76 ++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17202.json | 76 ++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18898.json | 4 +- 2019/19xxx/CVE-2019-19838.json | 66 +++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19839.json | 66 +++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20400.json | 18 +++++++ 2019/20xxx/CVE-2019-20401.json | 18 +++++++ 2019/20xxx/CVE-2019-20402.json | 18 +++++++ 2019/20xxx/CVE-2019-20403.json | 18 +++++++ 2019/20xxx/CVE-2019-20404.json | 18 +++++++ 2019/20xxx/CVE-2019-20405.json | 18 +++++++ 2019/20xxx/CVE-2019-20406.json | 18 +++++++ 2019/20xxx/CVE-2019-20407.json | 18 +++++++ 2019/20xxx/CVE-2019-20408.json | 18 +++++++ 2019/20xxx/CVE-2019-20409.json | 18 +++++++ 2019/20xxx/CVE-2019-20410.json | 18 +++++++ 2019/20xxx/CVE-2019-20411.json | 18 +++++++ 2019/20xxx/CVE-2019-20412.json | 18 +++++++ 2019/20xxx/CVE-2019-20413.json | 18 +++++++ 2019/20xxx/CVE-2019-20414.json | 18 +++++++ 2019/20xxx/CVE-2019-20415.json | 18 +++++++ 2019/20xxx/CVE-2019-20416.json | 18 +++++++ 2019/20xxx/CVE-2019-20417.json | 18 +++++++ 2019/20xxx/CVE-2019-20418.json | 18 +++++++ 2019/20xxx/CVE-2019-20419.json | 18 +++++++ 2020/6xxx/CVE-2020-6843.json | 66 +++++++++++++++++++++++--- 2020/7xxx/CVE-2020-7921.json | 18 +++++++ 2020/7xxx/CVE-2020-7922.json | 18 +++++++ 2020/7xxx/CVE-2020-7923.json | 18 +++++++ 2020/7xxx/CVE-2020-7924.json | 18 +++++++ 2020/7xxx/CVE-2020-7925.json | 18 +++++++ 2020/7xxx/CVE-2020-7926.json | 18 +++++++ 2020/7xxx/CVE-2020-7927.json | 18 +++++++ 2020/7xxx/CVE-2020-7928.json | 18 +++++++ 2020/7xxx/CVE-2020-7929.json | 18 +++++++ 2020/7xxx/CVE-2020-7930.json | 18 +++++++ 2020/7xxx/CVE-2020-7931.json | 67 ++++++++++++++++++++++++++ 54 files changed, 1801 insertions(+), 59 deletions(-) create mode 100644 2019/17xxx/CVE-2019-17201.json create mode 100644 2019/17xxx/CVE-2019-17202.json create mode 100644 2019/20xxx/CVE-2019-20400.json create mode 100644 2019/20xxx/CVE-2019-20401.json create mode 100644 2019/20xxx/CVE-2019-20402.json create mode 100644 2019/20xxx/CVE-2019-20403.json create mode 100644 2019/20xxx/CVE-2019-20404.json create mode 100644 2019/20xxx/CVE-2019-20405.json create mode 100644 2019/20xxx/CVE-2019-20406.json create mode 100644 2019/20xxx/CVE-2019-20407.json create mode 100644 2019/20xxx/CVE-2019-20408.json create mode 100644 2019/20xxx/CVE-2019-20409.json create mode 100644 2019/20xxx/CVE-2019-20410.json create mode 100644 2019/20xxx/CVE-2019-20411.json create mode 100644 2019/20xxx/CVE-2019-20412.json create mode 100644 2019/20xxx/CVE-2019-20413.json create mode 100644 2019/20xxx/CVE-2019-20414.json create mode 100644 2019/20xxx/CVE-2019-20415.json create mode 100644 2019/20xxx/CVE-2019-20416.json create mode 100644 2019/20xxx/CVE-2019-20417.json create mode 100644 2019/20xxx/CVE-2019-20418.json create mode 100644 2019/20xxx/CVE-2019-20419.json create mode 100644 2020/7xxx/CVE-2020-7921.json create mode 100644 2020/7xxx/CVE-2020-7922.json create mode 100644 2020/7xxx/CVE-2020-7923.json create mode 100644 2020/7xxx/CVE-2020-7924.json create mode 100644 2020/7xxx/CVE-2020-7925.json create mode 100644 2020/7xxx/CVE-2020-7926.json create mode 100644 2020/7xxx/CVE-2020-7927.json create mode 100644 2020/7xxx/CVE-2020-7928.json create mode 100644 2020/7xxx/CVE-2020-7929.json create mode 100644 2020/7xxx/CVE-2020-7930.json create mode 100644 2020/7xxx/CVE-2020-7931.json diff --git a/2008/7xxx/CVE-2008-7314.json b/2008/7xxx/CVE-2008-7314.json index 68f5b43a208..328a0f3b6e4 100644 --- a/2008/7xxx/CVE-2008-7314.json +++ b/2008/7xxx/CVE-2008-7314.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2008-7314", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mIRC", + "product": { + "product_data": [ + { + "product_name": "mIRC", + "version": { + "version_data": [ + { + "version_value": "before 6.35" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "mIRC before 6.35 allows attackers to cause a denial of service (crash) via a long nickname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.mirc.com/news.html", + "url": "http://www.mirc.com/news.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mirc.com/versions.txt", + "url": "https://www.mirc.com/versions.txt" } ] } diff --git a/2012/2xxx/CVE-2012-2087.json b/2012/2xxx/CVE-2012-2087.json index f7dac0d790c..aa841b61740 100644 --- a/2012/2xxx/CVE-2012-2087.json +++ b/2012/2xxx/CVE-2012-2087.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-2087", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ISPConfig", + "version": { + "version_data": [ + { + "version_value": "3.0.4.3" + } + ] + } + } + ] + }, + "vendor_name": "ISPConfig" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ISPConfig 3.0.4.3: the \"Add new Webdav user\" can chmod and chown entire server from client interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/04/08/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/04/08/3" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74739", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74739" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/04/09/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/04/09/4" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/52936", + "url": "https://www.securityfocus.com/bid/52936" } ] } diff --git a/2012/4xxx/CVE-2012-4863.json b/2012/4xxx/CVE-2012-4863.json index cf14ed09d20..df7d814e91d 100644 --- a/2012/4xxx/CVE-2012-4863.json +++ b/2012/4xxx/CVE-2012-4863.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-4863", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "WebSphere MQ", + "version": { + "version_data": [ + { + "version_value": "7.1 without Fix Pack 7.1.0.2" + }, + { + "version_value": "7.5 without Fix Pack 7.5.0.1" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +37,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79920", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79920" + }, + { + "refsource": "MISC", + "name": "https://www.tenable.com/plugins/nessus/63099", + "url": "https://www.tenable.com/plugins/nessus/63099" } ] } diff --git a/2012/4xxx/CVE-2012-4900.json b/2012/4xxx/CVE-2012-4900.json index ab6b5b8bb9d..859b159ef70 100644 --- a/2012/4xxx/CVE-2012-4900.json +++ b/2012/4xxx/CVE-2012-4900.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4900", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via untrusted pointer dereference" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/58384", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/58384" + }, + { + "url": "http://www.securitytracker.com/id/1028257", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1028257" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82674", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82674" } ] } diff --git a/2012/4xxx/CVE-2012-4981.json b/2012/4xxx/CVE-2012-4981.json index 7e3c09dfcf6..5f5382ee65f 100644 --- a/2012/4xxx/CVE-2012-4981.json +++ b/2012/4xxx/CVE-2012-4981.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4981", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/55643", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/55643" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78800", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78800" } ] } diff --git a/2012/5xxx/CVE-2012-5698.json b/2012/5xxx/CVE-2012-5698.json index bfac42b56b1..423e3327bec 100644 --- a/2012/5xxx/CVE-2012-5698.json +++ b/2012/5xxx/CVE-2012-5698.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5698", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BabyGekko before 1.2.4 has SQL injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/56523", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/56523" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80085", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80085" } ] } diff --git a/2012/5xxx/CVE-2012-5699.json b/2012/5xxx/CVE-2012-5699.json index 5dc72010b5e..df7dd4a7601 100644 --- a/2012/5xxx/CVE-2012-5699.json +++ b/2012/5xxx/CVE-2012-5699.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5699", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BabyGekko before 1.2.4 allows PHP file inclusion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/56523", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/56523" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80086", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80086" } ] } diff --git a/2012/5xxx/CVE-2012-5867.json b/2012/5xxx/CVE-2012-5867.json index 19885bea2dc..a0bbb9d0bcf 100644 --- a/2012/5xxx/CVE-2012-5867.json +++ b/2012/5xxx/CVE-2012-5867.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5867", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/47095", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/47095" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/11/14/15", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/11/14/15" } ] } diff --git a/2013/4xxx/CVE-2013-4175.json b/2013/4xxx/CVE-2013-4175.json index d83f00a8412..66176759987 100644 --- a/2013/4xxx/CVE-2013-4175.json +++ b/2013/4xxx/CVE-2013-4175.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4175", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MySecureShell", + "product": { + "product_data": [ + { + "product_name": "MySecureShell", + "version": { + "version_data": [ + { + "version_value": "1.31" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MySecureShell 1.31 has a Local Denial of Service Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/61410", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/61410" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/07/27/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/07/27/5" } ] } diff --git a/2013/4xxx/CVE-2013-4176.json b/2013/4xxx/CVE-2013-4176.json index edfa8431b35..175dfb6803e 100644 --- a/2013/4xxx/CVE-2013-4176.json +++ b/2013/4xxx/CVE-2013-4176.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4176", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mysecureshell", + "product": { + "product_data": [ + { + "product_name": "mysecureshell", + "version": { + "version_data": [ + { + "version_value": "1.31" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "mysecureshell 1.31: Local Information Disclosure Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/61409", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/61409" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/07/27/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/07/27/6" } ] } diff --git a/2013/6xxx/CVE-2013-6358.json b/2013/6xxx/CVE-2013-6358.json index 944350e60ea..0ce3a2c32a3 100644 --- a/2013/6xxx/CVE-2013-6358.json +++ b/2013/6xxx/CVE-2013-6358.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6358", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20150423041900/http://labs.davidsopas.com/2013/10/how-salesman-could-hack-prestashop.html", + "url": "https://web.archive.org/web/20150423041900/http://labs.davidsopas.com/2013/10/how-salesman-could-hack-prestashop.html" } ] } diff --git a/2013/6xxx/CVE-2013-6772.json b/2013/6xxx/CVE-2013-6772.json index 55ae14b2983..198790a5315 100644 --- a/2013/6xxx/CVE-2013-6772.json +++ b/2013/6xxx/CVE-2013-6772.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6772", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.splunk.com/view/SP-CAAAH32", + "refsource": "MISC", + "name": "http://www.splunk.com/view/SP-CAAAH32" } ] } diff --git a/2013/6xxx/CVE-2013-6773.json b/2013/6xxx/CVE-2013-6773.json index f3d8c254894..541ebbca154 100644 --- a/2013/6xxx/CVE-2013-6773.json +++ b/2013/6xxx/CVE-2013-6773.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6773", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.splunk.com/view/SP-CAAAHXG", + "refsource": "MISC", + "name": "http://www.splunk.com/view/SP-CAAAHXG" } ] } diff --git a/2013/6xxx/CVE-2013-6785.json b/2013/6xxx/CVE-2013-6785.json index d9ee5056f36..93389e18344 100644 --- a/2013/6xxx/CVE-2013-6785.json +++ b/2013/6xxx/CVE-2013-6785.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6785", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.rapid7.com/2013/11/06/supermicro-ipmi-firmware-vulnerabilities/", + "url": "https://blog.rapid7.com/2013/11/06/supermicro-ipmi-firmware-vulnerabilities/" } ] } diff --git a/2013/6xxx/CVE-2013-6792.json b/2013/6xxx/CVE-2013-6792.json index 83f1b509880..525c03fab31 100644 --- a/2013/6xxx/CVE-2013-6792.json +++ b/2013/6xxx/CVE-2013-6792.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6792", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/64529", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/64529" } ] } diff --git a/2014/7xxx/CVE-2014-7238.json b/2014/7xxx/CVE-2014-7238.json index 71b4165ea07..1fc17e26608 100644 --- a/2014/7xxx/CVE-2014-7238.json +++ b/2014/7xxx/CVE-2014-7238.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7238", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 has Stored XSS" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/8235", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/8235" } ] } diff --git a/2016/1000xxx/CVE-2016-1000237.json b/2016/1000xxx/CVE-2016-1000237.json index 3f4f14ca6f8..e2317fb6f65 100644 --- a/2016/1000xxx/CVE-2016-1000237.json +++ b/2016/1000xxx/CVE-2016-1000237.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-1000237", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "sanitize-html before 1.4.3 has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000237.json", + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000237.json" + }, + { + "url": "https://nodesecurity.io/advisories/135", + "refsource": "MISC", + "name": "https://nodesecurity.io/advisories/135" } ] } diff --git a/2019/17xxx/CVE-2019-17201.json b/2019/17xxx/CVE-2019-17201.json new file mode 100644 index 00000000000..b32418de377 --- /dev/null +++ b/2019/17xxx/CVE-2019-17201.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service (Audckq32.exe) using a .NET named pipe. If the underlying service responds that a user is permitted access to the elevation feature, the client then reinitiates communication with the underlying service and requests elevation. This elevation request has no local checks in the service, and depends on client-side validation in the AdminByRequest.exe interface, i.e., it is a vulnerable exposed functionality in the service. By communicating directly with the underlying service, any user can request elevation and obtain Administrator privilege regardless of group policies or permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://improsec.com/en/responsible-disclosure", + "url": "https://improsec.com/en/responsible-disclosure" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:N/C:H/I:H/PR:N/S:C/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17202.json b/2019/17xxx/CVE-2019-17202.json new file mode 100644 index 00000000000..5ef36983b34 --- /dev/null +++ b/2019/17xxx/CVE-2019-17202.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access to the elevation feature through group policies, they are prompted to enter a PIN code in a challenge-response manner upon attempting to elevate privileges. The challenge's response uses a simple algorithm that can be easily emulated via data (customer ID and device name) available to all users, and thus any user can elevate to Administrator privilege." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://improsec.com/en/responsible-disclosure", + "url": "https://improsec.com/en/responsible-disclosure" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:N/C:H/I:H/PR:N/S:C/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18898.json b/2019/18xxx/CVE-2019-18898.json index a25caa5e219..9fff1ac4200 100644 --- a/2019/18xxx/CVE-2019-18898.json +++ b/2019/18xxx/CVE-2019-18898.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2019-11-26T00:00:00.000Z", "ID": "CVE-2019-18898", "STATE": "PUBLIC", @@ -63,7 +63,7 @@ "description_data": [ { "lang": "eng", - "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root.\nThis issue affects:\nSUSE SUSE Linux Enterprise Server 15 SP1\ntrousers versions prior to 0.3.14-6.3.1.\nopenSUSE Factory\ntrousers versions prior to 0.3.14-7.1." + "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1." } ] }, diff --git a/2019/19xxx/CVE-2019-19838.json b/2019/19xxx/CVE-2019-19838.json index 29a28a9188e..27aa1c664b1 100644 --- a/2019/19xxx/CVE-2019-19838.json +++ b/2019/19xxx/CVE-2019-19838.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19838", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19838", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html", + "refsource": "MISC", + "name": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html" + }, + { + "refsource": "MISC", + "name": "https://www.ruckuswireless.com/security/299/view/txt", + "url": "https://www.ruckuswireless.com/security/299/view/txt" + }, + { + "refsource": "MISC", + "name": "https://alephsecurity.com/2020/01/14/ruckus-wireless", + "url": "https://alephsecurity.com/2020/01/14/ruckus-wireless" } ] } diff --git a/2019/19xxx/CVE-2019-19839.json b/2019/19xxx/CVE-2019-19839.json index 76aa0e4082d..cf3757e233a 100644 --- a/2019/19xxx/CVE-2019-19839.json +++ b/2019/19xxx/CVE-2019-19839.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19839", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19839", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html", + "refsource": "MISC", + "name": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html" + }, + { + "refsource": "MISC", + "name": "https://www.ruckuswireless.com/security/299/view/txt", + "url": "https://www.ruckuswireless.com/security/299/view/txt" + }, + { + "refsource": "MISC", + "name": "https://alephsecurity.com/2020/01/14/ruckus-wireless", + "url": "https://alephsecurity.com/2020/01/14/ruckus-wireless" } ] } diff --git a/2019/20xxx/CVE-2019-20400.json b/2019/20xxx/CVE-2019-20400.json new file mode 100644 index 00000000000..cb87d1c9002 --- /dev/null +++ b/2019/20xxx/CVE-2019-20400.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20400", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20401.json b/2019/20xxx/CVE-2019-20401.json new file mode 100644 index 00000000000..ce7d370c688 --- /dev/null +++ b/2019/20xxx/CVE-2019-20401.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20401", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20402.json b/2019/20xxx/CVE-2019-20402.json new file mode 100644 index 00000000000..9c189e3b8be --- /dev/null +++ b/2019/20xxx/CVE-2019-20402.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20402", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20403.json b/2019/20xxx/CVE-2019-20403.json new file mode 100644 index 00000000000..a99e34a7df8 --- /dev/null +++ b/2019/20xxx/CVE-2019-20403.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20403", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20404.json b/2019/20xxx/CVE-2019-20404.json new file mode 100644 index 00000000000..cedb2158f2b --- /dev/null +++ b/2019/20xxx/CVE-2019-20404.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20404", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20405.json b/2019/20xxx/CVE-2019-20405.json new file mode 100644 index 00000000000..e8c3cd3e1ea --- /dev/null +++ b/2019/20xxx/CVE-2019-20405.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20405", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20406.json b/2019/20xxx/CVE-2019-20406.json new file mode 100644 index 00000000000..289fd8aacce --- /dev/null +++ b/2019/20xxx/CVE-2019-20406.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20406", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20407.json b/2019/20xxx/CVE-2019-20407.json new file mode 100644 index 00000000000..327639176de --- /dev/null +++ b/2019/20xxx/CVE-2019-20407.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20407", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20408.json b/2019/20xxx/CVE-2019-20408.json new file mode 100644 index 00000000000..3c35b9a6f6a --- /dev/null +++ b/2019/20xxx/CVE-2019-20408.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20408", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20409.json b/2019/20xxx/CVE-2019-20409.json new file mode 100644 index 00000000000..8bbfa182fc3 --- /dev/null +++ b/2019/20xxx/CVE-2019-20409.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20409", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20410.json b/2019/20xxx/CVE-2019-20410.json new file mode 100644 index 00000000000..4e56ce8fd72 --- /dev/null +++ b/2019/20xxx/CVE-2019-20410.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20410", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20411.json b/2019/20xxx/CVE-2019-20411.json new file mode 100644 index 00000000000..f08521eab90 --- /dev/null +++ b/2019/20xxx/CVE-2019-20411.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20411", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20412.json b/2019/20xxx/CVE-2019-20412.json new file mode 100644 index 00000000000..665028a2055 --- /dev/null +++ b/2019/20xxx/CVE-2019-20412.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20412", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20413.json b/2019/20xxx/CVE-2019-20413.json new file mode 100644 index 00000000000..3f757bf5ae0 --- /dev/null +++ b/2019/20xxx/CVE-2019-20413.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20413", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20414.json b/2019/20xxx/CVE-2019-20414.json new file mode 100644 index 00000000000..c48e3f3ca6e --- /dev/null +++ b/2019/20xxx/CVE-2019-20414.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20414", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20415.json b/2019/20xxx/CVE-2019-20415.json new file mode 100644 index 00000000000..b88c3ac553e --- /dev/null +++ b/2019/20xxx/CVE-2019-20415.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20415", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20416.json b/2019/20xxx/CVE-2019-20416.json new file mode 100644 index 00000000000..96b82189fd2 --- /dev/null +++ b/2019/20xxx/CVE-2019-20416.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20416", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20417.json b/2019/20xxx/CVE-2019-20417.json new file mode 100644 index 00000000000..31d3624a738 --- /dev/null +++ b/2019/20xxx/CVE-2019-20417.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20417", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20418.json b/2019/20xxx/CVE-2019-20418.json new file mode 100644 index 00000000000..f894169544f --- /dev/null +++ b/2019/20xxx/CVE-2019-20418.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20418", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20419.json b/2019/20xxx/CVE-2019-20419.json new file mode 100644 index 00000000000..d196c78506b --- /dev/null +++ b/2019/20xxx/CVE-2019-20419.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20419", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6843.json b/2020/6xxx/CVE-2020-6843.json index 2b447e1d468..3c632e35829 100644 --- a/2020/6xxx/CVE-2020-6843.json +++ b/2020/6xxx/CVE-2020-6843.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6843", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6843", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com", + "refsource": "MISC", + "name": "https://www.manageengine.com" + }, + { + "url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html", + "refsource": "MISC", + "name": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html" } ] } diff --git a/2020/7xxx/CVE-2020-7921.json b/2020/7xxx/CVE-2020-7921.json new file mode 100644 index 00000000000..b67f8d4149b --- /dev/null +++ b/2020/7xxx/CVE-2020-7921.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7921", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7922.json b/2020/7xxx/CVE-2020-7922.json new file mode 100644 index 00000000000..8d18edd78fe --- /dev/null +++ b/2020/7xxx/CVE-2020-7922.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7922", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7923.json b/2020/7xxx/CVE-2020-7923.json new file mode 100644 index 00000000000..caf4144cbe3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7923.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7923", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7924.json b/2020/7xxx/CVE-2020-7924.json new file mode 100644 index 00000000000..4299fb19c57 --- /dev/null +++ b/2020/7xxx/CVE-2020-7924.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7924", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7925.json b/2020/7xxx/CVE-2020-7925.json new file mode 100644 index 00000000000..18cd68277e0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7925.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7925", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7926.json b/2020/7xxx/CVE-2020-7926.json new file mode 100644 index 00000000000..caf2f04621f --- /dev/null +++ b/2020/7xxx/CVE-2020-7926.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7926", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7927.json b/2020/7xxx/CVE-2020-7927.json new file mode 100644 index 00000000000..e3ac42332ac --- /dev/null +++ b/2020/7xxx/CVE-2020-7927.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7927", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7928.json b/2020/7xxx/CVE-2020-7928.json new file mode 100644 index 00000000000..7bb73d76da4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7928.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7928", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7929.json b/2020/7xxx/CVE-2020-7929.json new file mode 100644 index 00000000000..3cd9f4e73f7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7929.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7929", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7930.json b/2020/7xxx/CVE-2020-7930.json new file mode 100644 index 00000000000..af8ee8e6b35 --- /dev/null +++ b/2020/7xxx/CVE-2020-7930.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7930", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7931.json b/2020/7xxx/CVE-2020-7931.json new file mode 100644 index 00000000000..7f9b3346759 --- /dev/null +++ b/2020/7xxx/CVE-2020-7931.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certain Java functions accessible to a template." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2019-0006.md", + "refsource": "MISC", + "name": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2019-0006.md" + }, + { + "refsource": "MISC", + "name": "https://www.jfrog.com/confluence/display/RTF/Release+Notes", + "url": "https://www.jfrog.com/confluence/display/RTF/Release+Notes" + } + ] + } +} \ No newline at end of file From d0bb7f5bbb49e9d4bf20e0466e8ff2ae8ed0fa49 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Thu, 23 Jan 2020 16:55:53 +0100 Subject: [PATCH 241/387] data for CVE-2019-3691 --- 2019/3xxx/CVE-2019-3691.json | 105 ++++++++++++++++++++++++++++++++++- 1 file changed, 102 insertions(+), 3 deletions(-) diff --git a/2019/3xxx/CVE-2019-3691.json b/2019/3xxx/CVE-2019-3691.json index 9634c6c3f7b..d25f82f80b1 100644 --- a/2019/3xxx/CVE-2019-3691.json +++ b/2019/3xxx/CVE-2019-3691.json @@ -1,9 +1,61 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2019-12-05T00:00:00.000Z", "ID": "CVE-2019-3691", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Local privilege escalation from user munge to root" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SUSE Linux Enterprise Server 15", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "munge", + "version_value": "0.5.13-4.3.1" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + }, + { + "product": { + "product_data": [ + { + "product_name": "Factory", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "munge", + "version_value": "0.5.13-6.1" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Johannes Segitz from SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +63,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root.\nThis issue affects:\nSUSE SUSE Linux Enterprise Server 15\nmunge versions prior to 0.5.13-4.3.1.\nopenSUSE Factory\nmunge versions prior to 0.5.13-6.1." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1155075", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1155075" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1155075", + "defect": [ + "1155075" + ], + "discovery": "INTERNAL" } } \ No newline at end of file From 4121f11120f8047cfada6a7b1a0667d65e9e3957 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Jan 2020 16:01:19 +0000 Subject: [PATCH 242/387] "-Synchronized-Data." --- 2007/6xxx/CVE-2007-6758.json | 53 ++++++++++++++++++++++++++++++++-- 2010/3xxx/CVE-2010-3295.json | 14 ++++----- 2019/18xxx/CVE-2019-18899.json | 4 +-- 2020/7xxx/CVE-2020-7932.json | 18 ++++++++++++ 4 files changed, 78 insertions(+), 11 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7932.json diff --git a/2007/6xxx/CVE-2007-6758.json b/2007/6xxx/CVE-2007-6758.json index 9db6272db84..56476545e57 100644 --- a/2007/6xxx/CVE-2007-6758.json +++ b/2007/6xxx/CVE-2007-6758.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6758", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://cxsecurity.com/issue/WLB-2015050162", + "refsource": "MISC", + "name": "http://cxsecurity.com/issue/WLB-2015050162" + }, + { + "refsource": "MISC", + "name": "http://attrition.org/pipermail/vim/2007-April/001545.html", + "url": "http://attrition.org/pipermail/vim/2007-April/001545.html" } ] } diff --git a/2010/3xxx/CVE-2010-3295.json b/2010/3xxx/CVE-2010-3295.json index 92254b5296c..08280ad0f6a 100644 --- a/2010/3xxx/CVE-2010-3295.json +++ b/2010/3xxx/CVE-2010-3295.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2010-3295", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-3295", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2019/18xxx/CVE-2019-18899.json b/2019/18xxx/CVE-2019-18899.json index ff1355aad3b..a629799d79f 100644 --- a/2019/18xxx/CVE-2019-18899.json +++ b/2019/18xxx/CVE-2019-18899.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-01-20T00:00:00.000Z", "ID": "CVE-2019-18899", "STATE": "PUBLIC", @@ -44,7 +44,7 @@ "description_data": [ { "lang": "eng", - "value": "The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations.\nThis issue affects:\nopenSUSE Leap 15.1\napt-cacher-ng versions prior to 3.1-lp151.3.3.1." + "value": "The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1." } ] }, diff --git a/2020/7xxx/CVE-2020-7932.json b/2020/7xxx/CVE-2020-7932.json new file mode 100644 index 00000000000..30382a19ce8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7932.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7932", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From e3a2a23b862d7180545059af4f618f59af88b91b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Jan 2020 17:01:15 +0000 Subject: [PATCH 243/387] "-Synchronized-Data." --- 2014/3xxx/CVE-2014-3606.json | 14 +++---- 2019/14xxx/CVE-2019-14888.json | 3 +- 2019/16xxx/CVE-2019-16153.json | 62 +++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18222.json | 67 ++++++++++++++++++++++++++++++++++ 2019/1xxx/CVE-2019-1387.json | 5 +++ 2019/3xxx/CVE-2019-3691.json | 4 +- 2019/5xxx/CVE-2019-5593.json | 58 +++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7210.json | 10 +++++ 8 files changed, 206 insertions(+), 17 deletions(-) create mode 100644 2019/16xxx/CVE-2019-16153.json create mode 100644 2019/18xxx/CVE-2019-18222.json diff --git a/2014/3xxx/CVE-2014-3606.json b/2014/3xxx/CVE-2014-3606.json index 20ee496a04a..da94c028e3c 100644 --- a/2014/3xxx/CVE-2014-3606.json +++ b/2014/3xxx/CVE-2014-3606.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2014-3606", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-3606", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2019/14xxx/CVE-2019-14888.json b/2019/14xxx/CVE-2019-14888.json index 106a60a76fb..3407994e330 100644 --- a/2019/14xxx/CVE-2019-14888.json +++ b/2019/14xxx/CVE-2019-14888.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-14888", - "ASSIGNER": "gsuckevi@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/16xxx/CVE-2019-16153.json b/2019/16xxx/CVE-2019-16153.json new file mode 100644 index 00000000000..b1d5b28239f --- /dev/null +++ b/2019/16xxx/CVE-2019-16153.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-16153", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiSIEM", + "version": { + "version_data": [ + { + "version_value": "FortiSIEM 5.2.5 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-19-195", + "url": "https://fortiguard.com/advisory/FG-IR-19-195" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18222.json b/2019/18xxx/CVE-2019-18222.json new file mode 100644 index 00000000000..77455fe0fc4 --- /dev/null +++ b/2019/18xxx/CVE-2019-18222.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://tls.mbed.org/tech-updates/security-advisories", + "refsource": "MISC", + "name": "https://tls.mbed.org/tech-updates/security-advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12", + "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1387.json b/2019/1xxx/CVE-2019-1387.json index 2a93ab8ba4a..423d12339b7 100644 --- a/2019/1xxx/CVE-2019-1387.json +++ b/2019/1xxx/CVE-2019-1387.json @@ -98,6 +98,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0124", "url": "https://access.redhat.com/errata/RHSA-2020:0124" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200123 [SECURITY] [DLA 2059-1] git security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00019.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3691.json b/2019/3xxx/CVE-2019-3691.json index d25f82f80b1..07a162f877a 100644 --- a/2019/3xxx/CVE-2019-3691.json +++ b/2019/3xxx/CVE-2019-3691.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2019-12-05T00:00:00.000Z", "ID": "CVE-2019-3691", "STATE": "PUBLIC", @@ -63,7 +63,7 @@ "description_data": [ { "lang": "eng", - "value": "A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root.\nThis issue affects:\nSUSE SUSE Linux Enterprise Server 15\nmunge versions prior to 0.5.13-4.3.1.\nopenSUSE Factory\nmunge versions prior to 0.5.13-6.1." + "value": "A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1." } ] }, diff --git a/2019/5xxx/CVE-2019-5593.json b/2019/5xxx/CVE-2019-5593.json index 5acb8495851..c5099e7d480 100644 --- a/2019/5xxx/CVE-2019-5593.json +++ b/2019/5xxx/CVE-2019-5593.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5593", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5593", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiOS", + "version": { + "version_data": [ + { + "version_value": "FortiOS 6.2.0 to 6.2.1, 6.0.6 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-19-134", + "url": "https://fortiguard.com/psirt/FG-IR-19-134" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below." } ] } diff --git a/2020/7xxx/CVE-2020-7210.json b/2020/7xxx/CVE-2020-7210.json index 8e59795b521..3f709f6d1d2 100644 --- a/2020/7xxx/CVE-2020-7210.json +++ b/2020/7xxx/CVE-2020-7210.json @@ -61,6 +61,16 @@ "refsource": "MISC", "name": "https://sec-consult.com/en/blog/advisories/cross-site-request-forgery-csrf-in-umbraco-cms/", "url": "https://sec-consult.com/en/blog/advisories/cross-site-request-forgery-csrf-in-umbraco-cms/" + }, + { + "refsource": "FULLDISC", + "name": "20200123 SEC Consult SA-20200123-0 :: Cross-Site Request Forgery (CSRF) in Umbraco CMS", + "url": "http://seclists.org/fulldisclosure/2020/Jan/33" + }, + { + "refsource": "BUGTRAQ", + "name": "20200123 SEC Consult SA-20200123-0 :: Cross-Site Request Forgery (CSRF) in Umbraco CMS", + "url": "https://seclists.org/bugtraq/2020/Jan/35" } ] } From 64f523ae180a9743fab827da32eb9ae0aeb489b0 Mon Sep 17 00:00:00 2001 From: Guilherme de Almeida Suckevicz Date: Thu, 23 Jan 2020 14:05:59 -0300 Subject: [PATCH 244/387] CVE-2019-14885 init. --- 2019/14xxx/CVE-2019-14885.json | 71 ++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 2019/14xxx/CVE-2019-14885.json diff --git a/2019/14xxx/CVE-2019-14885.json b/2019/14xxx/CVE-2019-14885.json new file mode 100644 index 00000000000..e9fd7441548 --- /dev/null +++ b/2019/14xxx/CVE-2019-14885.json @@ -0,0 +1,71 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14885", + "ASSIGNER": "gsuckevi@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "JBoss EAP", + "version": { + "version_data": [ + { + "version_value": "All versions before 7.2.6.GA" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14885", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14885", + "refsource": "CONFIRM" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + ] + ] + } +} \ No newline at end of file From 1495451f8745d92fed479b4768f40b97ea77b53f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Jan 2020 18:01:08 +0000 Subject: [PATCH 245/387] "-Synchronized-Data." --- 2012/6xxx/CVE-2012-6083.json | 55 +++++++++++++++++++++-- 2018/18xxx/CVE-2018-18035.json | 5 +++ 2019/14xxx/CVE-2019-14895.json | 5 +++ 2019/14xxx/CVE-2019-14896.json | 5 +++ 2019/14xxx/CVE-2019-14897.json | 5 +++ 2019/14xxx/CVE-2019-14901.json | 5 +++ 2019/15xxx/CVE-2019-15707.json | 62 +++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15712.json | 62 +++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16231.json | 5 +++ 2019/16xxx/CVE-2019-16512.json | 82 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16513.json | 82 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16514.json | 82 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16515.json | 82 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16516.json | 82 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16517.json | 82 ++++++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18660.json | 5 +++ 2019/18xxx/CVE-2019-18813.json | 5 +++ 2019/19xxx/CVE-2019-19045.json | 5 +++ 2019/19xxx/CVE-2019-19051.json | 5 +++ 2019/19xxx/CVE-2019-19052.json | 5 +++ 2019/19xxx/CVE-2019-19055.json | 5 +++ 2019/19xxx/CVE-2019-19072.json | 5 +++ 2019/19xxx/CVE-2019-19524.json | 5 +++ 2019/19xxx/CVE-2019-19529.json | 5 +++ 2019/19xxx/CVE-2019-19534.json | 5 +++ 2020/7xxx/CVE-2020-7210.json | 5 +++ 2020/7xxx/CVE-2020-7220.json | 61 ++++++++++++++++++++++--- 2020/7xxx/CVE-2020-7246.json | 5 +++ 28 files changed, 813 insertions(+), 9 deletions(-) create mode 100644 2019/15xxx/CVE-2019-15707.json create mode 100644 2019/15xxx/CVE-2019-15712.json create mode 100644 2019/16xxx/CVE-2019-16512.json create mode 100644 2019/16xxx/CVE-2019-16513.json create mode 100644 2019/16xxx/CVE-2019-16514.json create mode 100644 2019/16xxx/CVE-2019-16515.json create mode 100644 2019/16xxx/CVE-2019-16516.json create mode 100644 2019/16xxx/CVE-2019-16517.json diff --git a/2012/6xxx/CVE-2012-6083.json b/2012/6xxx/CVE-2012-6083.json index c439ad4d3a4..ccd55b06396 100644 --- a/2012/6xxx/CVE-2012-6083.json +++ b/2012/6xxx/CVE-2012-6083.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-6083", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "freeciv", + "product": { + "product_data": [ + { + "product_name": "freeciv", + "version": { + "version_data": [ + { + "version_value": "before 2.3.3" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Freeciv before 2.3.3 allows remote attackers to cause a denial of service via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/12/31/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/12/31/2" + }, + { + "refsource": "MISC", + "name": "https://freeciv.fandom.com/wiki/NEWS-2.3.3", + "url": "https://freeciv.fandom.com/wiki/NEWS-2.3.3" } ] } diff --git a/2018/18xxx/CVE-2018-18035.json b/2018/18xxx/CVE-2018-18035.json index 8e1cab83c28..4052285d306 100644 --- a/2018/18xxx/CVE-2018-18035.json +++ b/2018/18xxx/CVE-2018-18035.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches", "url": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches" + }, + { + "refsource": "MISC", + "name": "https://www.purplemet.com/blog/openemr-xss-vulnerability", + "url": "https://www.purplemet.com/blog/openemr-xss-vulnerability" } ] } diff --git a/2019/14xxx/CVE-2019-14895.json b/2019/14xxx/CVE-2019-14895.json index e663739a87f..a87e213a852 100644 --- a/2019/14xxx/CVE-2019-14895.json +++ b/2019/14xxx/CVE-2019-14895.json @@ -108,6 +108,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] }, diff --git a/2019/14xxx/CVE-2019-14896.json b/2019/14xxx/CVE-2019-14896.json index 64680ea3618..e6e4db9f26f 100644 --- a/2019/14xxx/CVE-2019-14896.json +++ b/2019/14xxx/CVE-2019-14896.json @@ -103,6 +103,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] }, diff --git a/2019/14xxx/CVE-2019-14897.json b/2019/14xxx/CVE-2019-14897.json index cb7cb17c078..83e294e0b0d 100644 --- a/2019/14xxx/CVE-2019-14897.json +++ b/2019/14xxx/CVE-2019-14897.json @@ -98,6 +98,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] }, diff --git a/2019/14xxx/CVE-2019-14901.json b/2019/14xxx/CVE-2019-14901.json index b2b63069905..c515540f1e0 100644 --- a/2019/14xxx/CVE-2019-14901.json +++ b/2019/14xxx/CVE-2019-14901.json @@ -111,6 +111,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] }, diff --git a/2019/15xxx/CVE-2019-15707.json b/2019/15xxx/CVE-2019-15707.json new file mode 100644 index 00000000000..5d1dbcfa57d --- /dev/null +++ b/2019/15xxx/CVE-2019-15707.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15707", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiMail", + "version": { + "version_data": [ + { + "version_value": "FortiMail 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fortiguard.com/advisory/FG-IR-19-237", + "url": "https://fortiguard.com/advisory/FG-IR-19-237" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15712.json b/2019/15xxx/CVE-2019-15712.json new file mode 100644 index 00000000000..409bef6b61b --- /dev/null +++ b/2019/15xxx/CVE-2019-15712.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15712", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiMail", + "version": { + "version_data": [ + { + "version_value": "FortiMail 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fortiguard.com/advisory/FG-IR-19-237", + "url": "https://fortiguard.com/advisory/FG-IR-19-237" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for." + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16231.json b/2019/16xxx/CVE-2019-16231.json index ead001855cb..461efbe4529 100644 --- a/2019/16xxx/CVE-2019-16231.json +++ b/2019/16xxx/CVE-2019-16231.json @@ -91,6 +91,11 @@ "refsource": "UBUNTU", "name": "USN-4227-2", "url": "https://usn.ubuntu.com/4227-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/16xxx/CVE-2019-16512.json b/2019/16xxx/CVE-2019-16512.json new file mode 100644 index 00000000000..6379d496454 --- /dev/null +++ b/2019/16xxx/CVE-2019-16512.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the Appearance modifier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/connectwise-control", + "url": "https://know.bishopfox.com/advisories/connectwise-control" + }, + { + "refsource": "MISC", + "name": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34", + "url": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox", + "url": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox", + "url": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16513.json b/2019/16xxx/CVE-2019-16513.json new file mode 100644 index 00000000000..ae8458f9aa3 --- /dev/null +++ b/2019/16xxx/CVE-2019-16513.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/connectwise-control", + "url": "https://know.bishopfox.com/advisories/connectwise-control" + }, + { + "refsource": "MISC", + "name": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34", + "url": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox", + "url": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox", + "url": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16514.json b/2019/16xxx/CVE-2019-16514.json new file mode 100644 index 00000000000..c23f1fab979 --- /dev/null +++ b/2019/16xxx/CVE-2019-16514.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/connectwise-control", + "url": "https://know.bishopfox.com/advisories/connectwise-control" + }, + { + "refsource": "MISC", + "name": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34", + "url": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox", + "url": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox", + "url": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16515.json b/2019/16xxx/CVE-2019-16515.json new file mode 100644 index 00000000000..a7feeb407d6 --- /dev/null +++ b/2019/16xxx/CVE-2019-16515.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Certain HTTP security headers are not used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10013", + "url": "https://wpvulndb.com/vulnerabilities/10013" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/connectwise-control", + "url": "https://know.bishopfox.com/advisories/connectwise-control" + }, + { + "refsource": "MISC", + "name": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34", + "url": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox", + "url": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16516.json b/2019/16xxx/CVE-2019-16516.json new file mode 100644 index 00000000000..454e4b4b4e0 --- /dev/null +++ b/2019/16xxx/CVE-2019-16516.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/connectwise-control", + "url": "https://know.bishopfox.com/advisories/connectwise-control" + }, + { + "refsource": "MISC", + "name": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34", + "url": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox", + "url": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox", + "url": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16517.json b/2019/16xxx/CVE-2019-16517.json new file mode 100644 index 00000000000..f88b03a1f25 --- /dev/null +++ b/2019/16xxx/CVE-2019-16517.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative actions, without the victim's knowledge." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/connectwise-control", + "url": "https://know.bishopfox.com/advisories/connectwise-control" + }, + { + "refsource": "MISC", + "name": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34", + "url": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox", + "url": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox", + "url": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18660.json b/2019/18xxx/CVE-2019-18660.json index 36a8b050244..45cdbe6f29b 100644 --- a/2019/18xxx/CVE-2019-18660.json +++ b/2019/18xxx/CVE-2019-18660.json @@ -136,6 +136,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0174", "url": "https://access.redhat.com/errata/RHSA-2020:0174" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/18xxx/CVE-2019-18813.json b/2019/18xxx/CVE-2019-18813.json index eb9514f3b15..2e8f8e535d7 100644 --- a/2019/18xxx/CVE-2019-18813.json +++ b/2019/18xxx/CVE-2019-18813.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4225-1", "url": "https://usn.ubuntu.com/4225-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19045.json b/2019/19xxx/CVE-2019-19045.json index 03a309fef1d..ab7e9771cdf 100644 --- a/2019/19xxx/CVE-2019-19045.json +++ b/2019/19xxx/CVE-2019-19045.json @@ -86,6 +86,11 @@ "refsource": "UBUNTU", "name": "USN-4227-2", "url": "https://usn.ubuntu.com/4227-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19051.json b/2019/19xxx/CVE-2019-19051.json index 2c57fdb32ce..18eef3ffc6f 100644 --- a/2019/19xxx/CVE-2019-19051.json +++ b/2019/19xxx/CVE-2019-19051.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19052.json b/2019/19xxx/CVE-2019-19052.json index c3c8bf73f49..3c9afcd254a 100644 --- a/2019/19xxx/CVE-2019-19052.json +++ b/2019/19xxx/CVE-2019-19052.json @@ -106,6 +106,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19055.json b/2019/19xxx/CVE-2019-19055.json index 4e26d418135..cd39e9eac73 100644 --- a/2019/19xxx/CVE-2019-19055.json +++ b/2019/19xxx/CVE-2019-19055.json @@ -81,6 +81,11 @@ "refsource": "UBUNTU", "name": "USN-4225-1", "url": "https://usn.ubuntu.com/4225-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19072.json b/2019/19xxx/CVE-2019-19072.json index 9dfe49fe8e8..33265d3b560 100644 --- a/2019/19xxx/CVE-2019-19072.json +++ b/2019/19xxx/CVE-2019-19072.json @@ -81,6 +81,11 @@ "refsource": "UBUNTU", "name": "USN-4225-1", "url": "https://usn.ubuntu.com/4225-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19524.json b/2019/19xxx/CVE-2019-19524.json index 772c1b585c9..58fabba5160 100644 --- a/2019/19xxx/CVE-2019-19524.json +++ b/2019/19xxx/CVE-2019-19524.json @@ -116,6 +116,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19529.json b/2019/19xxx/CVE-2019-19529.json index 6ca371aa039..99acb537882 100644 --- a/2019/19xxx/CVE-2019-19529.json +++ b/2019/19xxx/CVE-2019-19529.json @@ -91,6 +91,11 @@ "refsource": "UBUNTU", "name": "USN-4227-2", "url": "https://usn.ubuntu.com/4227-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19534.json b/2019/19xxx/CVE-2019-19534.json index cfa9c4a5d9d..fd51f1e752f 100644 --- a/2019/19xxx/CVE-2019-19534.json +++ b/2019/19xxx/CVE-2019-19534.json @@ -106,6 +106,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2020/7xxx/CVE-2020-7210.json b/2020/7xxx/CVE-2020-7210.json index 3f709f6d1d2..505e9f4aa81 100644 --- a/2020/7xxx/CVE-2020-7210.json +++ b/2020/7xxx/CVE-2020-7210.json @@ -71,6 +71,11 @@ "refsource": "BUGTRAQ", "name": "20200123 SEC Consult SA-20200123-0 :: Cross-Site Request Forgery (CSRF) in Umbraco CMS", "url": "https://seclists.org/bugtraq/2020/Jan/35" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156062/Umbraco-CMS-8.2.2-Cross-Site-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/156062/Umbraco-CMS-8.2.2-Cross-Site-Request-Forgery.html" } ] } diff --git a/2020/7xxx/CVE-2020-7220.json b/2020/7xxx/CVE-2020-7220.json index c54742caae0..f66a4007b9c 100644 --- a/2020/7xxx/CVE-2020-7220.json +++ b/2020/7xxx/CVE-2020-7220.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7220", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7220", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.hashicorp.com/blog/category/vault/", + "refsource": "MISC", + "name": "https://www.hashicorp.com/blog/category/vault/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020", + "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020" } ] } diff --git a/2020/7xxx/CVE-2020-7246.json b/2020/7xxx/CVE-2020-7246.json index 9d394531834..c8377064df7 100644 --- a/2020/7xxx/CVE-2020-7246.json +++ b/2020/7xxx/CVE-2020-7246.json @@ -56,6 +56,11 @@ "url": "https://docs.google.com/document/d/13ZZSm0DL1Ie6r_fU5ZdDKGZ4defFqiFXMG--zDo8S10/edit?usp=sharing", "refsource": "MISC", "name": "https://docs.google.com/document/d/13ZZSm0DL1Ie6r_fU5ZdDKGZ4defFqiFXMG--zDo8S10/edit?usp=sharing" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156063/qdPM-9.1-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156063/qdPM-9.1-Remote-Code-Execution.html" } ] } From 417ff9e44447ddc083abe71a1db110464a0f4bd0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Jan 2020 19:01:11 +0000 Subject: [PATCH 246/387] "-Synchronized-Data." --- 2012/5xxx/CVE-2012-5626.json | 114 ++++++++++++++++++++++++++++++++++- 2013/1xxx/CVE-2013-1592.json | 73 +++++++++++++++++++++- 2020/7xxx/CVE-2020-7040.json | 5 ++ 2020/7xxx/CVE-2020-7933.json | 18 ++++++ 4 files changed, 205 insertions(+), 5 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7933.json diff --git a/2012/5xxx/CVE-2012-5626.json b/2012/5xxx/CVE-2012-5626.json index 8c9e29f35e6..6df1c721001 100644 --- a/2012/5xxx/CVE-2012-5626.json +++ b/2012/5xxx/CVE-2012-5626.json @@ -1,8 +1,90 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-5626", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "JBoss BRMS", + "version": { + "version_data": [ + { + "version_value": "5" + } + ] + } + }, + { + "product_name": "JBoss Enterprise Application Platform", + "version": { + "version_data": [ + { + "version_value": "5" + } + ] + } + }, + { + "product_name": "JBoss Operations Network", + "version": { + "version_data": [ + { + "version_value": "3.1" + } + ] + } + }, + { + "product_name": "JBoss Portal", + "version": { + "version_data": [ + { + "version_value": "4" + }, + { + "version_value": "5" + } + ] + } + }, + { + "product_name": "JBoss SOA Platform", + "version": { + "version_data": [ + { + "version_value": "4.2" + }, + { + "version_value": "4.3" + }, + { + "version_value": "5" + } + ] + } + }, + { + "product_name": "JBoss Enterprise Web Server", + "version": { + "version_data": [ + { + "version_value": "1" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +93,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5626", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5626" + }, + { + "refsource": "CONFIRM", + "name": "https://access.redhat.com/security/cve/cve-2012-5626", + "url": "https://access.redhat.com/security/cve/cve-2012-5626" } ] } diff --git a/2013/1xxx/CVE-2013-1592.json b/2013/1xxx/CVE-2013-1592.json index 88312df0029..4be679ea80f 100644 --- a/2013/1xxx/CVE-2013-1592.json +++ b/2013/1xxx/CVE-2013-1592.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1592", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,53 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/57956", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/57956" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82064", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82064" + }, + { + "url": "http://www.exploit-db.com/exploits/24511", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/24511" + }, + { + "url": "http://www.securitytracker.com/id/1028148", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1028148" + }, + { + "refsource": "MISC", + "name": "http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities", + "url": "http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2013-1592", + "url": "https://packetstormsecurity.com/files/cve/CVE-2013-1592" } ] } diff --git a/2020/7xxx/CVE-2020-7040.json b/2020/7xxx/CVE-2020-7040.json index ce8c6c279f7..74bbdcb66f8 100644 --- a/2020/7xxx/CVE-2020-7040.json +++ b/2020/7xxx/CVE-2020-7040.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200122 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock", "url": "http://www.openwall.com/lists/oss-security/2020/01/22/3" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200123 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock", + "url": "http://www.openwall.com/lists/oss-security/2020/01/23/1" } ] } diff --git a/2020/7xxx/CVE-2020-7933.json b/2020/7xxx/CVE-2020-7933.json new file mode 100644 index 00000000000..ded29b85d81 --- /dev/null +++ b/2020/7xxx/CVE-2020-7933.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7933", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 2fb7bd7a9302d7fd9a76d8269edbd666a8d162cc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Jan 2020 20:01:06 +0000 Subject: [PATCH 247/387] "-Synchronized-Data." --- 2013/1xxx/CVE-2013-1593.json | 68 ++++++++++++++++++++++++- 2014/2xxx/CVE-2014-2050.json | 58 +++++++++++++++++++++- 2015/5xxx/CVE-2015-5239.json | 90 ++++++++++++++++++++++++++++++++-- 2015/5xxx/CVE-2015-5278.json | 80 ++++++++++++++++++++++++++++-- 2015/5xxx/CVE-2015-5334.json | 70 ++++++++++++++++++++++++-- 2015/5xxx/CVE-2015-5745.json | 80 ++++++++++++++++++++++++++++-- 2019/16xxx/CVE-2019-16167.json | 5 ++ 2019/19xxx/CVE-2019-19725.json | 5 ++ 2020/7xxx/CVE-2020-7934.json | 18 +++++++ 2020/7xxx/CVE-2020-7935.json | 18 +++++++ 10 files changed, 476 insertions(+), 16 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7934.json create mode 100644 2020/7xxx/CVE-2020-7935.json diff --git a/2013/1xxx/CVE-2013-1593.json b/2013/1xxx/CVE-2013-1593.json index eb85e162f53..2965dae5afb 100644 --- a/2013/1xxx/CVE-2013-1593.json +++ b/2013/1xxx/CVE-2013-1593.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1593", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/57956", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/57956" + }, + { + "url": "http://www.securitytracker.com/id/1028148", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1028148" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82065", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82065" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2013-1593", + "url": "https://packetstormsecurity.com/files/cve/CVE-2013-1593" + }, + { + "refsource": "MISC", + "name": "https://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities", + "url": "https://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities" } ] } diff --git a/2014/2xxx/CVE-2014-2050.json b/2014/2xxx/CVE-2014-2050.json index f35aafc3b96..f4f5e9ce1ad 100644 --- a/2014/2xxx/CVE-2014-2050.json +++ b/2014/2xxx/CVE-2014-2050.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2050", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://owncloud.org/security/advisories/host-header-poisoning/", + "url": "https://owncloud.org/security/advisories/host-header-poisoning/" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/66221", + "url": "https://www.securityfocus.com/bid/66221" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91971", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91971" } ] } diff --git a/2015/5xxx/CVE-2015-5239.json b/2015/5xxx/CVE-2015-5239.json index 913593a4326..4a78c458c68 100644 --- a/2015/5xxx/CVE-2015-5239.json +++ b/2015/5xxx/CVE-2015-5239.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5239", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,91 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QEMU", + "product": { + "product_data": [ + { + "product_name": "QEMU", + "version": { + "version_data": [ + { + "version_value": "before 2.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html" + }, + { + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html" + }, + { + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html" + }, + { + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2745-1", + "url": "http://www.ubuntu.com/usn/USN-2745-1" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/09/02/7", + "url": "http://www.openwall.com/lists/oss-security/2015/09/02/7" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/qemu/qemu/commit/f9a70e79391f6d7c2a912d785239ee8effc1922d", + "url": "https://github.com/qemu/qemu/commit/f9a70e79391f6d7c2a912d785239ee8effc1922d" } ] } diff --git a/2015/5xxx/CVE-2015-5278.json b/2015/5xxx/CVE-2015-5278.json index 56047e9103e..197290d536a 100644 --- a/2015/5xxx/CVE-2015-5278.json +++ b/2015/5xxx/CVE-2015-5278.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5278", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,81 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QEMU", + "product": { + "product_data": [ + { + "product_name": "QEMU", + "version": { + "version_data": [ + { + "version_value": "before 2.4.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html" + }, + { + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2745-1", + "url": "http://www.ubuntu.com/usn/USN-2745-1" + }, + { + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html" + }, + { + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/09/15/2", + "url": "http://www.openwall.com/lists/oss-security/2015/09/15/2" } ] } diff --git a/2015/5xxx/CVE-2015-5334.json b/2015/5xxx/CVE-2015-5334.json index 2848d04c0c8..d1220135376 100644 --- a/2015/5xxx/CVE-2015-5334.json +++ b/2015/5xxx/CVE-2015-5334.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5334", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LibreSSL", + "product": { + "product_data": [ + { + "product_name": "LibreSSL", + "version": { + "version_data": [ + { + "version_value": "before 2.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html", + "url": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Oct/75", + "url": "http://seclists.org/fulldisclosure/2015/Oct/75" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html", + "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html" + }, + { + "refsource": "MISC", + "name": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt", + "url": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt" } ] } diff --git a/2015/5xxx/CVE-2015-5745.json b/2015/5xxx/CVE-2015-5745.json index f42f7b8d3dd..e40b9d671db 100644 --- a/2015/5xxx/CVE-2015-5745.json +++ b/2015/5xxx/CVE-2015-5745.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5745", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,81 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QEMU", + "product": { + "product_data": [ + { + "product_name": "QEMU", + "version": { + "version_data": [ + { + "version_value": "before 2.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html" + }, + { + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/08/06/3", + "url": "http://www.openwall.com/lists/oss-security/2015/08/06/3" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/08/06/5", + "url": "http://www.openwall.com/lists/oss-security/2015/08/06/5" + }, + { + "refsource": "MISC", + "name": "https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295", + "url": "https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295" } ] } diff --git a/2019/16xxx/CVE-2019-16167.json b/2019/16xxx/CVE-2019-16167.json index b7296a1560f..0780b91ec89 100644 --- a/2019/16xxx/CVE-2019-16167.json +++ b/2019/16xxx/CVE-2019-16167.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2397", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00068.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4242-1", + "url": "https://usn.ubuntu.com/4242-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19725.json b/2019/19xxx/CVE-2019-19725.json index bfd0df95a4b..34117ddc5af 100644 --- a/2019/19xxx/CVE-2019-19725.json +++ b/2019/19xxx/CVE-2019-19725.json @@ -56,6 +56,11 @@ "url": "https://github.com/sysstat/sysstat/issues/242", "refsource": "MISC", "name": "https://github.com/sysstat/sysstat/issues/242" + }, + { + "refsource": "UBUNTU", + "name": "USN-4242-1", + "url": "https://usn.ubuntu.com/4242-1/" } ] } diff --git a/2020/7xxx/CVE-2020-7934.json b/2020/7xxx/CVE-2020-7934.json new file mode 100644 index 00000000000..16aafc0a956 --- /dev/null +++ b/2020/7xxx/CVE-2020-7934.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7934", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7935.json b/2020/7xxx/CVE-2020-7935.json new file mode 100644 index 00000000000..443f661b93e --- /dev/null +++ b/2020/7xxx/CVE-2020-7935.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7935", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 29d592147df4e0a9f0bca52d7db396a729a94af2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Jan 2020 21:01:07 +0000 Subject: [PATCH 248/387] "-Synchronized-Data." --- 2015/5xxx/CVE-2015-5333.json | 65 ++++++++++++++++++++++++++++-- 2016/2xxx/CVE-2016-2090.json | 5 +++ 2019/19xxx/CVE-2019-19893.json | 70 ++++++++++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19894.json | 70 ++++++++++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19895.json | 70 ++++++++++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19896.json | 70 ++++++++++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19897.json | 70 ++++++++++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19898.json | 70 ++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20367.json | 5 +++ 2020/7xxx/CVE-2020-7936.json | 72 ++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7937.json | 72 ++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7938.json | 72 ++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7939.json | 72 ++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7940.json | 72 ++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7941.json | 72 ++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7942.json | 18 +++++++++ 2020/7xxx/CVE-2020-7943.json | 18 +++++++++ 2020/7xxx/CVE-2020-7944.json | 18 +++++++++ 2020/7xxx/CVE-2020-7945.json | 18 +++++++++ 2020/7xxx/CVE-2020-7946.json | 18 +++++++++ 20 files changed, 978 insertions(+), 39 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7936.json create mode 100644 2020/7xxx/CVE-2020-7937.json create mode 100644 2020/7xxx/CVE-2020-7938.json create mode 100644 2020/7xxx/CVE-2020-7939.json create mode 100644 2020/7xxx/CVE-2020-7940.json create mode 100644 2020/7xxx/CVE-2020-7941.json create mode 100644 2020/7xxx/CVE-2020-7942.json create mode 100644 2020/7xxx/CVE-2020-7943.json create mode 100644 2020/7xxx/CVE-2020-7944.json create mode 100644 2020/7xxx/CVE-2020-7945.json create mode 100644 2020/7xxx/CVE-2020-7946.json diff --git a/2015/5xxx/CVE-2015-5333.json b/2015/5xxx/CVE-2015-5333.json index c8d93347640..5608be4f6cc 100644 --- a/2015/5xxx/CVE-2015-5333.json +++ b/2015/5xxx/CVE-2015-5333.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5333", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Leak" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LibreSSL", + "product": { + "product_data": [ + { + "product_name": "LibreSSL", + "version": { + "version_data": [ + { + "version_value": "before 2.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html", + "url": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html" + }, + { + "refsource": "CONFIRM", + "name": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt", + "url": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html", + "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html" } ] } diff --git a/2016/2xxx/CVE-2016-2090.json b/2016/2xxx/CVE-2016-2090.json index 83c9a2dc97b..898501c8aff 100644 --- a/2016/2xxx/CVE-2016-2090.json +++ b/2016/2xxx/CVE-2016-2090.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191230 [SECURITY] [DLA 2052-1] libbsd security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00036.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4243-1", + "url": "https://usn.ubuntu.com/4243-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19893.json b/2019/19xxx/CVE-2019-19893.json index 1e7f524f35f..0e3261f7b74 100644 --- a/2019/19xxx/CVE-2019-19893.json +++ b/2019/19xxx/CVE-2019-19893.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19893", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19893", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\\SYSTEM." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software", + "url": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19894.json b/2019/19xxx/CVE-2019-19894.json index bb4af8faf26..2ffdbafbca1 100644 --- a/2019/19xxx/CVE-2019-19894.json +++ b/2019/19xxx/CVE-2019-19894.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19894", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19894", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In IXP EasyInstall 6.2.13723, it is possible to temporarily disable UAC by using the Agent Service on a client system. An authenticated attacker (non-admin) can disable UAC for other users by renaming and replacing %SYSTEMDRIVE%\\IXP\\DATA\\IXPAS.IXP." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software", + "url": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:N/C:N/I:H/PR:L/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19895.json b/2019/19xxx/CVE-2019-19895.json index 14adf9b5bbc..2924e1c33f6 100644 --- a/2019/19xxx/CVE-2019-19895.json +++ b/2019/19xxx/CVE-2019-19895.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19895", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19895", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In IXP EasyInstall 6.2.13723, there is Lateral Movement (using the Agent Service) against other users on a client system. An authenticated attacker can, by modifying %SYSTEMDRIVE%\\IXP\\SW\\[PACKAGE_CODE]\\EveryLogon.bat, achieve this movement and execute code in the context of other users." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software", + "url": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19896.json b/2019/19xxx/CVE-2019-19896.json index 7c2e67275bc..2def7fa82d5 100644 --- a/2019/19xxx/CVE-2019-19896.json +++ b/2019/19xxx/CVE-2019-19896.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19896", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19896", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Service share. The default file permissions of the IXP$ share on the server allows modification of directories and files (e.g., bat-scripts), which allows execution of code in the context of NT AUTHORITY\\SYSTEM on the target server and clients." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software", + "url": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19897.json b/2019/19xxx/CVE-2019-19897.json index 58860f24309..86fd729b949 100644 --- a/2019/19xxx/CVE-2019-19897.json +++ b/2019/19xxx/CVE-2019-19897.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19897", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19897", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the Agent Service. An unauthenticated attacker can communicate with the Agent Service over TCP port 20051, and execute code in the NT AUTHORITY\\SYSTEM context of the target system by using the Execute Command Line function." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software", + "url": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19898.json b/2019/19xxx/CVE-2019-19898.json index 6db578eb743..0250ca61b02 100644 --- a/2019/19xxx/CVE-2019-19898.json +++ b/2019/19xxx/CVE-2019-19898.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19898", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19898", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP port 20050 when using the Administrator console remotely." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software", + "url": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20367.json b/2019/20xxx/CVE-2019-20367.json index 57db216a8a8..8af648cd6d7 100644 --- a/2019/20xxx/CVE-2019-20367.json +++ b/2019/20xxx/CVE-2019-20367.json @@ -61,6 +61,11 @@ "url": "https://gitlab.freedesktop.org/libbsd/libbsd/commit/9d917aad37778a9f4a96ba358415f077f3f36f3b", "refsource": "MISC", "name": "https://gitlab.freedesktop.org/libbsd/libbsd/commit/9d917aad37778a9f4a96ba358415f077f3f36f3b" + }, + { + "refsource": "UBUNTU", + "name": "USN-4243-1", + "url": "https://usn.ubuntu.com/4243-1/" } ] } diff --git a/2020/7xxx/CVE-2020-7936.json b/2020/7xxx/CVE-2020-7936.json new file mode 100644 index 00000000000..d6de2d2974c --- /dev/null +++ b/2020/7xxx/CVE-2020-7936.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places" + }, + { + "url": "https://plone.org/security/hotfix/20200121", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2020/01/22/1", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2020/01/22/1" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7937.json b/2020/7xxx/CVE-2020-7937.json new file mode 100644 index 00000000000..844977b221f --- /dev/null +++ b/2020/7xxx/CVE-2020-7937.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://plone.org/security/hotfix/20200121", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2020/01/22/1", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2020/01/22/1" + }, + { + "url": "https://plone.org/security/hotfix/20200121/xss-in-the-title-field-on-plone-5-0-and-higher", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121/xss-in-the-title-field-on-plone-5-0-and-higher" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7938.json b/2020/7xxx/CVE-2020-7938.json new file mode 100644 index 00000000000..4744aba46e3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7938.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://plone.org/security/hotfix/20200121", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2020/01/22/1", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2020/01/22/1" + }, + { + "url": "https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installed", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installed" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7939.json b/2020/7xxx/CVE-2020-7939.json new file mode 100644 index 00000000000..11623350449 --- /dev/null +++ b/2020/7xxx/CVE-2020-7939.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://plone.org/security/hotfix/20200121", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2020/01/22/1", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2020/01/22/1" + }, + { + "url": "https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7940.json b/2020/7xxx/CVE-2020-7940.json new file mode 100644 index 00000000000..811d5cebbfb --- /dev/null +++ b/2020/7xxx/CVE-2020-7940.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://plone.org/security/hotfix/20200121", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2020/01/22/1", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2020/01/22/1" + }, + { + "url": "https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7941.json b/2020/7xxx/CVE-2020-7941.json new file mode 100644 index 00000000000..00714ed93f0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7941.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://plone.org/security/hotfix/20200121", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2020/01/22/1", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2020/01/22/1" + }, + { + "url": "https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7942.json b/2020/7xxx/CVE-2020-7942.json new file mode 100644 index 00000000000..f489597c850 --- /dev/null +++ b/2020/7xxx/CVE-2020-7942.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7942", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7943.json b/2020/7xxx/CVE-2020-7943.json new file mode 100644 index 00000000000..55446399ed4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7943.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7943", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7944.json b/2020/7xxx/CVE-2020-7944.json new file mode 100644 index 00000000000..4789ac00023 --- /dev/null +++ b/2020/7xxx/CVE-2020-7944.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7944", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7945.json b/2020/7xxx/CVE-2020-7945.json new file mode 100644 index 00000000000..9ca281e5ab4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7945.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7945", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7946.json b/2020/7xxx/CVE-2020-7946.json new file mode 100644 index 00000000000..1ccc7c000d3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7946.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7946", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From f1037c8925f7a5df4124f0a83cc46e6f0f180479 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Jan 2020 22:01:15 +0000 Subject: [PATCH 249/387] "-Synchronized-Data." --- 2012/4xxx/CVE-2012-4606.json | 48 +++++++++++++++++++++++- 2012/5xxx/CVE-2012-5340.json | 48 +++++++++++++++++++++++- 2012/5xxx/CVE-2012-5389.json | 53 ++++++++++++++++++++++++++- 2012/6xxx/CVE-2012-6649.json | 53 ++++++++++++++++++++++++++- 2012/6xxx/CVE-2012-6663.json | 48 +++++++++++++++++++++++- 2019/0xxx/CVE-2019-0086.json | 5 +++ 2019/14xxx/CVE-2019-14885.json | 3 +- 2019/17xxx/CVE-2019-17570.json | 67 ++++++++++++++++++++++++++++++++++ 2020/6xxx/CVE-2020-6007.json | 50 +++++++++++++++++++++++-- 9 files changed, 361 insertions(+), 14 deletions(-) create mode 100644 2019/17xxx/CVE-2019-17570.json diff --git a/2012/4xxx/CVE-2012-4606.json b/2012/4xxx/CVE-2012-4606.json index 7baa5f49640..bf42309a5fb 100644 --- a/2012/4xxx/CVE-2012-4606.json +++ b/2012/4xxx/CVE-2012-4606.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4606", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "55432", + "url": "http://www.securityfocus.com/bid/55432" } ] } diff --git a/2012/5xxx/CVE-2012-5340.json b/2012/5xxx/CVE-2012-5340.json index 645e016376d..1a5cc3cc901 100644 --- a/2012/5xxx/CVE-2012-5340.json +++ b/2012/5xxx/CVE-2012-5340.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5340", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "EXPLOIT-DB", + "name": "23246", + "url": "http://www.exploit-db.com/exploits/23246" } ] } diff --git a/2012/5xxx/CVE-2012-5389.json b/2012/5xxx/CVE-2012-5389.json index b23cc05ed75..69888e72438 100644 --- a/2012/5xxx/CVE-2012-5389.json +++ b/2012/5xxx/CVE-2012-5389.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5389", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NULL Pointer Dereference in PowerTCP WebServer for ActiveX 1.9.2 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/58940", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/58940" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83310", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83310" } ] } diff --git a/2012/6xxx/CVE-2012-6649.json b/2012/6xxx/CVE-2012-6649.json index 4adb5e202a5..7a1f31decf2 100644 --- a/2012/6xxx/CVE-2012-6649.json +++ b/2012/6xxx/CVE-2012-6649.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6649", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "53909", + "url": "http://www.securityfocus.com/bid/53909" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2014/06/26/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/06/26/4" } ] } diff --git a/2012/6xxx/CVE-2012-6663.json b/2012/6xxx/CVE-2012-6663.json index 0c697378497..11e531155b3 100644 --- a/2012/6xxx/CVE-2012-6663.json +++ b/2012/6xxx/CVE-2012-6663.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6663", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "General Electric D20ME devices are not properly configured and reveal plaintext passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.rapid7.com/db/modules/auxiliary/gather/d20pass", + "refsource": "MISC", + "name": "http://www.rapid7.com/db/modules/auxiliary/gather/d20pass" } ] } diff --git a/2019/0xxx/CVE-2019-0086.json b/2019/0xxx/CVE-2019-0086.json index 66f6d92228e..9c84675e6c1 100644 --- a/2019/0xxx/CVE-2019-0086.json +++ b/2019/0xxx/CVE-2019-0086.json @@ -53,6 +53,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K35815741", "url": "https://support.f5.com/csp/article/K35815741" + }, + { + "refsource": "MISC", + "name": "https://danishcyberdefence.dk/blog/dal", + "url": "https://danishcyberdefence.dk/blog/dal" } ] }, diff --git a/2019/14xxx/CVE-2019-14885.json b/2019/14xxx/CVE-2019-14885.json index e9fd7441548..a781b376573 100644 --- a/2019/14xxx/CVE-2019-14885.json +++ b/2019/14xxx/CVE-2019-14885.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-14885", - "ASSIGNER": "gsuckevi@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/17xxx/CVE-2019-17570.json b/2019/17xxx/CVE-2019-17570.json new file mode 100644 index 00000000000..8fd1e3be9de --- /dev/null +++ b/2019/17xxx/CVE-2019-17570.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17570", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Apache XML-RPC", + "version": { + "version_data": [ + { + "version_value": "Apache XML-RPC all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-17570;", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-17570;" + }, + { + "refsource": "CONFIRM", + "name": "https://lists.apache.org/thread.html/846551673bbb7ec8d691008215384bcef03a3fb004d2da845cfe88ee%401390230951%40%3Cdev.ws.apache.org%3E", + "url": "https://lists.apache.org/thread.html/846551673bbb7ec8d691008215384bcef03a3fb004d2da845cfe88ee%401390230951%40%3Cdev.ws.apache.org%3E" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6007.json b/2020/6xxx/CVE-2020-6007.json index ead747cdd0f..36412a1f739 100644 --- a/2020/6xxx/CVE-2020-6007.json +++ b/2020/6xxx/CVE-2020-6007.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6007", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@checkpoint.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Philips Hue Bridge 2.X", + "version": { + "version_data": [ + { + "version_value": "All versions prior to and including 1935144020" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www2.meethue.com/en-us/support/release-notes/bridge", + "url": "https://www2.meethue.com/en-us/support/release-notes/bridge" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution." } ] } From fbe64ffe6f70912029708618b9f02c209f431ecd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Jan 2020 23:01:07 +0000 Subject: [PATCH 250/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7245.json | 61 ++++++++++++++++++++++++++++++++---- 1 file changed, 55 insertions(+), 6 deletions(-) diff --git a/2020/7xxx/CVE-2020-7245.json b/2020/7xxx/CVE-2020-7245.json index 97a3b1d7b7c..177eb3432fc 100644 --- a/2020/7xxx/CVE-2020-7245.json +++ b/2020/7xxx/CVE-2020-7245.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7245", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7245", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect username validation in the registration processes of CTFd through 2.2.2 allows a remote attacker to take over an arbitrary account after initiating a password reset. This is related to register() and reset_password() in auth.py. To exploit the vulnerability, one must register with a username similar to the admin, but with spaces inserted before and after the username. This will register the account with the same username as the admin. After a reset of the password for this new account, CTFd will reset the admin account's password due to the username collision." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CTFd/CTFd/pull/1218", + "refsource": "MISC", + "name": "https://github.com/CTFd/CTFd/pull/1218" + }, + { + "refsource": "MISC", + "name": "https://github.com/CTFd/CTFd/releases/tag/2.2.3", + "url": "https://github.com/CTFd/CTFd/releases/tag/2.2.3" } ] } From 842c69d322426e634710f5502bae8cf8d73a148c Mon Sep 17 00:00:00 2001 From: Bill Situ Date: Thu, 23 Jan 2020 17:05:22 -0800 Subject: [PATCH 251/387] Bill Situ Oracle Critical Patch Update Advisory - January 2020 Rev 4. On branch cna/Oracle/CPU2020JanRev4 Changes to be committed: modified: 2020/2xxx/CVE-2020-2555.json --- 2020/2xxx/CVE-2020-2555.json | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/2020/2xxx/CVE-2020-2555.json b/2020/2xxx/CVE-2020-2555.json index ea801cab19a..78c41098a31 100644 --- a/2020/2xxx/CVE-2020-2555.json +++ b/2020/2xxx/CVE-2020-2555.json @@ -14,6 +14,10 @@ "product_name": "Coherence", "version": { "version_data": [ + { + "version_value": "3.7.1.17", + "version_affected": "=" + }, { "version_value": "12.1.3.0.0", "version_affected": "=" @@ -43,7 +47,7 @@ "description_data": [ { "lang": "eng", - "value": "Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + "value": "Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.17, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." } ] }, From c2bf39173449285a9e56ae75e3b70b151ab99deb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 24 Jan 2020 05:01:09 +0000 Subject: [PATCH 252/387] "-Synchronized-Data." --- 2016/5xxx/CVE-2016-5017.json | 5 +++++ 2017/3xxx/CVE-2017-3164.json | 5 +++++ 2017/5xxx/CVE-2017-5637.json | 5 +++++ 2018/1000xxx/CVE-2018-1000873.json | 5 +++++ 2018/19xxx/CVE-2018-19360.json | 5 +++++ 2018/19xxx/CVE-2018-19361.json | 5 +++++ 2018/19xxx/CVE-2018-19362.json | 5 +++++ 2018/8xxx/CVE-2018-8012.json | 5 +++++ 2019/0xxx/CVE-2019-0192.json | 5 +++++ 2019/0xxx/CVE-2019-0193.json | 5 +++++ 2019/10xxx/CVE-2019-10080.json | 5 +++++ 2019/10xxx/CVE-2019-10083.json | 5 +++++ 2019/10xxx/CVE-2019-10246.json | 5 +++++ 2019/10xxx/CVE-2019-10247.json | 5 +++++ 2019/10xxx/CVE-2019-10768.json | 5 +++++ 2019/11xxx/CVE-2019-11358.json | 5 +++++ 2019/12xxx/CVE-2019-12086.json | 5 +++++ 2019/12xxx/CVE-2019-12384.json | 5 +++++ 2019/12xxx/CVE-2019-12421.json | 5 +++++ 2019/12xxx/CVE-2019-12814.json | 5 +++++ 2019/14xxx/CVE-2019-14439.json | 5 +++++ 2019/14xxx/CVE-2019-14540.json | 5 +++++ 2019/16xxx/CVE-2019-16335.json | 5 +++++ 23 files changed, 115 insertions(+) diff --git a/2016/5xxx/CVE-2016-5017.json b/2016/5xxx/CVE-2016-5017.json index 4282808c3de..f23ad7f0263 100644 --- a/2016/5xxx/CVE-2016-5017.json +++ b/2016/5xxx/CVE-2016-5017.json @@ -96,6 +96,11 @@ "refsource": "MLIST", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2017/3xxx/CVE-2017-3164.json b/2017/3xxx/CVE-2017-3164.json index 0ea03c1bf6b..9a91b493e34 100644 --- a/2017/3xxx/CVE-2017-3164.json +++ b/2017/3xxx/CVE-2017-3164.json @@ -97,6 +97,11 @@ "refsource": "MLIST", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2017/5xxx/CVE-2017-5637.json b/2017/5xxx/CVE-2017-5637.json index d027e18bf64..e20905faa85 100644 --- a/2017/5xxx/CVE-2017-5637.json +++ b/2017/5xxx/CVE-2017-5637.json @@ -100,6 +100,11 @@ "refsource": "MLIST", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2018/1000xxx/CVE-2018-1000873.json b/2018/1000xxx/CVE-2018-1000873.json index 2bc5c86324e..fc593dd8701 100644 --- a/2018/1000xxx/CVE-2018-1000873.json +++ b/2018/1000xxx/CVE-2018-1000873.json @@ -104,6 +104,11 @@ "refsource": "MLIST", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2018/19xxx/CVE-2018-19360.json b/2018/19xxx/CVE-2018-19360.json index 88a12bd84cd..3dfdd6c1481 100644 --- a/2018/19xxx/CVE-2018-19360.json +++ b/2018/19xxx/CVE-2018-19360.json @@ -216,6 +216,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4037", "url": "https://access.redhat.com/errata/RHSA-2019:4037" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2018/19xxx/CVE-2018-19361.json b/2018/19xxx/CVE-2018-19361.json index 9f99db55197..73685b06891 100644 --- a/2018/19xxx/CVE-2018-19361.json +++ b/2018/19xxx/CVE-2018-19361.json @@ -216,6 +216,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4037", "url": "https://access.redhat.com/errata/RHSA-2019:4037" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2018/19xxx/CVE-2018-19362.json b/2018/19xxx/CVE-2018-19362.json index 24955c18cf6..05a7483a9f8 100644 --- a/2018/19xxx/CVE-2018-19362.json +++ b/2018/19xxx/CVE-2018-19362.json @@ -221,6 +221,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2018/8xxx/CVE-2018-8012.json b/2018/8xxx/CVE-2018-8012.json index 97f9e5c0699..27da4f875f6 100644 --- a/2018/8xxx/CVE-2018-8012.json +++ b/2018/8xxx/CVE-2018-8012.json @@ -82,6 +82,11 @@ "refsource": "MLIST", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2019/0xxx/CVE-2019-0192.json b/2019/0xxx/CVE-2019-0192.json index f47148313a8..ad89e7b605f 100644 --- a/2019/0xxx/CVE-2019-0192.json +++ b/2019/0xxx/CVE-2019-0192.json @@ -107,6 +107,11 @@ "refsource": "MLIST", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2019/0xxx/CVE-2019-0193.json b/2019/0xxx/CVE-2019-0193.json index 35aaa7d023f..2187cf1a2b9 100644 --- a/2019/0xxx/CVE-2019-0193.json +++ b/2019/0xxx/CVE-2019-0193.json @@ -98,6 +98,11 @@ "refsource": "MLIST", "name": "[lucene-issues] 20191130 [jira] [Closed] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler", "url": "https://lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc@%3Cissues.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] }, diff --git a/2019/10xxx/CVE-2019-10080.json b/2019/10xxx/CVE-2019-10080.json index d17cf00f50c..229e3c7537c 100644 --- a/2019/10xxx/CVE-2019-10080.json +++ b/2019/10xxx/CVE-2019-10080.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://nifi.apache.org/security.html#CVE-2019-10080", "url": "https://nifi.apache.org/security.html#CVE-2019-10080" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] }, diff --git a/2019/10xxx/CVE-2019-10083.json b/2019/10xxx/CVE-2019-10083.json index fab566bcdbc..3bfc19a2fe5 100644 --- a/2019/10xxx/CVE-2019-10083.json +++ b/2019/10xxx/CVE-2019-10083.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://nifi.apache.org/security.html#CVE-2019-10083", "url": "https://nifi.apache.org/security.html#CVE-2019-10083" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] }, diff --git a/2019/10xxx/CVE-2019-10246.json b/2019/10xxx/CVE-2019-10246.json index 5eb7fc6421b..dd369813e2f 100644 --- a/2019/10xxx/CVE-2019-10246.json +++ b/2019/10xxx/CVE-2019-10246.json @@ -85,6 +85,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2019/10xxx/CVE-2019-10247.json b/2019/10xxx/CVE-2019-10247.json index 0a6dea2036f..4fba8846809 100644 --- a/2019/10xxx/CVE-2019-10247.json +++ b/2019/10xxx/CVE-2019-10247.json @@ -113,6 +113,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2019/10xxx/CVE-2019-10768.json b/2019/10xxx/CVE-2019-10768.json index fd792658907..92ef476f86f 100644 --- a/2019/10xxx/CVE-2019-10768.json +++ b/2019/10xxx/CVE-2019-10768.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://snyk.io/vuln/SNYK-JS-ANGULAR-534884", "url": "https://snyk.io/vuln/SNYK-JS-ANGULAR-534884" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] }, diff --git a/2019/11xxx/CVE-2019-11358.json b/2019/11xxx/CVE-2019-11358.json index 7c1fc4e431f..e0584c0bdc6 100644 --- a/2019/11xxx/CVE-2019-11358.json +++ b/2019/11xxx/CVE-2019-11358.json @@ -301,6 +301,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2019/12xxx/CVE-2019-12086.json b/2019/12xxx/CVE-2019-12086.json index 3541af51ac5..6f664f9c344 100644 --- a/2019/12xxx/CVE-2019-12086.json +++ b/2019/12xxx/CVE-2019-12086.json @@ -216,6 +216,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2019/12xxx/CVE-2019-12384.json b/2019/12xxx/CVE-2019-12384.json index dea2dfbbfc1..d26bf92eb7d 100644 --- a/2019/12xxx/CVE-2019-12384.json +++ b/2019/12xxx/CVE-2019-12384.json @@ -261,6 +261,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2019/12xxx/CVE-2019-12421.json b/2019/12xxx/CVE-2019-12421.json index 80f8cfbeece..cba56e4545f 100644 --- a/2019/12xxx/CVE-2019-12421.json +++ b/2019/12xxx/CVE-2019-12421.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://nifi.apache.org/security.html#CVE-2019-12421", "url": "https://nifi.apache.org/security.html#CVE-2019-12421" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] }, diff --git a/2019/12xxx/CVE-2019-12814.json b/2019/12xxx/CVE-2019-12814.json index 329eef4869d..23b26a60bc9 100644 --- a/2019/12xxx/CVE-2019-12814.json +++ b/2019/12xxx/CVE-2019-12814.json @@ -311,6 +311,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2019/14xxx/CVE-2019-14439.json b/2019/14xxx/CVE-2019-14439.json index e9aeac4d840..89c9fe25eee 100644 --- a/2019/14xxx/CVE-2019-14439.json +++ b/2019/14xxx/CVE-2019-14439.json @@ -181,6 +181,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2019/14xxx/CVE-2019-14540.json b/2019/14xxx/CVE-2019-14540.json index 0ca30658c8b..5c0a6ac946e 100644 --- a/2019/14xxx/CVE-2019-14540.json +++ b/2019/14xxx/CVE-2019-14540.json @@ -186,6 +186,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0161", "url": "https://access.redhat.com/errata/RHSA-2020:0161" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2019/16xxx/CVE-2019-16335.json b/2019/16xxx/CVE-2019-16335.json index ff7dee966f0..f15fb3ed7a4 100644 --- a/2019/16xxx/CVE-2019-16335.json +++ b/2019/16xxx/CVE-2019-16335.json @@ -171,6 +171,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0161", "url": "https://access.redhat.com/errata/RHSA-2020:0161" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } From 26624b1766bdd4086faa9710ff902f7727fd38b1 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Fri, 24 Jan 2020 09:18:44 +0100 Subject: [PATCH 253/387] data for CVE-2019-3687 --- 2019/3xxx/CVE-2019-3687.json | 86 ++++++++++++++++++++++++++++++++++-- 1 file changed, 83 insertions(+), 3 deletions(-) diff --git a/2019/3xxx/CVE-2019-3687.json b/2019/3xxx/CVE-2019-3687.json index 68abc6c12fb..a64b1c96149 100644 --- a/2019/3xxx/CVE-2019-3687.json +++ b/2019/3xxx/CVE-2019-3687.json @@ -1,9 +1,42 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2019-08-30T00:00:00.000Z", "ID": "CVE-2019-3687", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "\"easy\" permission profile allows everyone execute dumpcap and read all network traffic" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SUSE Linux Enterprise Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "permissions", + "version_value": "081d081dcfaf61710bda34bc21c80c66276119aa" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Malte Kraus of SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +44,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The permission package in SUSE SUSE Linux Enterprise Server allowed all local users to run dumpcap in the \"easy\" permission profile and sniff network traffic.\nThis issue affects:\nSUSE SUSE Linux Enterprise Server\npermissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276: Incorrect Default Permissions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1148788", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1148788" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1148788", + "defect": [ + "1148788" + ], + "discovery": "INTERNAL" } } \ No newline at end of file From a2b37ac4c74dfc14f6db9ceec6f47f5e36e4f78b Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Fri, 24 Jan 2020 09:42:20 +0100 Subject: [PATCH 254/387] data for CVE-2019-3692 --- 2019/3xxx/CVE-2019-3692.json | 117 ++++++++++++++++++++++++++++++++++- 1 file changed, 114 insertions(+), 3 deletions(-) diff --git a/2019/3xxx/CVE-2019-3692.json b/2019/3xxx/CVE-2019-3692.json index c7fa4cd6d62..b5e4266dc2f 100644 --- a/2019/3xxx/CVE-2019-3692.json +++ b/2019/3xxx/CVE-2019-3692.json @@ -1,9 +1,73 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2020-01-24T00:00:00.000Z", "ID": "CVE-2019-3692", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Local privilege escalation from user news to root in the packaging of inn" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SUSE Linux Enterprise Server 11", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "inn", + "version_value": "2.4.2-170.21.3.1" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + }, + { + "product": { + "product_data": [ + { + "product_name": "Factory", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "inn", + "version_value": "2.6.2-2.2" + } + ] + } + }, + { + "product_name": "Leap 15.1", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "inn", + "version_value": "2.5.4-lp151.2.47" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Johannes Segitz of SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +75,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The packaging of inn on SUSE SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks.\nThis issue affects:\nSUSE SUSE Linux Enterprise Server 11\ninn version 2.4.2-170.21.3.1 and prior versions.\nopenSUSE Factory\ninn version 2.6.2-2.2 and prior versions.\nopenSUSE Leap 15.1\ninn version 2.5.4-lp151.2.47 and prior versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1154302", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1154302" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1154302", + "defect": [ + "1154302" + ], + "discovery": "INTERNAL" } } \ No newline at end of file From 8a50749936f08f413f5a9f661e815459c74f185f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 24 Jan 2020 09:01:14 +0000 Subject: [PATCH 255/387] "-Synchronized-Data." --- 2019/3xxx/CVE-2019-3687.json | 4 ++-- 2019/3xxx/CVE-2019-3692.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/2019/3xxx/CVE-2019-3687.json b/2019/3xxx/CVE-2019-3687.json index a64b1c96149..99b0e351a19 100644 --- a/2019/3xxx/CVE-2019-3687.json +++ b/2019/3xxx/CVE-2019-3687.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2019-08-30T00:00:00.000Z", "ID": "CVE-2019-3687", "STATE": "PUBLIC", @@ -44,7 +44,7 @@ "description_data": [ { "lang": "eng", - "value": "The permission package in SUSE SUSE Linux Enterprise Server allowed all local users to run dumpcap in the \"easy\" permission profile and sniff network traffic.\nThis issue affects:\nSUSE SUSE Linux Enterprise Server\npermissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa." + "value": "The permission package in SUSE SUSE Linux Enterprise Server allowed all local users to run dumpcap in the \"easy\" permission profile and sniff network traffic. This issue affects: SUSE SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa." } ] }, diff --git a/2019/3xxx/CVE-2019-3692.json b/2019/3xxx/CVE-2019-3692.json index b5e4266dc2f..d17d351caf1 100644 --- a/2019/3xxx/CVE-2019-3692.json +++ b/2019/3xxx/CVE-2019-3692.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-01-24T00:00:00.000Z", "ID": "CVE-2019-3692", "STATE": "PUBLIC", @@ -75,7 +75,7 @@ "description_data": [ { "lang": "eng", - "value": "The packaging of inn on SUSE SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks.\nThis issue affects:\nSUSE SUSE Linux Enterprise Server 11\ninn version 2.4.2-170.21.3.1 and prior versions.\nopenSUSE Factory\ninn version 2.6.2-2.2 and prior versions.\nopenSUSE Leap 15.1\ninn version 2.5.4-lp151.2.47 and prior versions." + "value": "The packaging of inn on SUSE SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions." } ] }, From de15498cae58542fc0ac8d779673f0270834a5e5 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Fri, 24 Jan 2020 10:55:31 +0100 Subject: [PATCH 256/387] data for CVE-2019-3693 --- 2019/3xxx/CVE-2019-3693.json | 117 ++++++++++++++++++++++++++++++++++- 1 file changed, 114 insertions(+), 3 deletions(-) diff --git a/2019/3xxx/CVE-2019-3693.json b/2019/3xxx/CVE-2019-3693.json index 01aab032cfb..b5bb1a93669 100644 --- a/2019/3xxx/CVE-2019-3693.json +++ b/2019/3xxx/CVE-2019-3693.json @@ -1,9 +1,73 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2019-11-26T00:00:00.000Z", "ID": "CVE-2019-3693", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Local privilege escalation from user wwwrun to root in the packaging of mailman" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SUSE Linux Enterprise Server 11", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "mailman", + "version_value": "2.1.15-9.6.15.1" + } + ] + } + }, + { + "product_name": "SUSE Linux Enterprise Server 12", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "mailman", + "version_value": "2.1.17-3.11.1" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + }, + { + "product": { + "product_data": [ + { + "product_name": "Leap 15.1", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "mailman", + "version_value": "2.1.29-lp151.2.14" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Johannes Segitz of SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +75,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A symlink following vulnerability in the packaging of mailman in SUSE SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman.\nThis issue affects:\nSUSE SUSE Linux Enterprise Server 11\nmailman versions prior to 2.1.15-9.6.15.1.\nSUSE SUSE Linux Enterprise Server 12\nmailman versions prior to 2.1.17-3.11.1.\nopenSUSE Leap 15.1\nmailman version 2.1.29-lp151.2.14 and prior versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1154328", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1154328" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1154328", + "defect": [ + "1154328" + ], + "discovery": "INTERNAL" } } \ No newline at end of file From 886f45c030186f70adc1047c73e5bcc58cdd6ca1 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Fri, 24 Jan 2020 11:46:13 +0100 Subject: [PATCH 257/387] data for CVE-2019-3694 --- 2019/3xxx/CVE-2019-3694.json | 98 ++++++++++++++++++++++++++++++++++-- 1 file changed, 95 insertions(+), 3 deletions(-) diff --git a/2019/3xxx/CVE-2019-3694.json b/2019/3xxx/CVE-2019-3694.json index 9ab9c9bd1ee..f3b50af099f 100644 --- a/2019/3xxx/CVE-2019-3694.json +++ b/2019/3xxx/CVE-2019-3694.json @@ -1,9 +1,54 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2020-01-24T00:00:00.000Z", "ID": "CVE-2019-3694", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Local privilege escalation from munin to root in the packaging of munin" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Factory", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "munin", + "version_value": "2.0.49-4.2" + } + ] + } + }, + { + "product_name": "Leap 15.1", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "munin", + "version_value": "2.0.40-lp151.1.1" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Johannes Segitz of SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +56,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root.\nThis issue affects:\nopenSUSE Factory\nmunin version 2.0.49-4.2 and prior versions.\nopenSUSE Leap 15.1\nmunin version 2.0.40-lp151.1.1 and prior versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1155078", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1155078" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1155078", + "defect": [ + "1155078" + ], + "discovery": "INTERNAL" } } \ No newline at end of file From 5a6b44dc436d28ce4e15cd0fcf76bf718f3611b0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 24 Jan 2020 11:01:16 +0000 Subject: [PATCH 258/387] "-Synchronized-Data." --- 2019/3xxx/CVE-2019-3693.json | 4 ++-- 2019/3xxx/CVE-2019-3694.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/2019/3xxx/CVE-2019-3693.json b/2019/3xxx/CVE-2019-3693.json index b5bb1a93669..0add69ee2a3 100644 --- a/2019/3xxx/CVE-2019-3693.json +++ b/2019/3xxx/CVE-2019-3693.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2019-11-26T00:00:00.000Z", "ID": "CVE-2019-3693", "STATE": "PUBLIC", @@ -75,7 +75,7 @@ "description_data": [ { "lang": "eng", - "value": "A symlink following vulnerability in the packaging of mailman in SUSE SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman.\nThis issue affects:\nSUSE SUSE Linux Enterprise Server 11\nmailman versions prior to 2.1.15-9.6.15.1.\nSUSE SUSE Linux Enterprise Server 12\nmailman versions prior to 2.1.17-3.11.1.\nopenSUSE Leap 15.1\nmailman version 2.1.29-lp151.2.14 and prior versions." + "value": "A symlink following vulnerability in the packaging of mailman in SUSE SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions." } ] }, diff --git a/2019/3xxx/CVE-2019-3694.json b/2019/3xxx/CVE-2019-3694.json index f3b50af099f..5081eeadbee 100644 --- a/2019/3xxx/CVE-2019-3694.json +++ b/2019/3xxx/CVE-2019-3694.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-01-24T00:00:00.000Z", "ID": "CVE-2019-3694", "STATE": "PUBLIC", @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root.\nThis issue affects:\nopenSUSE Factory\nmunin version 2.0.49-4.2 and prior versions.\nopenSUSE Leap 15.1\nmunin version 2.0.40-lp151.1.1 and prior versions." + "value": "A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Factory munin version 2.0.49-4.2 and prior versions. openSUSE Leap 15.1 munin version 2.0.40-lp151.1.1 and prior versions." } ] }, From f31bc479b48673f14941a5f99a54a236b88c6fb7 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Fri, 24 Jan 2020 13:08:16 +0100 Subject: [PATCH 259/387] data for CVE-2019-3697 --- 2019/3xxx/CVE-2019-3697.json | 88 ++++++++++++++++++++++++++++++++++-- 1 file changed, 84 insertions(+), 4 deletions(-) diff --git a/2019/3xxx/CVE-2019-3697.json b/2019/3xxx/CVE-2019-3697.json index 21194c7e8e5..a613738ae4e 100644 --- a/2019/3xxx/CVE-2019-3697.json +++ b/2019/3xxx/CVE-2019-3697.json @@ -1,9 +1,42 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2020-01-24T00:00:00.000Z", "ID": "CVE-2019-3697", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Local privilege escalation from user gnump3d to root" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Leap 15.1", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "gnump3d", + "version_value": "3.0-lp151.2.1" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Johannes Segitz of SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +44,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root.\nThis issue affects:\nopenSUSE Leap 15.1\ngnump3d version 3.0-lp151.2.1 and prior versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1154229", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1154229" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1154229", + "defect": [ + "1154229" + ], + "discovery": "INTERNAL" } -} \ No newline at end of file +} From 521073fd815a6bf9734276d2124734434e4653cb Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Fri, 24 Jan 2020 13:22:31 +0100 Subject: [PATCH 260/387] data for CVE-2019-3699 --- 2019/3xxx/CVE-2019-3699.json | 98 ++++++++++++++++++++++++++++++++++-- 1 file changed, 95 insertions(+), 3 deletions(-) diff --git a/2019/3xxx/CVE-2019-3699.json b/2019/3xxx/CVE-2019-3699.json index 5def191ae7e..7ec47d8fb4f 100644 --- a/2019/3xxx/CVE-2019-3699.json +++ b/2019/3xxx/CVE-2019-3699.json @@ -1,9 +1,54 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2020-01-24T00:00:00.000Z", "ID": "CVE-2019-3699", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Local privilege escalation from user privoxy to root" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Leap 15.1", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "privoxy", + "version_value": "3.0.28-lp151.1.1" + } + ] + } + }, + { + "product_name": "Factory", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "privoxy", + "version_value": "3.0.28-2.1" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Johannes Segitz of SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +56,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root.\nThis issue affects:\nopenSUSE Leap 15.1\nprivoxy version 3.0.28-lp151.1.1 and prior versions.\nopenSUSE Factory\nprivoxy version 3.0.28-2.1 and prior versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1157449", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157449" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1157449", + "defect": [ + "1157449" + ], + "discovery": "INTERNAL" } } \ No newline at end of file From e105517337f564b66864e5b8d61bd4d4f9138b93 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Fri, 24 Jan 2020 13:40:57 +0100 Subject: [PATCH 261/387] data for CVE-2019-3700 --- 2019/3xxx/CVE-2019-3700.json | 108 +++++++++++++++++++++++++++++------ 1 file changed, 91 insertions(+), 17 deletions(-) diff --git a/2019/3xxx/CVE-2019-3700.json b/2019/3xxx/CVE-2019-3700.json index 88861afd269..0f362495285 100644 --- a/2019/3xxx/CVE-2019-3700.json +++ b/2019/3xxx/CVE-2019-3700.json @@ -1,18 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3700", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2019-11-22T00:00:00.000Z", + "ID": "CVE-2019-3700", + "STATE": "PUBLIC", + "TITLE": "yast: Fallback to DES without configuration in /etc/login.def" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Factory", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "yast2-security", + "version_value": "4.2.6" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": " yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security switched to stronger defaults in 4.2.6 and used the new configuration file locations. Password created during this time used DES password encryption and are not properly protected against attackers that are able to access the password hashes." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 2.9, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1157541", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157541" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1157541", + "defect": [ + "1157541" + ], + "discovery": "USER" + } +} \ No newline at end of file From 1fe90e637ea3894af0a32dc7e5a42fd73837c062 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 24 Jan 2020 13:01:23 +0000 Subject: [PATCH 262/387] "-Synchronized-Data." --- 2019/3xxx/CVE-2019-3697.json | 6 +++--- 2019/3xxx/CVE-2019-3699.json | 4 ++-- 2020/7xxx/CVE-2020-7947.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7948.json | 18 ++++++++++++++++++ 4 files changed, 41 insertions(+), 5 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7947.json create mode 100644 2020/7xxx/CVE-2020-7948.json diff --git a/2019/3xxx/CVE-2019-3697.json b/2019/3xxx/CVE-2019-3697.json index a613738ae4e..24baff450cf 100644 --- a/2019/3xxx/CVE-2019-3697.json +++ b/2019/3xxx/CVE-2019-3697.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-01-24T00:00:00.000Z", "ID": "CVE-2019-3697", "STATE": "PUBLIC", @@ -44,7 +44,7 @@ "description_data": [ { "lang": "eng", - "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root.\nThis issue affects:\nopenSUSE Leap 15.1\ngnump3d version 3.0-lp151.2.1 and prior versions." + "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions." } ] }, @@ -95,4 +95,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3699.json b/2019/3xxx/CVE-2019-3699.json index 7ec47d8fb4f..f85f01203a4 100644 --- a/2019/3xxx/CVE-2019-3699.json +++ b/2019/3xxx/CVE-2019-3699.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-01-24T00:00:00.000Z", "ID": "CVE-2019-3699", "STATE": "PUBLIC", @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root.\nThis issue affects:\nopenSUSE Leap 15.1\nprivoxy version 3.0.28-lp151.1.1 and prior versions.\nopenSUSE Factory\nprivoxy version 3.0.28-2.1 and prior versions." + "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions." } ] }, diff --git a/2020/7xxx/CVE-2020-7947.json b/2020/7xxx/CVE-2020-7947.json new file mode 100644 index 00000000000..cf2bb420877 --- /dev/null +++ b/2020/7xxx/CVE-2020-7947.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7947", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7948.json b/2020/7xxx/CVE-2020-7948.json new file mode 100644 index 00000000000..4d7b00be497 --- /dev/null +++ b/2020/7xxx/CVE-2020-7948.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7948", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 69e81b73088867492f052c9c57cad16edbb9f460 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 24 Jan 2020 14:01:13 +0000 Subject: [PATCH 263/387] "-Synchronized-Data." --- 2019/3xxx/CVE-2019-3700.json | 4 ++-- 2020/7xxx/CVE-2020-7949.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7950.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7951.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7952.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7953.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7954.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7955.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7956.json | 18 ++++++++++++++++++ 9 files changed, 146 insertions(+), 2 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7949.json create mode 100644 2020/7xxx/CVE-2020-7950.json create mode 100644 2020/7xxx/CVE-2020-7951.json create mode 100644 2020/7xxx/CVE-2020-7952.json create mode 100644 2020/7xxx/CVE-2020-7953.json create mode 100644 2020/7xxx/CVE-2020-7954.json create mode 100644 2020/7xxx/CVE-2020-7955.json create mode 100644 2020/7xxx/CVE-2020-7956.json diff --git a/2019/3xxx/CVE-2019-3700.json b/2019/3xxx/CVE-2019-3700.json index 0f362495285..aa5eff619f0 100644 --- a/2019/3xxx/CVE-2019-3700.json +++ b/2019/3xxx/CVE-2019-3700.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2019-11-22T00:00:00.000Z", "ID": "CVE-2019-3700", "STATE": "PUBLIC", @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": " yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security switched to stronger defaults in 4.2.6 and used the new configuration file locations. Password created during this time used DES password encryption and are not properly protected against attackers that are able to access the password hashes." + "value": "yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security switched to stronger defaults in 4.2.6 and used the new configuration file locations. Password created during this time used DES password encryption and are not properly protected against attackers that are able to access the password hashes." } ] }, diff --git a/2020/7xxx/CVE-2020-7949.json b/2020/7xxx/CVE-2020-7949.json new file mode 100644 index 00000000000..9e4492e456b --- /dev/null +++ b/2020/7xxx/CVE-2020-7949.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7949", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7950.json b/2020/7xxx/CVE-2020-7950.json new file mode 100644 index 00000000000..b9f4ecafecd --- /dev/null +++ b/2020/7xxx/CVE-2020-7950.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7950", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7951.json b/2020/7xxx/CVE-2020-7951.json new file mode 100644 index 00000000000..f9bf8566f3e --- /dev/null +++ b/2020/7xxx/CVE-2020-7951.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7951", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7952.json b/2020/7xxx/CVE-2020-7952.json new file mode 100644 index 00000000000..43e3eb21fc8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7952.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7952", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7953.json b/2020/7xxx/CVE-2020-7953.json new file mode 100644 index 00000000000..7112ad9dd53 --- /dev/null +++ b/2020/7xxx/CVE-2020-7953.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7953", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7954.json b/2020/7xxx/CVE-2020-7954.json new file mode 100644 index 00000000000..c0acbb64121 --- /dev/null +++ b/2020/7xxx/CVE-2020-7954.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7954", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7955.json b/2020/7xxx/CVE-2020-7955.json new file mode 100644 index 00000000000..80cb63792ab --- /dev/null +++ b/2020/7xxx/CVE-2020-7955.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7955", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7956.json b/2020/7xxx/CVE-2020-7956.json new file mode 100644 index 00000000000..e77f7995fba --- /dev/null +++ b/2020/7xxx/CVE-2020-7956.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7956", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 0456bc3fda4616024f829f16ea24c697386a6052 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Fri, 24 Jan 2020 15:22:42 +0100 Subject: [PATCH 264/387] Remove duplicated mention of SUSE introduced by vulnogram --- 2011/0xxx/CVE-2011-0467.json | 2 +- 2011/3xxx/CVE-2011-3172.json | 2 +- 2019/18xxx/CVE-2019-18898.json | 2 +- 2019/3xxx/CVE-2019-3687.json | 2 +- 2019/3xxx/CVE-2019-3691.json | 2 +- 2019/3xxx/CVE-2019-3692.json | 2 +- 2019/3xxx/CVE-2019-3693.json | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/2011/0xxx/CVE-2011-0467.json b/2011/0xxx/CVE-2011-0467.json index 596b65a8dc0..97443487439 100644 --- a/2011/0xxx/CVE-2011-0467.json +++ b/2011/0xxx/CVE-2011-0467.json @@ -54,7 +54,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the listing of available software of SUSE SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1." + "value": "A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1." } ] }, diff --git a/2011/3xxx/CVE-2011-3172.json b/2011/3xxx/CVE-2011-3172.json index 7f3d8648e0f..2ec81070430 100644 --- a/2011/3xxx/CVE-2011-3172.json +++ b/2011/3xxx/CVE-2011-3172.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in pam_modules of SUSE SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE SUSE Linux Enterprise: versions prior to 12." + "value": "A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12." } ] }, diff --git a/2019/18xxx/CVE-2019-18898.json b/2019/18xxx/CVE-2019-18898.json index 9fff1ac4200..1431d3851fd 100644 --- a/2019/18xxx/CVE-2019-18898.json +++ b/2019/18xxx/CVE-2019-18898.json @@ -63,7 +63,7 @@ "description_data": [ { "lang": "eng", - "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1." + "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1." } ] }, diff --git a/2019/3xxx/CVE-2019-3687.json b/2019/3xxx/CVE-2019-3687.json index 99b0e351a19..d4d05fa84a8 100644 --- a/2019/3xxx/CVE-2019-3687.json +++ b/2019/3xxx/CVE-2019-3687.json @@ -44,7 +44,7 @@ "description_data": [ { "lang": "eng", - "value": "The permission package in SUSE SUSE Linux Enterprise Server allowed all local users to run dumpcap in the \"easy\" permission profile and sniff network traffic. This issue affects: SUSE SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa." + "value": "The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the \"easy\" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa." } ] }, diff --git a/2019/3xxx/CVE-2019-3691.json b/2019/3xxx/CVE-2019-3691.json index 07a162f877a..1cb9d04ab97 100644 --- a/2019/3xxx/CVE-2019-3691.json +++ b/2019/3xxx/CVE-2019-3691.json @@ -63,7 +63,7 @@ "description_data": [ { "lang": "eng", - "value": "A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1." + "value": "A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1." } ] }, diff --git a/2019/3xxx/CVE-2019-3692.json b/2019/3xxx/CVE-2019-3692.json index d17d351caf1..f3bd44f7aba 100644 --- a/2019/3xxx/CVE-2019-3692.json +++ b/2019/3xxx/CVE-2019-3692.json @@ -75,7 +75,7 @@ "description_data": [ { "lang": "eng", - "value": "The packaging of inn on SUSE SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions." + "value": "The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions." } ] }, diff --git a/2019/3xxx/CVE-2019-3693.json b/2019/3xxx/CVE-2019-3693.json index 0add69ee2a3..dab8ed0696f 100644 --- a/2019/3xxx/CVE-2019-3693.json +++ b/2019/3xxx/CVE-2019-3693.json @@ -75,7 +75,7 @@ "description_data": [ { "lang": "eng", - "value": "A symlink following vulnerability in the packaging of mailman in SUSE SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions." + "value": "A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions." } ] }, From 6653e4e981750a9577385df01f75a673b93e56d1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 24 Jan 2020 15:01:54 +0000 Subject: [PATCH 265/387] "-Synchronized-Data." --- 2012/6xxx/CVE-2012-6302.json | 48 ++++++++++++++++++- 2012/6xxx/CVE-2012-6451.json | 53 ++++++++++++++++++++- 2013/3xxx/CVE-2013-3960.json | 53 ++++++++++++++++++++- 2013/4xxx/CVE-2013-4333.json | 84 ++++++++++++++++++++++++++++++++-- 2019/19xxx/CVE-2019-19632.json | 61 +++++++++++++++++++++--- 2020/7xxx/CVE-2020-7226.json | 61 +++++++++++++++++++++--- 6 files changed, 339 insertions(+), 21 deletions(-) diff --git a/2012/6xxx/CVE-2012-6302.json b/2012/6xxx/CVE-2012-6302.json index 0720be9115a..9140a7fc416 100644 --- a/2012/6xxx/CVE-2012-6302.json +++ b/2012/6xxx/CVE-2012-6302.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6302", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soapbox within a sandboxed Soapbox." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/12/10/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/12/10/1" } ] } diff --git a/2012/6xxx/CVE-2012-6451.json b/2012/6xxx/CVE-2012-6451.json index 25d1f467e23..105ff2fde28 100644 --- a/2012/6xxx/CVE-2012-6451.json +++ b/2012/6xxx/CVE-2012-6451.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6451", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/57761", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/57761" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81870", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81870" } ] } diff --git a/2013/3xxx/CVE-2013-3960.json b/2013/3xxx/CVE-2013-3960.json index 797f4ef478a..5bd869bb9bc 100644 --- a/2013/3xxx/CVE-2013-3960.json +++ b/2013/3xxx/CVE-2013-3960.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3960", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89171", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89171" + }, + { + "refsource": "MISC", + "name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18896", + "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18896" } ] } diff --git a/2013/4xxx/CVE-2013-4333.json b/2013/4xxx/CVE-2013-4333.json index acb45e94531..6fc40bb27c5 100644 --- a/2013/4xxx/CVE-2013-4333.json +++ b/2013/4xxx/CVE-2013-4333.json @@ -1,8 +1,55 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4333", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenPNE", + "product": { + "product_data": [ + { + "product_name": "OpenPNE", + "version": { + "version_data": [ + { + "version_value": "3.8.7" + }, + { + "version_value": "3.6.11" + }, + { + "version_value": "3.4.21.1" + }, + { + "version_value": "3.2.7.6" + }, + { + "version_value": "3.0.8.5 (Fixed: 3.8.7.1" + }, + { + "version_value": "3.6.11.1" + }, + { + "version_value": "3.4.21.2" + }, + { + "version_value": "3.2.7.7" + }, + { + "version_value": "3.0.8.6)" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +58,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XXE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/62285", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/62285" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/09/11/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/09/11/6" } ] } diff --git a/2019/19xxx/CVE-2019-19632.json b/2019/19xxx/CVE-2019-19632.json index d02a9831f6a..c0be70cb84a 100644 --- a/2019/19xxx/CVE-2019-19632.json +++ b/2019/19xxx/CVE-2019-19632.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19632", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19632", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. An unauthenticated attacker may inject stored arbitrary JavaScript (XSS), and execute it in the content of authenticated administrators." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/big-monitoring-fabric", + "url": "https://know.bishopfox.com/advisories/big-monitoring-fabric" } ] } diff --git a/2020/7xxx/CVE-2020-7226.json b/2020/7xxx/CVE-2020-7226.json index 7399af5e290..6b9009bd1d2 100644 --- a/2020/7xxx/CVE-2020-7226.json +++ b/2020/7xxx/CVE-2020-7226.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7226", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7226", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with \"new byte\" may depend on untrusted input within the header of encoded data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/vt-middleware/cryptacular/blob/master/src/main/java/org/cryptacular/CiphertextHeader.java#L153", + "refsource": "MISC", + "name": "https://github.com/vt-middleware/cryptacular/blob/master/src/main/java/org/cryptacular/CiphertextHeader.java#L153" + }, + { + "refsource": "MISC", + "name": "https://github.com/vt-middleware/cryptacular/issues/52", + "url": "https://github.com/vt-middleware/cryptacular/issues/52" } ] } From 545f95acbb83b47b564648ba710aa6159f560c49 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Fri, 24 Jan 2020 16:09:25 +0100 Subject: [PATCH 266/387] data for CVE-2019-18900 --- 2019/18xxx/CVE-2019-18900.json | 121 +++++++++++++++++++++++++++++++++ 1 file changed, 121 insertions(+) create mode 100644 2019/18xxx/CVE-2019-18900.json diff --git a/2019/18xxx/CVE-2019-18900.json b/2019/18xxx/CVE-2019-18900.json new file mode 100644 index 00000000000..798f8a847bc --- /dev/null +++ b/2019/18xxx/CVE-2019-18900.json @@ -0,0 +1,121 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2020-01-24T00:00:00.000Z", + "ID": "CVE-2019-18900", + "STATE": "PUBLIC", + "TITLE": "libzypp stores cookies world readable" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CaaS Platform 3.0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "libzypp", + "version_value": "16.21.2-27.68.1" + } + ] + } + }, + { + "product_name": "SUSE Linux Enterprise Server 12", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "libzypp", + "version_value": "16.21.2-2.45.1" + } + ] + } + }, + { + "product_name": "SUSE Linux Enterprise Server 15", + "version": { + "version_data": [ + { + "version_name": "libzypp", + "version_value": "17.19.0-3.34.1" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Matthias Gerstner of SUSE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": ": Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies.\nThis issue affects:\nSUSE CaaS Platform 3.0\nlibzypp versions prior to 16.21.2-27.68.1.\nSUSE Linux Enterprise Server 12\nlibzypp versions prior to 16.21.2-2.45.1.\nSUSE Linux Enterprise Server 15\n17.19.0-3.34.1." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276: Incorrect Default Permissions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1158763", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1158763" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1158763", + "defect": [ + "1158763" + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file From 45c327488a27185462fddeacf32f5fdca49059aa Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Fri, 24 Jan 2020 08:24:02 -0700 Subject: [PATCH 267/387] add CVE-2020-5219 for GHSA-hxhm-96pp-2m43 --- 2020/5xxx/CVE-2020-5219.json | 95 +++++++++++++++++++++++++++++++++--- 1 file changed, 88 insertions(+), 7 deletions(-) diff --git a/2020/5xxx/CVE-2020-5219.json b/2020/5xxx/CVE-2020-5219.json index 1c9b8dfc24e..b8a4c022886 100644 --- a/2020/5xxx/CVE-2020-5219.json +++ b/2020/5xxx/CVE-2020-5219.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5219", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Remote Code Execution in Angular Expressions" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "angular-expressions", + "version": { + "version_data": [ + { + "version_value": "< 1.0.1" + } + ] + } + } + ] + }, + "vendor_name": "peerigon" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "reported by GoSecure Inc" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input.\n\nIf running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput).\n\nIf running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/peerigon/angular-expressions/security/advisories/GHSA-hxhm-96pp-2m43", + "refsource": "CONFIRM", + "url": "https://github.com/peerigon/angular-expressions/security/advisories/GHSA-hxhm-96pp-2m43" + }, + { + "name": "https://github.com/peerigon/angular-expressions/commit/061addfb9a9e932a970e5fcb913d020038e65667", + "refsource": "MISC", + "url": "https://github.com/peerigon/angular-expressions/commit/061addfb9a9e932a970e5fcb913d020038e65667" + }, + { + "name": "http://blog.angularjs.org/2016/09/angular-16-expression-sandbox-removal.html", + "refsource": "MISC", + "url": "http://blog.angularjs.org/2016/09/angular-16-expression-sandbox-removal.html" + } + ] + }, + "source": { + "advisory": "GHSA-hxhm-96pp-2m43", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} From 2eac0e12bbd601b7ad77df7bb3f10915c58160c6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 24 Jan 2020 16:01:18 +0000 Subject: [PATCH 268/387] "-Synchronized-Data." --- 2019/18xxx/CVE-2019-18900.json | 4 +-- 2019/19xxx/CVE-2019-19631.json | 61 ++++++++++++++++++++++++++++++---- 2020/5xxx/CVE-2020-5219.json | 4 +-- 3 files changed, 59 insertions(+), 10 deletions(-) diff --git a/2019/18xxx/CVE-2019-18900.json b/2019/18xxx/CVE-2019-18900.json index 798f8a847bc..0cd32f9246a 100644 --- a/2019/18xxx/CVE-2019-18900.json +++ b/2019/18xxx/CVE-2019-18900.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-01-24T00:00:00.000Z", "ID": "CVE-2019-18900", "STATE": "PUBLIC", @@ -67,7 +67,7 @@ "description_data": [ { "lang": "eng", - "value": ": Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies.\nThis issue affects:\nSUSE CaaS Platform 3.0\nlibzypp versions prior to 16.21.2-27.68.1.\nSUSE Linux Enterprise Server 12\nlibzypp versions prior to 16.21.2-2.45.1.\nSUSE Linux Enterprise Server 15\n17.19.0-3.34.1." + "value": ": Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1." } ] }, diff --git a/2019/19xxx/CVE-2019-19631.json b/2019/19xxx/CVE-2019-19631.json index 195a1382693..f90079373bf 100644 --- a/2019/19xxx/CVE-2019-19631.json +++ b/2019/19xxx/CVE-2019-19631.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19631", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19631", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. A read-only user can access sensitive information via an API endpoint that reveals session cookies of authenticated administrators, leading to privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/big-monitoring-fabric", + "url": "https://know.bishopfox.com/advisories/big-monitoring-fabric" } ] } diff --git a/2020/5xxx/CVE-2020-5219.json b/2020/5xxx/CVE-2020-5219.json index b8a4c022886..934cef35a53 100644 --- a/2020/5xxx/CVE-2020-5219.json +++ b/2020/5xxx/CVE-2020-5219.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input.\n\nIf running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput).\n\nIf running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution." + "value": "Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution." } ] }, @@ -96,4 +96,4 @@ "advisory": "GHSA-hxhm-96pp-2m43", "discovery": "UNKNOWN" } -} +} \ No newline at end of file From 2ec4a7232e31708c837736456d52b7decc5d3a58 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 24 Jan 2020 17:01:10 +0000 Subject: [PATCH 269/387] "-Synchronized-Data." --- 2013/1xxx/CVE-2013-1594.json | 73 +++++++++++++++++++++++++++++++++++- 2014/1xxx/CVE-2014-1922.json | 63 ++++++++++++++++++++++++++++++- 2014/1xxx/CVE-2014-1923.json | 68 ++++++++++++++++++++++++++++++++- 2014/1xxx/CVE-2014-1924.json | 63 ++++++++++++++++++++++++++++++- 2014/1xxx/CVE-2014-1925.json | 63 ++++++++++++++++++++++++++++++- 2015/4xxx/CVE-2015-4041.json | 58 +++++++++++++++++++++++++++- 2015/4xxx/CVE-2015-4042.json | 53 +++++++++++++++++++++++++- 2020/6xxx/CVE-2020-6961.json | 50 ++++++++++++++++++++++-- 2020/6xxx/CVE-2020-6962.json | 50 ++++++++++++++++++++++-- 2020/6xxx/CVE-2020-6963.json | 50 ++++++++++++++++++++++-- 2020/6xxx/CVE-2020-6964.json | 50 ++++++++++++++++++++++-- 11 files changed, 615 insertions(+), 26 deletions(-) diff --git a/2013/1xxx/CVE-2013-1594.json b/2013/1xxx/CVE-2013-1594.json index 53a28568e6e..3b0b0941fd1 100644 --- a/2013/1xxx/CVE-2013-1594.json +++ b/2013/1xxx/CVE-2013-1594.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1594", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,53 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/59572", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59572" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83943", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83943" + }, + { + "url": "http://www.exploit-db.com/exploits/25139", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/25139" + }, + { + "refsource": "MISC", + "name": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities", + "url": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2013-1594", + "url": "https://packetstormsecurity.com/files/cve/CVE-2013-1594" + }, + { + "refsource": "MISC", + "name": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt", + "url": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt" } ] } diff --git a/2014/1xxx/CVE-2014-1922.json b/2014/1xxx/CVE-2014-1922.json index 31e9c974d88..7091846f487 100644 --- a/2014/1xxx/CVE-2014-1922.json +++ b/2014/1xxx/CVE-2014-1922.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1922", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660", + "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660" + }, + { + "refsource": "MISC", + "name": "http://koha-community.org/security-release-february-2014/", + "url": "http://koha-community.org/security-release-february-2014/" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/07/10", + "url": "http://www.openwall.com/lists/oss-security/2014/02/07/10" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/10/3", + "url": "http://www.openwall.com/lists/oss-security/2014/02/10/3" } ] } diff --git a/2014/1xxx/CVE-2014-1923.json b/2014/1xxx/CVE-2014-1923.json index ea12822d2b0..35b2f3ca452 100644 --- a/2014/1xxx/CVE-2014-1923.json +++ b/2014/1xxx/CVE-2014-1923.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1923", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://koha-community.org/security-release-february-2014/", + "url": "http://koha-community.org/security-release-february-2014/" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/07/10", + "url": "http://www.openwall.com/lists/oss-security/2014/02/07/10" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/10/3", + "url": "http://www.openwall.com/lists/oss-security/2014/02/10/3" + }, + { + "refsource": "MISC", + "name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661", + "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661" + }, + { + "refsource": "MISC", + "name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662", + "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662" } ] } diff --git a/2014/1xxx/CVE-2014-1924.json b/2014/1xxx/CVE-2014-1924.json index 3609219f1ac..9b3c6674769 100644 --- a/2014/1xxx/CVE-2014-1924.json +++ b/2014/1xxx/CVE-2014-1924.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1924", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://koha-community.org/security-release-february-2014/", + "url": "http://koha-community.org/security-release-february-2014/" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/07/10", + "url": "http://www.openwall.com/lists/oss-security/2014/02/07/10" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/10/3", + "url": "http://www.openwall.com/lists/oss-security/2014/02/10/3" + }, + { + "refsource": "MISC", + "name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666", + "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666" } ] } diff --git a/2014/1xxx/CVE-2014-1925.json b/2014/1xxx/CVE-2014-1925.json index ff372a18ebc..347e8e5c6af 100644 --- a/2014/1xxx/CVE-2014-1925.json +++ b/2014/1xxx/CVE-2014-1925.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1925", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://koha-community.org/security-release-february-2014/", + "url": "http://koha-community.org/security-release-february-2014/" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/07/10", + "url": "http://www.openwall.com/lists/oss-security/2014/02/07/10" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/10/3", + "url": "http://www.openwall.com/lists/oss-security/2014/02/10/3" + }, + { + "refsource": "MISC", + "name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666", + "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666" } ] } diff --git a/2015/4xxx/CVE-2015-4041.json b/2015/4xxx/CVE-2015-4041.json index a49c9f96bfa..781f2e829ce 100644 --- a/2015/4xxx/CVE-2015-4041.json +++ b/2015/4xxx/CVE-2015-4041.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-4041", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/05/15/1", + "url": "http://openwall.com/lists/oss-security/2015/05/15/1" + }, + { + "refsource": "MISC", + "name": "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940", + "url": "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=928749", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=928749" } ] } diff --git a/2015/4xxx/CVE-2015-4042.json b/2015/4xxx/CVE-2015-4042.json index a4b9971ca53..5485c066ab1 100644 --- a/2015/4xxx/CVE-2015-4042.json +++ b/2015/4xxx/CVE-2015-4042.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-4042", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/05/15/1", + "url": "http://openwall.com/lists/oss-security/2015/05/15/1" + }, + { + "refsource": "MISC", + "name": "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940", + "url": "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" } ] } diff --git a/2020/6xxx/CVE-2020-6961.json b/2020/6xxx/CVE-2020-6961.json index 09442999c0a..d695e1fa001 100644 --- a/2020/6xxx/CVE-2020-6961.json +++ b/2020/6xxx/CVE-2020-6961.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6961", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center,CARESCAPE B450,B650,B850 Monitors", + "version": { + "version_data": [ + { + "version_value": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server,v4.2 & prior,Clinical Information Center,v4.X & 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01", + "url": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files." } ] } diff --git a/2020/6xxx/CVE-2020-6962.json b/2020/6xxx/CVE-2020-6962.json index c1f032a8ed1..723e4777d6b 100644 --- a/2020/6xxx/CVE-2020-6962.json +++ b/2020/6xxx/CVE-2020-6962.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6962", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center,CARESCAPE B450,B650,B850 Monitors", + "version": { + "version_data": [ + { + "version_value": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server,v4.2 & prior,Clinical Information Center,v4.X & 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER INPUT VALIDATION CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01", + "url": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution." } ] } diff --git a/2020/6xxx/CVE-2020-6963.json b/2020/6xxx/CVE-2020-6963.json index 907a05b87c2..2747430bf7b 100644 --- a/2020/6xxx/CVE-2020-6963.json +++ b/2020/6xxx/CVE-2020-6963.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6963", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors", + "version": { + "version_data": [ + { + "version_value": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server, v4.2 & prior,Clinical Information Center,v4.X& 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "USE OF HARD-CODED CREDENTIALS CWE-798" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01", + "url": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code." } ] } diff --git a/2020/6xxx/CVE-2020-6964.json b/2020/6xxx/CVE-2020-6964.json index c8990f06e3f..e3bf8c83318 100644 --- a/2020/6xxx/CVE-2020-6964.json +++ b/2020/6xxx/CVE-2020-6964.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6964", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors", + "version": { + "version_data": [ + { + "version_value": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server, v4.2 & prior,Clinical Information Center,v4.X& 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01", + "url": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network." } ] } From fc33ac7e67d8b26a207979ea9d5f86e990331b2c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 24 Jan 2020 18:01:10 +0000 Subject: [PATCH 270/387] "-Synchronized-Data." --- 2013/1xxx/CVE-2013-1595.json | 68 +++++++++++++++++++++++++++++++++- 2013/1xxx/CVE-2013-1596.json | 68 +++++++++++++++++++++++++++++++++- 2014/9xxx/CVE-2014-9720.json | 68 +++++++++++++++++++++++++++++++++- 2015/1xxx/CVE-2015-1525.json | 48 +++++++++++++++++++++++- 2015/1xxx/CVE-2015-1530.json | 48 +++++++++++++++++++++++- 2015/2xxx/CVE-2015-2688.json | 58 +++++++++++++++++++++++++++-- 2015/2xxx/CVE-2015-2689.json | 58 +++++++++++++++++++++++++++-- 2015/2xxx/CVE-2015-2928.json | 61 ++++++++++++++++++++++++++++-- 2015/2xxx/CVE-2015-2929.json | 61 ++++++++++++++++++++++++++++-- 2019/19xxx/CVE-2019-19363.json | 56 +++++++++++++++++++++++++--- 2020/6xxx/CVE-2020-6965.json | 50 +++++++++++++++++++++++-- 2020/6xxx/CVE-2020-6966.json | 50 +++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7957.json | 18 +++++++++ 13 files changed, 678 insertions(+), 34 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7957.json diff --git a/2013/1xxx/CVE-2013-1595.json b/2013/1xxx/CVE-2013-1595.json index 93ee79e4feb..f2e009803e8 100644 --- a/2013/1xxx/CVE-2013-1595.json +++ b/2013/1xxx/CVE-2013-1595.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1595", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/59573", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59573" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83944", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83944" + }, + { + "refsource": "MISC", + "name": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities", + "url": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt", + "url": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2013-1595", + "url": "https://packetstormsecurity.com/files/cve/CVE-2013-1595" } ] } diff --git a/2013/1xxx/CVE-2013-1596.json b/2013/1xxx/CVE-2013-1596.json index 4732ce5c5c1..cfe268e5165 100644 --- a/2013/1xxx/CVE-2013-1596.json +++ b/2013/1xxx/CVE-2013-1596.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1596", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/59574", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59574" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83945", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83945" + }, + { + "refsource": "MISC", + "name": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities", + "url": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt", + "url": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2013-1596", + "url": "https://packetstormsecurity.com/files/cve/CVE-2013-1596" } ] } diff --git a/2014/9xxx/CVE-2014-9720.json b/2014/9xxx/CVE-2014-9720.json index 817a319ccd8..e8f00b12983 100644 --- a/2014/9xxx/CVE-2014-9720.json +++ b/2014/9xxx/CVE-2014-9720.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9720", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html", + "url": "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308", + "url": "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.novell.com/show_bug.cgi?id=930362", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=930362" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1222816", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222816" + }, + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/05/19/4", + "url": "http://openwall.com/lists/oss-security/2015/05/19/4" } ] } diff --git a/2015/1xxx/CVE-2015-1525.json b/2015/1xxx/CVE-2015-1525.json index e3ef329d33f..b8b9f5741af 100644 --- a/2015/1xxx/CVE-2015-1525.json +++ b/2015/1xxx/CVE-2015-1525.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-1525", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://android.googlesource.com/platform/hardware/libhardware_legacy/+/2d2ea50%5E!/", + "url": "https://android.googlesource.com/platform/hardware/libhardware_legacy/+/2d2ea50%5E!/" } ] } diff --git a/2015/1xxx/CVE-2015-1530.json b/2015/1xxx/CVE-2015-1530.json index 4409290e48e..b5ac8acd5ce 100644 --- a/2015/1xxx/CVE-2015-1530.json +++ b/2015/1xxx/CVE-2015-1530.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-1530", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://android.googlesource.com/platform/frameworks/av/+/74adca9%5E!/", + "url": "https://android.googlesource.com/platform/frameworks/av/+/74adca9%5E!/" } ] } diff --git a/2015/2xxx/CVE-2015-2688.json b/2015/2xxx/CVE-2015-2688.json index d72b82fff45..8c213f9bb72 100644 --- a/2015/2xxx/CVE-2015-2688.json +++ b/2015/2xxx/CVE-2015-2688.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2015-2688", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,59 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Tor Project", + "product": { + "product_data": [ + { + "product_name": "Tor", + "version": { + "version_data": [ + { + "version_value": "before 0.2.4.26" + }, + { + "version_value": "0.2.5.x before 0.2.5.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html", + "url": "https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html" + }, + { + "refsource": "MISC", + "name": "https://trac.torproject.org/projects/tor/ticket/15083", + "url": "https://trac.torproject.org/projects/tor/ticket/15083" } ] } diff --git a/2015/2xxx/CVE-2015-2689.json b/2015/2xxx/CVE-2015-2689.json index e82711b7303..188ccdaf706 100644 --- a/2015/2xxx/CVE-2015-2689.json +++ b/2015/2xxx/CVE-2015-2689.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2015-2689", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,59 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Tor Project", + "product": { + "product_data": [ + { + "product_name": "Tor", + "version": { + "version_data": [ + { + "version_value": "before 0.2.4.26" + }, + { + "version_value": "0.2.5.x before 0.2.5.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html", + "url": "https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html" + }, + { + "refsource": "MISC", + "name": "https://trac.torproject.org/projects/tor/ticket/14129", + "url": "https://trac.torproject.org/projects/tor/ticket/14129" } ] } diff --git a/2015/2xxx/CVE-2015-2928.json b/2015/2xxx/CVE-2015-2928.json index 092f2564b4c..6b42c608d8e 100644 --- a/2015/2xxx/CVE-2015-2928.json +++ b/2015/2xxx/CVE-2015-2928.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2015-2928", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,62 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Tor Project", + "product": { + "product_data": [ + { + "product_name": "Tor", + "version": { + "version_data": [ + { + "version_value": "before 0.2.4.27" + }, + { + "version_value": "0.2.5.x before 0.2.5.12" + }, + { + "version_value": "0.2.6.x before 0.2.6.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://trac.torproject.org/projects/tor/ticket/15600", + "url": "https://trac.torproject.org/projects/tor/ticket/15600" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20150406 CVE Request: tor: new upstream releases (0.2.6.7, 0.2.5.12 and 0.2.4.27) fixing security issues", + "url": "http://openwall.com/lists/oss-security/2015/04/06/5" } ] } diff --git a/2015/2xxx/CVE-2015-2929.json b/2015/2xxx/CVE-2015-2929.json index cd675f8ec81..ae8a517a359 100644 --- a/2015/2xxx/CVE-2015-2929.json +++ b/2015/2xxx/CVE-2015-2929.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2015-2929", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,62 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service - Malformed Input" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Tor Project", + "product": { + "product_data": [ + { + "product_name": "Tor", + "version": { + "version_data": [ + { + "version_value": "before 0.2.4.27" + }, + { + "version_value": "0.2.5.x before 0.2.5.12" + }, + { + "version_value": "0.2.6.x before 0.2.6.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/04/06/5", + "url": "http://openwall.com/lists/oss-security/2015/04/06/5" + }, + { + "refsource": "MISC", + "name": "https://trac.torproject.org/projects/tor/ticket/15601", + "url": "https://trac.torproject.org/projects/tor/ticket/15601" } ] } diff --git a/2019/19xxx/CVE-2019-19363.json b/2019/19xxx/CVE-2019-19363.json index baca5a23acf..6f763557cf6 100644 --- a/2019/19xxx/CVE-2019-19363.json +++ b/2019/19xxx/CVE-2019-19363.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19363", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19363", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ricoh.com/info/2020/0122_1/", + "url": "https://www.ricoh.com/info/2020/0122_1/" } ] } diff --git a/2020/6xxx/CVE-2020-6965.json b/2020/6xxx/CVE-2020-6965.json index 0a53db0dd38..6120058acdf 100644 --- a/2020/6xxx/CVE-2020-6965.json +++ b/2020/6xxx/CVE-2020-6965.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6965", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors", + "version": { + "version_data": [ + { + "version_value": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server, v4.2 & prior,Clinical Information Center,v4.X& 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01", + "url": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability in the software update mechanism allows an authenticated attacker to upload arbitrary files on the system through a crafted update package." } ] } diff --git a/2020/6xxx/CVE-2020-6966.json b/2020/6xxx/CVE-2020-6966.json index a26fa98a6a6..5b08c3f0213 100644 --- a/2020/6xxx/CVE-2020-6966.json +++ b/2020/6xxx/CVE-2020-6966.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6966", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors", + "version": { + "version_data": [ + { + "version_value": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server, v4.2 & prior,Clinical Information Center,v4.X& 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INADEQUATE ENCRYPTION STRENGTH CWE-326" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01", + "url": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network." } ] } diff --git a/2020/7xxx/CVE-2020-7957.json b/2020/7xxx/CVE-2020-7957.json new file mode 100644 index 00000000000..1a405df7970 --- /dev/null +++ b/2020/7xxx/CVE-2020-7957.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7957", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From fe8a99024d0fd7ac075979597f78c35bf98526a6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 24 Jan 2020 19:01:13 +0000 Subject: [PATCH 271/387] "-Synchronized-Data." --- 2013/1xxx/CVE-2013-1597.json | 68 ++++++++++++++++++++++- 2013/1xxx/CVE-2013-1598.json | 68 ++++++++++++++++++++++- 2014/4xxx/CVE-2014-4172.json | 98 +++++++++++++++++++++++++++++++++- 2016/5xxx/CVE-2016-5003.json | 5 ++ 2019/15xxx/CVE-2019-15945.json | 5 ++ 2019/15xxx/CVE-2019-15946.json | 5 ++ 2019/16xxx/CVE-2019-16775.json | 5 ++ 2019/16xxx/CVE-2019-16776.json | 5 ++ 2019/16xxx/CVE-2019-16777.json | 5 ++ 2019/17xxx/CVE-2019-17570.json | 5 ++ 2019/17xxx/CVE-2019-17592.json | 5 ++ 2019/19xxx/CVE-2019-19479.json | 5 ++ 2019/19xxx/CVE-2019-19480.json | 5 ++ 2019/19xxx/CVE-2019-19481.json | 5 ++ 2020/6xxx/CVE-2020-6170.json | 5 ++ 2020/7xxx/CVE-2020-7936.json | 5 ++ 2020/7xxx/CVE-2020-7937.json | 5 ++ 2020/7xxx/CVE-2020-7938.json | 5 ++ 2020/7xxx/CVE-2020-7939.json | 5 ++ 2020/7xxx/CVE-2020-7940.json | 5 ++ 2020/7xxx/CVE-2020-7941.json | 5 ++ 2020/7xxx/CVE-2020-7958.json | 18 +++++++ 2020/7xxx/CVE-2020-7959.json | 18 +++++++ 2020/7xxx/CVE-2020-7960.json | 18 +++++++ 2020/7xxx/CVE-2020-7961.json | 18 +++++++ 2020/7xxx/CVE-2020-7962.json | 18 +++++++ 26 files changed, 408 insertions(+), 6 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7958.json create mode 100644 2020/7xxx/CVE-2020-7959.json create mode 100644 2020/7xxx/CVE-2020-7960.json create mode 100644 2020/7xxx/CVE-2020-7961.json create mode 100644 2020/7xxx/CVE-2020-7962.json diff --git a/2013/1xxx/CVE-2013-1597.json b/2013/1xxx/CVE-2013-1597.json index ea006d33e1a..695f1041e04 100644 --- a/2013/1xxx/CVE-2013-1597.json +++ b/2013/1xxx/CVE-2013-1597.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1597", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/59576", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59576" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83947", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83947" + }, + { + "refsource": "MISC", + "name": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities", + "url": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt", + "url": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2013-1597", + "url": "https://packetstormsecurity.com/files/cve/CVE-2013-1597" } ] } diff --git a/2013/1xxx/CVE-2013-1598.json b/2013/1xxx/CVE-2013-1598.json index 817629c85e1..7ccc06e2105 100644 --- a/2013/1xxx/CVE-2013-1598.json +++ b/2013/1xxx/CVE-2013-1598.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1598", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/59575", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59575" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83946", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83946" + }, + { + "refsource": "MISC", + "name": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities", + "url": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt", + "url": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2013-1598", + "url": "https://packetstormsecurity.com/files/cve/CVE-2013-1598" } ] } diff --git a/2014/4xxx/CVE-2014-4172.json b/2014/4xxx/CVE-2014-4172.json index 98db088a9a9..dbc020fa88e 100644 --- a/2014/4xxx/CVE-2014-4172.json +++ b/2014/4xxx/CVE-2014-4172.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4172", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,101 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350" + }, + { + "refsource": "MISC", + "name": "https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html", + "url": "https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718" + }, + { + "refsource": "MISC", + "name": "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d", + "url": "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d" + }, + { + "refsource": "MISC", + "name": "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814", + "url": "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814" + }, + { + "refsource": "MISC", + "name": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog", + "url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog" + }, + { + "refsource": "MISC", + "name": "https://github.com/Jasig/phpCAS/pull/125", + "url": "https://github.com/Jasig/phpCAS/pull/125" + }, + { + "refsource": "MISC", + "name": "https://issues.jasig.org/browse/CASC-228", + "url": "https://issues.jasig.org/browse/CASC-228" + }, + { + "refsource": "MISC", + "name": "https://www.debian.org/security/2014/dsa-3017.en.html", + "url": "https://www.debian.org/security/2014/dsa-3017.en.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673" } ] } diff --git a/2016/5xxx/CVE-2016-5003.json b/2016/5xxx/CVE-2016-5003.json index 83e1d187125..1b7483686c1 100644 --- a/2016/5xxx/CVE-2016-5003.json +++ b/2016/5xxx/CVE-2016-5003.json @@ -111,6 +111,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200116 [CVE-2019-17570] xmlrpc-common untrusted deserialization", "url": "http://www.openwall.com/lists/oss-security/2020/01/16/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200124 RE: [CVE-2019-17570] xmlrpc-common untrusted deserialization", + "url": "http://www.openwall.com/lists/oss-security/2020/01/24/2" } ] } diff --git a/2019/15xxx/CVE-2019-15945.json b/2019/15xxx/CVE-2019-15945.json index d31675a0b37..a024b0d4651 100644 --- a/2019/15xxx/CVE-2019-15945.json +++ b/2019/15xxx/CVE-2019-15945.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191229 OpenSC 0.20.0 released", "url": "http://www.openwall.com/lists/oss-security/2019/12/29/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-3c93790abe", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/" } ] } diff --git a/2019/15xxx/CVE-2019-15946.json b/2019/15xxx/CVE-2019-15946.json index 2dafe296357..b9c236521cd 100644 --- a/2019/15xxx/CVE-2019-15946.json +++ b/2019/15xxx/CVE-2019-15946.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191229 OpenSC 0.20.0 released", "url": "http://www.openwall.com/lists/oss-security/2019/12/29/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-3c93790abe", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/" } ] } diff --git a/2019/16xxx/CVE-2019-16775.json b/2019/16xxx/CVE-2019-16775.json index e05261b6bd5..ccfd3f29b48 100644 --- a/2019/16xxx/CVE-2019-16775.json +++ b/2019/16xxx/CVE-2019-16775.json @@ -90,6 +90,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0059", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-595ce5e3cc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/" } ] }, diff --git a/2019/16xxx/CVE-2019-16776.json b/2019/16xxx/CVE-2019-16776.json index 9bcda391a45..044d40d453e 100644 --- a/2019/16xxx/CVE-2019-16776.json +++ b/2019/16xxx/CVE-2019-16776.json @@ -90,6 +90,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0059", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-595ce5e3cc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/" } ] }, diff --git a/2019/16xxx/CVE-2019-16777.json b/2019/16xxx/CVE-2019-16777.json index cfafc9a844b..a5ed6be6bef 100644 --- a/2019/16xxx/CVE-2019-16777.json +++ b/2019/16xxx/CVE-2019-16777.json @@ -90,6 +90,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0059", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-595ce5e3cc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/" } ] }, diff --git a/2019/17xxx/CVE-2019-17570.json b/2019/17xxx/CVE-2019-17570.json index 8fd1e3be9de..26770f02c34 100644 --- a/2019/17xxx/CVE-2019-17570.json +++ b/2019/17xxx/CVE-2019-17570.json @@ -53,6 +53,11 @@ "refsource": "CONFIRM", "name": "https://lists.apache.org/thread.html/846551673bbb7ec8d691008215384bcef03a3fb004d2da845cfe88ee%401390230951%40%3Cdev.ws.apache.org%3E", "url": "https://lists.apache.org/thread.html/846551673bbb7ec8d691008215384bcef03a3fb004d2da845cfe88ee%401390230951%40%3Cdev.ws.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200124 RE: [CVE-2019-17570] xmlrpc-common untrusted deserialization", + "url": "http://www.openwall.com/lists/oss-security/2020/01/24/2" } ] }, diff --git a/2019/17xxx/CVE-2019-17592.json b/2019/17xxx/CVE-2019-17592.json index 45d81ae8287..240aa389296 100644 --- a/2019/17xxx/CVE-2019-17592.json +++ b/2019/17xxx/CVE-2019-17592.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191127-0002/", "url": "https://security.netapp.com/advisory/ntap-20191127-0002/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-595ce5e3cc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/" } ] } diff --git a/2019/19xxx/CVE-2019-19479.json b/2019/19xxx/CVE-2019-19479.json index 3565baf0a99..05f68ce830c 100644 --- a/2019/19xxx/CVE-2019-19479.json +++ b/2019/19xxx/CVE-2019-19479.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191229 OpenSC 0.20.0 released", "url": "http://www.openwall.com/lists/oss-security/2019/12/29/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-3c93790abe", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/" } ] } diff --git a/2019/19xxx/CVE-2019-19480.json b/2019/19xxx/CVE-2019-19480.json index 88e5bad2a8c..972d399b553 100644 --- a/2019/19xxx/CVE-2019-19480.json +++ b/2019/19xxx/CVE-2019-19480.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191229 OpenSC 0.20.0 released", "url": "http://www.openwall.com/lists/oss-security/2019/12/29/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-3c93790abe", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/" } ] } diff --git a/2019/19xxx/CVE-2019-19481.json b/2019/19xxx/CVE-2019-19481.json index 17903ff9d2f..fa7f02f7fcd 100644 --- a/2019/19xxx/CVE-2019-19481.json +++ b/2019/19xxx/CVE-2019-19481.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191229 OpenSC 0.20.0 released", "url": "http://www.openwall.com/lists/oss-security/2019/12/29/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-3c93790abe", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/" } ] } diff --git a/2020/6xxx/CVE-2020-6170.json b/2020/6xxx/CVE-2020-6170.json index ff8cda9328b..c31df1f6bac 100644 --- a/2020/6xxx/CVE-2020-6170.json +++ b/2020/6xxx/CVE-2020-6170.json @@ -56,6 +56,11 @@ "url": "https://medium.com/@husinulzsanub/exploiting-router-authentication-through-web-interface-68660c708206", "refsource": "MISC", "name": "https://medium.com/@husinulzsanub/exploiting-router-authentication-through-web-interface-68660c708206" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156075/Genexis-Platinum-4410-2.1-Authentication-Bypass.html", + "url": "http://packetstormsecurity.com/files/156075/Genexis-Platinum-4410-2.1-Authentication-Bypass.html" } ] } diff --git a/2020/7xxx/CVE-2020-7936.json b/2020/7xxx/CVE-2020-7936.json index d6de2d2974c..4c14ad42199 100644 --- a/2020/7xxx/CVE-2020-7936.json +++ b/2020/7xxx/CVE-2020-7936.json @@ -66,6 +66,11 @@ "url": "https://www.openwall.com/lists/oss-security/2020/01/22/1", "refsource": "MISC", "name": "https://www.openwall.com/lists/oss-security/2020/01/22/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200124 Re: Plone security hotfix 20200121", + "url": "http://www.openwall.com/lists/oss-security/2020/01/24/1" } ] } diff --git a/2020/7xxx/CVE-2020-7937.json b/2020/7xxx/CVE-2020-7937.json index 844977b221f..bd7d5d30104 100644 --- a/2020/7xxx/CVE-2020-7937.json +++ b/2020/7xxx/CVE-2020-7937.json @@ -66,6 +66,11 @@ "url": "https://plone.org/security/hotfix/20200121/xss-in-the-title-field-on-plone-5-0-and-higher", "refsource": "MISC", "name": "https://plone.org/security/hotfix/20200121/xss-in-the-title-field-on-plone-5-0-and-higher" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200124 Re: Plone security hotfix 20200121", + "url": "http://www.openwall.com/lists/oss-security/2020/01/24/1" } ] } diff --git a/2020/7xxx/CVE-2020-7938.json b/2020/7xxx/CVE-2020-7938.json index 4744aba46e3..8f0915d0273 100644 --- a/2020/7xxx/CVE-2020-7938.json +++ b/2020/7xxx/CVE-2020-7938.json @@ -66,6 +66,11 @@ "url": "https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installed", "refsource": "MISC", "name": "https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installed" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200124 Re: Plone security hotfix 20200121", + "url": "http://www.openwall.com/lists/oss-security/2020/01/24/1" } ] } diff --git a/2020/7xxx/CVE-2020-7939.json b/2020/7xxx/CVE-2020-7939.json index 11623350449..40a50121a21 100644 --- a/2020/7xxx/CVE-2020-7939.json +++ b/2020/7xxx/CVE-2020-7939.json @@ -66,6 +66,11 @@ "url": "https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects", "refsource": "MISC", "name": "https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200124 Re: Plone security hotfix 20200121", + "url": "http://www.openwall.com/lists/oss-security/2020/01/24/1" } ] } diff --git a/2020/7xxx/CVE-2020-7940.json b/2020/7xxx/CVE-2020-7940.json index 811d5cebbfb..65e3849e9fc 100644 --- a/2020/7xxx/CVE-2020-7940.json +++ b/2020/7xxx/CVE-2020-7940.json @@ -66,6 +66,11 @@ "url": "https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked", "refsource": "MISC", "name": "https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200124 Re: Plone security hotfix 20200121", + "url": "http://www.openwall.com/lists/oss-security/2020/01/24/1" } ] } diff --git a/2020/7xxx/CVE-2020-7941.json b/2020/7xxx/CVE-2020-7941.json index 00714ed93f0..0f4962a45e2 100644 --- a/2020/7xxx/CVE-2020-7941.json +++ b/2020/7xxx/CVE-2020-7941.json @@ -66,6 +66,11 @@ "url": "https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content", "refsource": "MISC", "name": "https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200124 Re: Plone security hotfix 20200121", + "url": "http://www.openwall.com/lists/oss-security/2020/01/24/1" } ] } diff --git a/2020/7xxx/CVE-2020-7958.json b/2020/7xxx/CVE-2020-7958.json new file mode 100644 index 00000000000..c64760e7203 --- /dev/null +++ b/2020/7xxx/CVE-2020-7958.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7958", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7959.json b/2020/7xxx/CVE-2020-7959.json new file mode 100644 index 00000000000..3886183a40d --- /dev/null +++ b/2020/7xxx/CVE-2020-7959.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7959", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7960.json b/2020/7xxx/CVE-2020-7960.json new file mode 100644 index 00000000000..bbd3022b3a8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7960.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7960", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7961.json b/2020/7xxx/CVE-2020-7961.json new file mode 100644 index 00000000000..3b0fb08dc0d --- /dev/null +++ b/2020/7xxx/CVE-2020-7961.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7961", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7962.json b/2020/7xxx/CVE-2020-7962.json new file mode 100644 index 00000000000..bd8f2c181e4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7962.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7962", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From e6449f1ce9e2d082aec21b208872fac9a2c345fd Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Fri, 24 Jan 2020 13:01:07 -0700 Subject: [PATCH 272/387] add CVE-2020-5224 for GHSA-5fq8-3q2f-4m5g --- 2020/5xxx/CVE-2020-5224.json | 84 +++++++++++++++++++++++++++++++++--- 1 file changed, 77 insertions(+), 7 deletions(-) diff --git a/2020/5xxx/CVE-2020-5224.json b/2020/5xxx/CVE-2020-5224.json index feda1fa73fc..42a712c3fd1 100644 --- a/2020/5xxx/CVE-2020-5224.json +++ b/2020/5xxx/CVE-2020-5224.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5224", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Session key exposure through session list in Django User Sessions" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "django-user-sessions", + "version": { + "version_data": [ + { + "version_value": "< 1.7.1" + } + ] + } + } + ] + }, + "vendor_name": "Jazzband" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the session key could be extracted by the attacker and a session takeover could happen." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Bouke/django-user-sessions/security/advisories/GHSA-5fq8-3q2f-4m5g", + "refsource": "CONFIRM", + "url": "https://github.com/Bouke/django-user-sessions/security/advisories/GHSA-5fq8-3q2f-4m5g" + }, + { + "name": "https://github.com/jazzband/django-user-sessions/commit/f0c4077e7d1436ba6d721af85cee89222ca5d2d9", + "refsource": "MISC", + "url": "https://github.com/jazzband/django-user-sessions/commit/f0c4077e7d1436ba6d721af85cee89222ca5d2d9" + } + ] + }, + "source": { + "advisory": "GHSA-5fq8-3q2f-4m5g", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} From d8ddf3d58706763403ea809453f3f7e6f357d4f6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 24 Jan 2020 20:01:09 +0000 Subject: [PATCH 273/387] "-Synchronized-Data." --- 2019/19xxx/CVE-2019-19363.json | 5 +++ 2020/6xxx/CVE-2020-6843.json | 22 ++++++++--- 2020/6xxx/CVE-2020-6857.json | 5 +++ 2020/7xxx/CVE-2020-7052.json | 61 ++++++++++++++++++++++++++++--- 2020/7xxx/CVE-2020-7963.json | 18 +++++++++ 2020/7xxx/CVE-2020-7964.json | 67 ++++++++++++++++++++++++++++++++++ 6 files changed, 166 insertions(+), 12 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7963.json create mode 100644 2020/7xxx/CVE-2020-7964.json diff --git a/2019/19xxx/CVE-2019-19363.json b/2019/19xxx/CVE-2019-19363.json index 6f763557cf6..7ed3c6962f9 100644 --- a/2019/19xxx/CVE-2019-19363.json +++ b/2019/19xxx/CVE-2019-19363.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://www.ricoh.com/info/2020/0122_1/", "url": "https://www.ricoh.com/info/2020/0122_1/" + }, + { + "refsource": "FULLDISC", + "name": "20200124 CVE-2019-19363 - Local Privilege Escalation in many Ricoh Printer Drivers for Windows", + "url": "http://seclists.org/fulldisclosure/2020/Jan/34" } ] } diff --git a/2020/6xxx/CVE-2020-6843.json b/2020/6xxx/CVE-2020-6843.json index 3c632e35829..479b9d45d3a 100644 --- a/2020/6xxx/CVE-2020-6843.json +++ b/2020/6xxx/CVE-2020-6843.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS." + "value": "Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959." } ] }, @@ -52,20 +52,30 @@ }, "references": { "reference_data": [ - { - "url": "https://www.manageengine.com", - "refsource": "MISC", - "name": "https://www.manageengine.com" - }, { "url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html", "refsource": "MISC", "name": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html" }, + { + "refsource": "FULLDISC", + "name": "20200122 SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus", + "url": "http://seclists.org/fulldisclosure/2020/Jan/32" + }, + { + "refsource": "BUGTRAQ", + "name": "20200122 SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus", + "url": "https://seclists.org/bugtraq/2020/Jan/34" + }, { "refsource": "MISC", "name": "http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html", "url": "http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959", + "url": "https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959" } ] } diff --git a/2020/6xxx/CVE-2020-6857.json b/2020/6xxx/CVE-2020-6857.json index 64eb1264f28..bf635908837 100644 --- a/2020/6xxx/CVE-2020-6857.json +++ b/2020/6xxx/CVE-2020-6857.json @@ -71,6 +71,11 @@ "refsource": "FULLDISC", "name": "20200121 Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption / CVE-2020-6857", "url": "http://seclists.org/fulldisclosure/2020/Jan/29" + }, + { + "refsource": "FULLDISC", + "name": "20200124 [UPDATED - POC] Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption / CVE-2020-6857", + "url": "http://seclists.org/fulldisclosure/2020/Jan/35" } ] } diff --git a/2020/7xxx/CVE-2020-7052.json b/2020/7xxx/CVE-2020-7052.json index ae42ffb03d5..67e45171233 100644 --- a/2020/7xxx/CVE-2020-7052.json +++ b/2020/7xxx/CVE-2020-7052.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7052", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7052", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-04", + "url": "https://www.tenable.com/security/research/tra-2020-04" + }, + { + "refsource": "CONFIRM", + "name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=", + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=" } ] } diff --git a/2020/7xxx/CVE-2020-7963.json b/2020/7xxx/CVE-2020-7963.json new file mode 100644 index 00000000000..a5b2c0181c4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7963.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7963", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7964.json b/2020/7xxx/CVE-2020-7964.json new file mode 100644 index 00000000000..f2e57032384 --- /dev/null +++ b/2020/7xxx/CVE-2020-7964.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data (e.g., name, address, and previous orders of any other customer)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mirumee/saleor/commit/233b8890c60fa6d90daf99e4d90fea85867732c3", + "refsource": "MISC", + "name": "https://github.com/mirumee/saleor/commit/233b8890c60fa6d90daf99e4d90fea85867732c3" + }, + { + "url": "https://github.com/mirumee/saleor/releases/tag/2.9.1", + "refsource": "MISC", + "name": "https://github.com/mirumee/saleor/releases/tag/2.9.1" + } + ] + } +} \ No newline at end of file From d34c2ed35e608125fda0c7f05b6554a082079fbe Mon Sep 17 00:00:00 2001 From: MSRC Date: Fri, 24 Jan 2020 12:45:36 -0800 Subject: [PATCH 274/387] Updates to previous CVE's --- 2018/8xxx/CVE-2018-8654.json | 74 ++++++++--- 2019/1xxx/CVE-2019-1349.json | 104 +++++++++++++--- 2019/1xxx/CVE-2019-1350.json | 104 +++++++++++++--- 2019/1xxx/CVE-2019-1351.json | 104 +++++++++++++--- 2019/1xxx/CVE-2019-1352.json | 104 +++++++++++++--- 2019/1xxx/CVE-2019-1354.json | 104 +++++++++++++--- 2019/1xxx/CVE-2019-1414.json | 74 ++++++++--- 2019/1xxx/CVE-2019-1454.json | 229 ++++++++++++++++++++++++++++++++--- 2019/1xxx/CVE-2019-1460.json | 74 ++++++++--- 9 files changed, 827 insertions(+), 144 deletions(-) diff --git a/2018/8xxx/CVE-2018-8654.json b/2018/8xxx/CVE-2018-8654.json index 6679fd05055..136c05a66b4 100644 --- a/2018/8xxx/CVE-2018-8654.json +++ b/2018/8xxx/CVE-2018-8654.json @@ -1,18 +1,60 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-8654", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Dynamics 365 (on-premises) version 8", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka \u0027Microsoft Dynamics 365 Elevation of Privilege Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8654" + } + ] + } +} diff --git a/2019/1xxx/CVE-2019-1349.json b/2019/1xxx/CVE-2019-1349.json index 20fa586d935..2197a0a766d 100644 --- a/2019/1xxx/CVE-2019-1349.json +++ b/2019/1xxx/CVE-2019-1349.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1349", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017", + "version": { + "version_data": [ + { + "version_value": "15.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka \u0027Git for Visual Studio Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1349" + } + ] + } +} diff --git a/2019/1xxx/CVE-2019-1350.json b/2019/1xxx/CVE-2019-1350.json index c4cf44bf670..87f74682115 100644 --- a/2019/1xxx/CVE-2019-1350.json +++ b/2019/1xxx/CVE-2019-1350.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1350", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017", + "version": { + "version_data": [ + { + "version_value": "15.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka \u0027Git for Visual Studio Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1350" + } + ] + } +} diff --git a/2019/1xxx/CVE-2019-1351.json b/2019/1xxx/CVE-2019-1351.json index 504f5f0b50d..f4a3b4ceb5f 100644 --- a/2019/1xxx/CVE-2019-1351.json +++ b/2019/1xxx/CVE-2019-1351.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1351", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017", + "version": { + "version_data": [ + { + "version_value": "15.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka \u0027Git for Visual Studio Tampering Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Tampering" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351" + } + ] + } +} diff --git a/2019/1xxx/CVE-2019-1352.json b/2019/1xxx/CVE-2019-1352.json index 75cf95174f7..361d8e7830f 100644 --- a/2019/1xxx/CVE-2019-1352.json +++ b/2019/1xxx/CVE-2019-1352.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1352", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017", + "version": { + "version_data": [ + { + "version_value": "15.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka \u0027Git for Visual Studio Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1352" + } + ] + } +} diff --git a/2019/1xxx/CVE-2019-1354.json b/2019/1xxx/CVE-2019-1354.json index b3436d40db0..38954a7f265 100644 --- a/2019/1xxx/CVE-2019-1354.json +++ b/2019/1xxx/CVE-2019-1354.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1354", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017", + "version": { + "version_data": [ + { + "version_value": "15.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka \u0027Git for Visual Studio Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1354" + } + ] + } +} diff --git a/2019/1xxx/CVE-2019-1414.json b/2019/1xxx/CVE-2019-1414.json index f248f44aed6..9a1c6865c2b 100644 --- a/2019/1xxx/CVE-2019-1414.json +++ b/2019/1xxx/CVE-2019-1414.json @@ -1,18 +1,60 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1414", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Visual Studio Code", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka \u0027Visual Studio Code Elevation of Privilege Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1414" + } + ] + } +} diff --git a/2019/1xxx/CVE-2019-1454.json b/2019/1xxx/CVE-2019-1454.json index 913bdf0ea36..1068653862d 100644 --- a/2019/1xxx/CVE-2019-1454.json +++ b/2019/1xxx/CVE-2019-1454.json @@ -1,18 +1,215 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1454", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "10 Version 1703 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka \u0027Windows User Profile Service Elevation of Privilege Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1454" + } + ] + } +} diff --git a/2019/1xxx/CVE-2019-1460.json b/2019/1xxx/CVE-2019-1460.json index e1f21a1c91f..6de10e5ab3c 100644 --- a/2019/1xxx/CVE-2019-1460.json +++ b/2019/1xxx/CVE-2019-1460.json @@ -1,18 +1,60 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1460", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Outlook for Android", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka \u0027Outlook for Android Spoofing Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1460" + } + ] + } +} From f3e84b0010be12b5dedec0648781a6d27d349c2f Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Fri, 24 Jan 2020 13:51:41 -0700 Subject: [PATCH 275/387] add CVE-2020-5225 for GHSA-6gc6-m364-85ww --- 2020/5xxx/CVE-2020-5225.json | 84 +++++++++++++++++++++++++++++++++--- 1 file changed, 77 insertions(+), 7 deletions(-) diff --git a/2020/5xxx/CVE-2020-5225.json b/2020/5xxx/CVE-2020-5225.json index 9e2e2234e05..84d1d7aad7f 100644 --- a/2020/5xxx/CVE-2020-5225.json +++ b/2020/5xxx/CVE-2020-5225.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5225", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Log injection in SimpleSAMLphp" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SimpleSAMLphp", + "version": { + "version_data": [ + { + "version_value": "< 1.18.4" + } + ] + } + } + ] + }, + "vendor_name": "simplesamlphp" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Log injection in SimpleSAMLphp before version 1.18.4.\n\nThe www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID.\n\nWhen configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532: Inclusion of Sensitive Information in Log Files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww", + "refsource": "CONFIRM", + "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww" + }, + { + "name": "https://simplesamlphp.org/security/202001-02", + "refsource": "MISC", + "url": "https://simplesamlphp.org/security/202001-02" + } + ] + }, + "source": { + "advisory": "GHSA-6gc6-m364-85ww", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} From 266d044cb816d163dd41171896e566bb4fe7266f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 24 Jan 2020 21:01:15 +0000 Subject: [PATCH 276/387] "-Synchronized-Data." --- 2018/8xxx/CVE-2018-8654.json | 112 ++++----- 2019/19xxx/CVE-2019-19746.json | 5 + 2019/19xxx/CVE-2019-19797.json | 5 + 2019/1xxx/CVE-2019-1349.json | 172 +++++++------- 2019/1xxx/CVE-2019-1350.json | 172 +++++++------- 2019/1xxx/CVE-2019-1351.json | 172 +++++++------- 2019/1xxx/CVE-2019-1352.json | 172 +++++++------- 2019/1xxx/CVE-2019-1354.json | 172 +++++++------- 2019/1xxx/CVE-2019-1414.json | 112 ++++----- 2019/1xxx/CVE-2019-1454.json | 420 +++++++++++++++++---------------- 2019/1xxx/CVE-2019-1460.json | 112 ++++----- 2019/20xxx/CVE-2019-20224.json | 7 +- 2019/20xxx/CVE-2019-20420.json | 18 ++ 2019/2xxx/CVE-2019-2126.json | 5 + 2019/3xxx/CVE-2019-3992.json | 5 + 2019/3xxx/CVE-2019-3993.json | 5 + 2019/3xxx/CVE-2019-3994.json | 5 + 2019/3xxx/CVE-2019-3995.json | 5 + 2019/3xxx/CVE-2019-3996.json | 5 + 2019/9xxx/CVE-2019-9232.json | 5 + 2019/9xxx/CVE-2019-9325.json | 5 + 2019/9xxx/CVE-2019-9371.json | 5 + 2019/9xxx/CVE-2019-9433.json | 5 + 2020/5xxx/CVE-2020-5225.json | 4 +- 2020/7xxx/CVE-2020-7965.json | 18 ++ 25 files changed, 921 insertions(+), 802 deletions(-) create mode 100644 2019/20xxx/CVE-2019-20420.json create mode 100644 2020/7xxx/CVE-2020-7965.json diff --git a/2018/8xxx/CVE-2018-8654.json b/2018/8xxx/CVE-2018-8654.json index 136c05a66b4..9353b23e7ef 100644 --- a/2018/8xxx/CVE-2018-8654.json +++ b/2018/8xxx/CVE-2018-8654.json @@ -1,60 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2018-8654", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Dynamics 365 (on-premises) version 8", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Dynamics 365 (on-premises) version 8", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka \u0027Microsoft Dynamics 365 Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8654" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8654", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8654" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19746.json b/2019/19xxx/CVE-2019-19746.json index ebe22f123bb..91b7f73c9b8 100644 --- a/2019/19xxx/CVE-2019-19746.json +++ b/2019/19xxx/CVE-2019-19746.json @@ -56,6 +56,11 @@ "url": "https://sourceforge.net/p/mcj/tickets/57/", "refsource": "MISC", "name": "https://sourceforge.net/p/mcj/tickets/57/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-6a2824178e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ILJM2G6NM5MMBKTT5CH23TAI6DJGNW36/" } ] } diff --git a/2019/19xxx/CVE-2019-19797.json b/2019/19xxx/CVE-2019-19797.json index 09e041794d8..17db1b52305 100644 --- a/2019/19xxx/CVE-2019-19797.json +++ b/2019/19xxx/CVE-2019-19797.json @@ -56,6 +56,11 @@ "url": "https://sourceforge.net/p/mcj/tickets/67/", "refsource": "MISC", "name": "https://sourceforge.net/p/mcj/tickets/67/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-6a2824178e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ILJM2G6NM5MMBKTT5CH23TAI6DJGNW36/" } ] } diff --git a/2019/1xxx/CVE-2019-1349.json b/2019/1xxx/CVE-2019-1349.json index 2197a0a766d..b81a98e9e67 100644 --- a/2019/1xxx/CVE-2019-1349.json +++ b/2019/1xxx/CVE-2019-1349.json @@ -1,90 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2019-1349", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017", + "version": { + "version_data": [ + { + "version_value": "15.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Visual Studio 2017", - "version": { - "version_data": [ - { - "version_value": "15.0" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio 2019", - "version": { - "version_data": [ - { - "version_value": "16.0" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka \u0027Git for Visual Studio Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1349" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1349", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1349" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1350.json b/2019/1xxx/CVE-2019-1350.json index 87f74682115..1daeaf12972 100644 --- a/2019/1xxx/CVE-2019-1350.json +++ b/2019/1xxx/CVE-2019-1350.json @@ -1,90 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2019-1350", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017", + "version": { + "version_data": [ + { + "version_value": "15.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio 2017", - "version": { - "version_data": [ - { - "version_value": "15.0" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio 2019", - "version": { - "version_data": [ - { - "version_value": "16.0" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka \u0027Git for Visual Studio Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1350" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1350", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1350" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1351.json b/2019/1xxx/CVE-2019-1351.json index f4a3b4ceb5f..5bf978ca892 100644 --- a/2019/1xxx/CVE-2019-1351.json +++ b/2019/1xxx/CVE-2019-1351.json @@ -1,90 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2019-1351", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017", + "version": { + "version_data": [ + { + "version_value": "15.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Visual Studio 2017", - "version": { - "version_data": [ - { - "version_value": "15.0" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio 2019", - "version": { - "version_data": [ - { - "version_value": "16.0" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka \u0027Git for Visual Studio Tampering Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Tampering" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Tampering" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1352.json b/2019/1xxx/CVE-2019-1352.json index 361d8e7830f..5c403546d91 100644 --- a/2019/1xxx/CVE-2019-1352.json +++ b/2019/1xxx/CVE-2019-1352.json @@ -1,90 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2019-1352", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017", + "version": { + "version_data": [ + { + "version_value": "15.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio 2017", - "version": { - "version_data": [ - { - "version_value": "15.0" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio 2019", - "version": { - "version_data": [ - { - "version_value": "16.0" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka \u0027Git for Visual Studio Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1352" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1352", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1352" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1354.json b/2019/1xxx/CVE-2019-1354.json index 38954a7f265..7629287c2b9 100644 --- a/2019/1xxx/CVE-2019-1354.json +++ b/2019/1xxx/CVE-2019-1354.json @@ -1,90 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2019-1354", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017", + "version": { + "version_data": [ + { + "version_value": "15.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio 2017", - "version": { - "version_data": [ - { - "version_value": "15.0" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio 2019", - "version": { - "version_data": [ - { - "version_value": "16.0" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka \u0027Git for Visual Studio Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1354" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1354", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1354" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1414.json b/2019/1xxx/CVE-2019-1414.json index 9a1c6865c2b..e8c8cf62bd4 100644 --- a/2019/1xxx/CVE-2019-1414.json +++ b/2019/1xxx/CVE-2019-1414.json @@ -1,60 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2019-1414", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Visual Studio Code", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Visual Studio Code", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka \u0027Visual Studio Code Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1414" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1414", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1414" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1454.json b/2019/1xxx/CVE-2019-1454.json index 1068653862d..19eac8e5498 100644 --- a/2019/1xxx/CVE-2019-1454.json +++ b/2019/1xxx/CVE-2019-1454.json @@ -1,215 +1,217 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2019-1454", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1703 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "10 Version 1703 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1703 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for 32-bit Systems" - }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka \u0027Windows User Profile Service Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1454" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1454", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1454" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1460.json b/2019/1xxx/CVE-2019-1460.json index 6de10e5ab3c..14315459a96 100644 --- a/2019/1xxx/CVE-2019-1460.json +++ b/2019/1xxx/CVE-2019-1460.json @@ -1,60 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2019-1460", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Outlook for Android", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Outlook for Android", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka \u0027Outlook for Android Spoofing Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Spoofing" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1460" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1460", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1460" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20224.json b/2019/20xxx/CVE-2019-20224.json index 259e017e54a..634c5555c8e 100644 --- a/2019/20xxx/CVE-2019-20224.json +++ b/2019/20xxx/CVE-2019-20224.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request." + "value": "netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request. This issue has been fixed in Pandora FMS 7.0 NG 742." } ] }, @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155897/Pandora-7.0NG-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/155897/Pandora-7.0NG-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "https://pandorafms.com/downloads/solved-pandorafms-742.mp4", + "url": "https://pandorafms.com/downloads/solved-pandorafms-742.mp4" } ] } diff --git a/2019/20xxx/CVE-2019-20420.json b/2019/20xxx/CVE-2019-20420.json new file mode 100644 index 00000000000..7019610c816 --- /dev/null +++ b/2019/20xxx/CVE-2019-20420.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20420", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2126.json b/2019/2xxx/CVE-2019-2126.json index f7960e259a0..4297cd2cddf 100644 --- a/2019/2xxx/CVE-2019-2126.json +++ b/2019/2xxx/CVE-2019-2126.json @@ -58,6 +58,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-65eac1b48b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-6cd410d9e4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/" } ] }, diff --git a/2019/3xxx/CVE-2019-3992.json b/2019/3xxx/CVE-2019-3992.json index a3cec0e9b77..705b578bba6 100644 --- a/2019/3xxx/CVE-2019-3992.json +++ b/2019/3xxx/CVE-2019-3992.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.tenable.com/security/research/tra-2019-53", "url": "https://www.tenable.com/security/research/tra-2019-53" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-9f8bc040c8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL/" } ] }, diff --git a/2019/3xxx/CVE-2019-3993.json b/2019/3xxx/CVE-2019-3993.json index cc44a68388e..adfbc8fbec9 100644 --- a/2019/3xxx/CVE-2019-3993.json +++ b/2019/3xxx/CVE-2019-3993.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.tenable.com/security/research/tra-2019-53", "url": "https://www.tenable.com/security/research/tra-2019-53" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-9f8bc040c8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL/" } ] }, diff --git a/2019/3xxx/CVE-2019-3994.json b/2019/3xxx/CVE-2019-3994.json index 671e20fcdd1..4978cb3adde 100644 --- a/2019/3xxx/CVE-2019-3994.json +++ b/2019/3xxx/CVE-2019-3994.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.tenable.com/security/research/tra-2019-53", "url": "https://www.tenable.com/security/research/tra-2019-53" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-9f8bc040c8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL/" } ] }, diff --git a/2019/3xxx/CVE-2019-3995.json b/2019/3xxx/CVE-2019-3995.json index a630baca952..1f515e355ec 100644 --- a/2019/3xxx/CVE-2019-3995.json +++ b/2019/3xxx/CVE-2019-3995.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.tenable.com/security/research/tra-2019-53", "url": "https://www.tenable.com/security/research/tra-2019-53" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-9f8bc040c8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL/" } ] }, diff --git a/2019/3xxx/CVE-2019-3996.json b/2019/3xxx/CVE-2019-3996.json index 9dfc26a77fc..a35085451d6 100644 --- a/2019/3xxx/CVE-2019-3996.json +++ b/2019/3xxx/CVE-2019-3996.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.tenable.com/security/research/tra-2019-53", "url": "https://www.tenable.com/security/research/tra-2019-53" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-9f8bc040c8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL/" } ] }, diff --git a/2019/9xxx/CVE-2019-9232.json b/2019/9xxx/CVE-2019-9232.json index 45e96d50edd..4e47f85a4ad 100644 --- a/2019/9xxx/CVE-2019-9232.json +++ b/2019/9xxx/CVE-2019-9232.json @@ -88,6 +88,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-65eac1b48b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-6cd410d9e4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/" } ] }, diff --git a/2019/9xxx/CVE-2019-9325.json b/2019/9xxx/CVE-2019-9325.json index a3c84fe0a90..567edbaab93 100644 --- a/2019/9xxx/CVE-2019-9325.json +++ b/2019/9xxx/CVE-2019-9325.json @@ -83,6 +83,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-65eac1b48b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-6cd410d9e4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/" } ] }, diff --git a/2019/9xxx/CVE-2019-9371.json b/2019/9xxx/CVE-2019-9371.json index f3e151b3f01..9b39366c0ff 100644 --- a/2019/9xxx/CVE-2019-9371.json +++ b/2019/9xxx/CVE-2019-9371.json @@ -83,6 +83,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-65eac1b48b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-6cd410d9e4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/" } ] }, diff --git a/2019/9xxx/CVE-2019-9433.json b/2019/9xxx/CVE-2019-9433.json index c83d1f87f24..3c6f37b5e18 100644 --- a/2019/9xxx/CVE-2019-9433.json +++ b/2019/9xxx/CVE-2019-9433.json @@ -88,6 +88,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-65eac1b48b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-6cd410d9e4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/" } ] }, diff --git a/2020/5xxx/CVE-2020-5225.json b/2020/5xxx/CVE-2020-5225.json index 84d1d7aad7f..e24b4333a3e 100644 --- a/2020/5xxx/CVE-2020-5225.json +++ b/2020/5xxx/CVE-2020-5225.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Log injection in SimpleSAMLphp before version 1.18.4.\n\nThe www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID.\n\nWhen configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content." + "value": "Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content." } ] }, @@ -85,4 +85,4 @@ "advisory": "GHSA-6gc6-m364-85ww", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7965.json b/2020/7xxx/CVE-2020-7965.json new file mode 100644 index 00000000000..e17418826a5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7965.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7965", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 769a84eceecd23aa7016aa3064b764dab2bbb853 Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Fri, 24 Jan 2020 14:11:23 -0700 Subject: [PATCH 277/387] add CVE-2020-5226 for GHSA-mj9p-v2r8-wf8w --- 2020/5xxx/CVE-2020-5226.json | 84 +++++++++++++++++++++++++++++++++--- 1 file changed, 77 insertions(+), 7 deletions(-) diff --git a/2020/5xxx/CVE-2020-5226.json b/2020/5xxx/CVE-2020-5226.json index 55e79e66df4..c1446fd2be0 100644 --- a/2020/5xxx/CVE-2020-5226.json +++ b/2020/5xxx/CVE-2020-5226.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5226", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cross-site scripting in SimpleSAMLphp" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SimpleSAMLphp", + "version": { + "version_data": [ + { + "version_value": ">= 1.18.0, < 1.18.4" + } + ] + } + } + ] + }, + "vendor_name": "simplesamlphp" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting in SimpleSAMLphp before version 1.18.4.\n\nThe www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\\Utils\\EMail class was introduced to handle sending emails, implemented as a wrapper of an external dependency.\n\nThis new wrapper allows us to use Twig templates in order to create the email sent with an error report. Since Twig provides automatic escaping of variables, manual escaping of the free-text field in www/errorreport.php was removed to avoid double escaping. However, for those not using the new user interface yet, an email template is hardcoded into the class itself in plain PHP. Since no escaping is provided in this template, it is then possible to inject HTML inside the template by manually crafting the contents of the free-text field." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-mj9p-v2r8-wf8w", + "refsource": "CONFIRM", + "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-mj9p-v2r8-wf8w" + }, + { + "name": "https://simplesamlphp.org/security/202001-01", + "refsource": "MISC", + "url": "https://simplesamlphp.org/security/202001-01" + } + ] + }, + "source": { + "advisory": "GHSA-mj9p-v2r8-wf8w", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} From e52f4ea7c740dc8e61078ce5a0e2e8c4cdbbb98c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 24 Jan 2020 22:01:16 +0000 Subject: [PATCH 278/387] "-Synchronized-Data." --- 2019/1xxx/CVE-2019-1276.json | 14 +++++++------- 2019/1xxx/CVE-2019-1279.json | 14 +++++++------- 2019/1xxx/CVE-2019-1281.json | 14 +++++++------- 2019/1xxx/CVE-2019-1288.json | 14 +++++++------- 2019/1xxx/CVE-2019-1304.json | 14 +++++++------- 2019/1xxx/CVE-2019-1312.json | 14 +++++++------- 2019/1xxx/CVE-2019-1348.json | 14 +++++++------- 2019/1xxx/CVE-2019-1353.json | 14 +++++++------- 2019/1xxx/CVE-2019-1355.json | 14 +++++++------- 2019/1xxx/CVE-2019-1360.json | 14 +++++++------- 2019/1xxx/CVE-2019-1377.json | 14 +++++++------- 2019/1xxx/CVE-2019-1386.json | 14 +++++++------- 2019/1xxx/CVE-2019-1401.json | 14 +++++++------- 2019/1xxx/CVE-2019-1403.json | 14 +++++++------- 2019/1xxx/CVE-2019-1404.json | 14 +++++++------- 2019/1xxx/CVE-2019-1410.json | 14 +++++++------- 2019/1xxx/CVE-2019-1421.json | 14 +++++++------- 2019/1xxx/CVE-2019-1431.json | 14 +++++++------- 2019/1xxx/CVE-2019-1444.json | 14 +++++++------- 2019/1xxx/CVE-2019-1450.json | 14 +++++++------- 2019/1xxx/CVE-2019-1451.json | 14 +++++++------- 2019/1xxx/CVE-2019-1452.json | 14 +++++++------- 2019/1xxx/CVE-2019-1455.json | 14 +++++++------- 2019/1xxx/CVE-2019-1459.json | 14 +++++++------- 2019/1xxx/CVE-2019-1473.json | 14 +++++++------- 2019/1xxx/CVE-2019-1475.json | 14 +++++++------- 2019/1xxx/CVE-2019-1479.json | 14 +++++++------- 2019/1xxx/CVE-2019-1482.json | 14 +++++++------- 2019/1xxx/CVE-2019-1492.json | 14 +++++++------- 2019/1xxx/CVE-2019-1493.json | 14 +++++++------- 2019/1xxx/CVE-2019-1494.json | 14 +++++++------- 2019/1xxx/CVE-2019-1495.json | 14 +++++++------- 2019/1xxx/CVE-2019-1496.json | 14 +++++++------- 2019/1xxx/CVE-2019-1497.json | 14 +++++++------- 2019/1xxx/CVE-2019-1498.json | 14 +++++++------- 2019/1xxx/CVE-2019-1499.json | 14 +++++++------- 2019/1xxx/CVE-2019-1500.json | 14 +++++++------- 2019/1xxx/CVE-2019-1501.json | 14 +++++++------- 2019/1xxx/CVE-2019-1502.json | 14 +++++++------- 2019/1xxx/CVE-2019-1503.json | 14 +++++++------- 2019/1xxx/CVE-2019-1504.json | 14 +++++++------- 2019/1xxx/CVE-2019-1505.json | 14 +++++++------- 2019/1xxx/CVE-2019-1506.json | 14 +++++++------- 2019/1xxx/CVE-2019-1507.json | 14 +++++++------- 2019/1xxx/CVE-2019-1508.json | 14 +++++++------- 2019/1xxx/CVE-2019-1509.json | 14 +++++++------- 2019/1xxx/CVE-2019-1510.json | 14 +++++++------- 2019/1xxx/CVE-2019-1511.json | 14 +++++++------- 2019/1xxx/CVE-2019-1512.json | 14 +++++++------- 2019/1xxx/CVE-2019-1513.json | 14 +++++++------- 2019/1xxx/CVE-2019-1514.json | 14 +++++++------- 2019/1xxx/CVE-2019-1515.json | 14 +++++++------- 2019/1xxx/CVE-2019-1516.json | 14 +++++++------- 2019/1xxx/CVE-2019-1517.json | 14 +++++++------- 2019/1xxx/CVE-2019-1518.json | 14 +++++++------- 2019/1xxx/CVE-2019-1519.json | 14 +++++++------- 2019/1xxx/CVE-2019-1520.json | 14 +++++++------- 2019/1xxx/CVE-2019-1521.json | 14 +++++++------- 2019/1xxx/CVE-2019-1522.json | 14 +++++++------- 2019/1xxx/CVE-2019-1523.json | 14 +++++++------- 2019/1xxx/CVE-2019-1524.json | 14 +++++++------- 2019/1xxx/CVE-2019-1525.json | 14 +++++++------- 2019/1xxx/CVE-2019-1526.json | 14 +++++++------- 2019/1xxx/CVE-2019-1527.json | 14 +++++++------- 2019/1xxx/CVE-2019-1528.json | 14 +++++++------- 2019/1xxx/CVE-2019-1529.json | 14 +++++++------- 2019/1xxx/CVE-2019-1530.json | 14 +++++++------- 2019/1xxx/CVE-2019-1531.json | 14 +++++++------- 2019/1xxx/CVE-2019-1532.json | 14 +++++++------- 2019/1xxx/CVE-2019-1533.json | 14 +++++++------- 2019/1xxx/CVE-2019-1534.json | 14 +++++++------- 71 files changed, 497 insertions(+), 497 deletions(-) diff --git a/2019/1xxx/CVE-2019-1276.json b/2019/1xxx/CVE-2019-1276.json index 8c36f539337..d918c5075c4 100644 --- a/2019/1xxx/CVE-2019-1276.json +++ b/2019/1xxx/CVE-2019-1276.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1276", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1276", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1279.json b/2019/1xxx/CVE-2019-1279.json index 3efd1f172f5..e89ea71373b 100644 --- a/2019/1xxx/CVE-2019-1279.json +++ b/2019/1xxx/CVE-2019-1279.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1279", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1279", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1281.json b/2019/1xxx/CVE-2019-1281.json index 96072025905..eba27117da5 100644 --- a/2019/1xxx/CVE-2019-1281.json +++ b/2019/1xxx/CVE-2019-1281.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1281", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1281", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1288.json b/2019/1xxx/CVE-2019-1288.json index b272499c7ee..62aa5014f1d 100644 --- a/2019/1xxx/CVE-2019-1288.json +++ b/2019/1xxx/CVE-2019-1288.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1288", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1288", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1304.json b/2019/1xxx/CVE-2019-1304.json index 4104b2d4492..d16da0bdfa3 100644 --- a/2019/1xxx/CVE-2019-1304.json +++ b/2019/1xxx/CVE-2019-1304.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1304", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1304", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1312.json b/2019/1xxx/CVE-2019-1312.json index b98a799e1b8..bddf0790435 100644 --- a/2019/1xxx/CVE-2019-1312.json +++ b/2019/1xxx/CVE-2019-1312.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1312", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1312", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1348.json b/2019/1xxx/CVE-2019-1348.json index 0a46bfb4c07..2bd0a3fb44b 100644 --- a/2019/1xxx/CVE-2019-1348.json +++ b/2019/1xxx/CVE-2019-1348.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1348", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1348", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1353.json b/2019/1xxx/CVE-2019-1353.json index b6ff951cef2..eae853cad28 100644 --- a/2019/1xxx/CVE-2019-1353.json +++ b/2019/1xxx/CVE-2019-1353.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1353", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1353", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1355.json b/2019/1xxx/CVE-2019-1355.json index 7bcd0d4a79e..71cdd8f2b65 100644 --- a/2019/1xxx/CVE-2019-1355.json +++ b/2019/1xxx/CVE-2019-1355.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1355", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1355", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1360.json b/2019/1xxx/CVE-2019-1360.json index f6abc198941..c2aa48c1cff 100644 --- a/2019/1xxx/CVE-2019-1360.json +++ b/2019/1xxx/CVE-2019-1360.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1360", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1360", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1377.json b/2019/1xxx/CVE-2019-1377.json index 030b22e028e..ff0866ddb68 100644 --- a/2019/1xxx/CVE-2019-1377.json +++ b/2019/1xxx/CVE-2019-1377.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1377", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1377", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1386.json b/2019/1xxx/CVE-2019-1386.json index 9f497bcadcc..e4837164dd5 100644 --- a/2019/1xxx/CVE-2019-1386.json +++ b/2019/1xxx/CVE-2019-1386.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1386", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1386", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1401.json b/2019/1xxx/CVE-2019-1401.json index 7b81866b1ac..f2afea3bc78 100644 --- a/2019/1xxx/CVE-2019-1401.json +++ b/2019/1xxx/CVE-2019-1401.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1401", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1401", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1403.json b/2019/1xxx/CVE-2019-1403.json index e932b012202..4f17abc30b2 100644 --- a/2019/1xxx/CVE-2019-1403.json +++ b/2019/1xxx/CVE-2019-1403.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1403", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1403", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1404.json b/2019/1xxx/CVE-2019-1404.json index cc5b708ef04..5e19dfff8ed 100644 --- a/2019/1xxx/CVE-2019-1404.json +++ b/2019/1xxx/CVE-2019-1404.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1404", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1404", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1410.json b/2019/1xxx/CVE-2019-1410.json index 654b4dc609b..02c406da3f6 100644 --- a/2019/1xxx/CVE-2019-1410.json +++ b/2019/1xxx/CVE-2019-1410.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1410", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1410", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1421.json b/2019/1xxx/CVE-2019-1421.json index 43cbe7f5b89..3391b0a00d4 100644 --- a/2019/1xxx/CVE-2019-1421.json +++ b/2019/1xxx/CVE-2019-1421.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1421", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1421", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1431.json b/2019/1xxx/CVE-2019-1431.json index 0cbd75d8783..ecef738f532 100644 --- a/2019/1xxx/CVE-2019-1431.json +++ b/2019/1xxx/CVE-2019-1431.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1431", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1431", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1444.json b/2019/1xxx/CVE-2019-1444.json index ecdd7f1dd93..4747d61d4a9 100644 --- a/2019/1xxx/CVE-2019-1444.json +++ b/2019/1xxx/CVE-2019-1444.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1444", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1444", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1450.json b/2019/1xxx/CVE-2019-1450.json index 695a3b32068..ee6319082e8 100644 --- a/2019/1xxx/CVE-2019-1450.json +++ b/2019/1xxx/CVE-2019-1450.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1450", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1450", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1451.json b/2019/1xxx/CVE-2019-1451.json index c935774f7a9..0a2b646005f 100644 --- a/2019/1xxx/CVE-2019-1451.json +++ b/2019/1xxx/CVE-2019-1451.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1451", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1451", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1452.json b/2019/1xxx/CVE-2019-1452.json index e82744a34c0..c7e8879828d 100644 --- a/2019/1xxx/CVE-2019-1452.json +++ b/2019/1xxx/CVE-2019-1452.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1452", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1452", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1455.json b/2019/1xxx/CVE-2019-1455.json index 71c0de51150..40486b80df5 100644 --- a/2019/1xxx/CVE-2019-1455.json +++ b/2019/1xxx/CVE-2019-1455.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1455", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1455", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1459.json b/2019/1xxx/CVE-2019-1459.json index bef303c2572..c42c4d047e9 100644 --- a/2019/1xxx/CVE-2019-1459.json +++ b/2019/1xxx/CVE-2019-1459.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1459", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1459", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1473.json b/2019/1xxx/CVE-2019-1473.json index 6e7ba137f6c..f802e59ded4 100644 --- a/2019/1xxx/CVE-2019-1473.json +++ b/2019/1xxx/CVE-2019-1473.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1473", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1473", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1475.json b/2019/1xxx/CVE-2019-1475.json index 5e38da8a344..bb753e42a31 100644 --- a/2019/1xxx/CVE-2019-1475.json +++ b/2019/1xxx/CVE-2019-1475.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1475", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1475", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1479.json b/2019/1xxx/CVE-2019-1479.json index 8c83e2ada1f..1510bad35df 100644 --- a/2019/1xxx/CVE-2019-1479.json +++ b/2019/1xxx/CVE-2019-1479.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1479", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1479", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1482.json b/2019/1xxx/CVE-2019-1482.json index a0490eacdf2..32d55dee562 100644 --- a/2019/1xxx/CVE-2019-1482.json +++ b/2019/1xxx/CVE-2019-1482.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1482", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1482", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1492.json b/2019/1xxx/CVE-2019-1492.json index d52c710092e..8556e535965 100644 --- a/2019/1xxx/CVE-2019-1492.json +++ b/2019/1xxx/CVE-2019-1492.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1492", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1492", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1493.json b/2019/1xxx/CVE-2019-1493.json index f5b9595a822..73c8a44f0da 100644 --- a/2019/1xxx/CVE-2019-1493.json +++ b/2019/1xxx/CVE-2019-1493.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1493", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1493", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1494.json b/2019/1xxx/CVE-2019-1494.json index 0a3de8a508d..790f952e3c0 100644 --- a/2019/1xxx/CVE-2019-1494.json +++ b/2019/1xxx/CVE-2019-1494.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1494", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1494", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1495.json b/2019/1xxx/CVE-2019-1495.json index 995b37924b0..a96d70d5c68 100644 --- a/2019/1xxx/CVE-2019-1495.json +++ b/2019/1xxx/CVE-2019-1495.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1495", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1495", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1496.json b/2019/1xxx/CVE-2019-1496.json index 04b6e858864..c724bc7a5d3 100644 --- a/2019/1xxx/CVE-2019-1496.json +++ b/2019/1xxx/CVE-2019-1496.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1496", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1496", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1497.json b/2019/1xxx/CVE-2019-1497.json index d7985fa9cf3..de4d7268094 100644 --- a/2019/1xxx/CVE-2019-1497.json +++ b/2019/1xxx/CVE-2019-1497.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1497", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1497", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1498.json b/2019/1xxx/CVE-2019-1498.json index cfef3efcc5d..c7d0ebef75c 100644 --- a/2019/1xxx/CVE-2019-1498.json +++ b/2019/1xxx/CVE-2019-1498.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1498", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1498", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1499.json b/2019/1xxx/CVE-2019-1499.json index 3d06c9fe50c..5465d07b0df 100644 --- a/2019/1xxx/CVE-2019-1499.json +++ b/2019/1xxx/CVE-2019-1499.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1499", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1499", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1500.json b/2019/1xxx/CVE-2019-1500.json index 847fe3ba551..35b344a5ce2 100644 --- a/2019/1xxx/CVE-2019-1500.json +++ b/2019/1xxx/CVE-2019-1500.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1500", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1500", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1501.json b/2019/1xxx/CVE-2019-1501.json index c3f43fce16f..b28e23bc3bb 100644 --- a/2019/1xxx/CVE-2019-1501.json +++ b/2019/1xxx/CVE-2019-1501.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1501", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1501", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1502.json b/2019/1xxx/CVE-2019-1502.json index d9ae95254b8..ecb4bd59b08 100644 --- a/2019/1xxx/CVE-2019-1502.json +++ b/2019/1xxx/CVE-2019-1502.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1502", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1502", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1503.json b/2019/1xxx/CVE-2019-1503.json index bd0e78ac5e6..a60676a06db 100644 --- a/2019/1xxx/CVE-2019-1503.json +++ b/2019/1xxx/CVE-2019-1503.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1503", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1503", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1504.json b/2019/1xxx/CVE-2019-1504.json index efd5d27e3da..3e4fbd168c9 100644 --- a/2019/1xxx/CVE-2019-1504.json +++ b/2019/1xxx/CVE-2019-1504.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1504", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1504", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1505.json b/2019/1xxx/CVE-2019-1505.json index 4e0c79490d8..b68d47ef200 100644 --- a/2019/1xxx/CVE-2019-1505.json +++ b/2019/1xxx/CVE-2019-1505.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1505", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1505", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1506.json b/2019/1xxx/CVE-2019-1506.json index 8b33043280a..433de8bf434 100644 --- a/2019/1xxx/CVE-2019-1506.json +++ b/2019/1xxx/CVE-2019-1506.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1506", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1506", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1507.json b/2019/1xxx/CVE-2019-1507.json index 48f5422df0a..d33887d80c2 100644 --- a/2019/1xxx/CVE-2019-1507.json +++ b/2019/1xxx/CVE-2019-1507.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1507", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1507", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1508.json b/2019/1xxx/CVE-2019-1508.json index 682685953dd..d3a8de8b1a2 100644 --- a/2019/1xxx/CVE-2019-1508.json +++ b/2019/1xxx/CVE-2019-1508.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1508", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1508", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1509.json b/2019/1xxx/CVE-2019-1509.json index 6de59acdce9..f4ac22e8f71 100644 --- a/2019/1xxx/CVE-2019-1509.json +++ b/2019/1xxx/CVE-2019-1509.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1509", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1509", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1510.json b/2019/1xxx/CVE-2019-1510.json index 83f10f719ff..17fe8f205a6 100644 --- a/2019/1xxx/CVE-2019-1510.json +++ b/2019/1xxx/CVE-2019-1510.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1510", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1510", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1511.json b/2019/1xxx/CVE-2019-1511.json index abc715b5e05..e31881e0ab5 100644 --- a/2019/1xxx/CVE-2019-1511.json +++ b/2019/1xxx/CVE-2019-1511.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1511", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1511", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1512.json b/2019/1xxx/CVE-2019-1512.json index afb13d134f9..b828c5f092c 100644 --- a/2019/1xxx/CVE-2019-1512.json +++ b/2019/1xxx/CVE-2019-1512.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1512", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1512", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1513.json b/2019/1xxx/CVE-2019-1513.json index bf537cc4753..e36d80088e6 100644 --- a/2019/1xxx/CVE-2019-1513.json +++ b/2019/1xxx/CVE-2019-1513.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1513", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1513", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1514.json b/2019/1xxx/CVE-2019-1514.json index 8b20f8046f6..e6f7945dd10 100644 --- a/2019/1xxx/CVE-2019-1514.json +++ b/2019/1xxx/CVE-2019-1514.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1514", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1514", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1515.json b/2019/1xxx/CVE-2019-1515.json index ded1dcd882b..8d5b4c3fe09 100644 --- a/2019/1xxx/CVE-2019-1515.json +++ b/2019/1xxx/CVE-2019-1515.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1515", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1515", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1516.json b/2019/1xxx/CVE-2019-1516.json index 669ebfe8b88..fcea0018f6c 100644 --- a/2019/1xxx/CVE-2019-1516.json +++ b/2019/1xxx/CVE-2019-1516.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1516", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1516", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1517.json b/2019/1xxx/CVE-2019-1517.json index ebda8489ed0..73f58da4437 100644 --- a/2019/1xxx/CVE-2019-1517.json +++ b/2019/1xxx/CVE-2019-1517.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1517", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1517", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1518.json b/2019/1xxx/CVE-2019-1518.json index 2b336aa56f9..0d7d57888f8 100644 --- a/2019/1xxx/CVE-2019-1518.json +++ b/2019/1xxx/CVE-2019-1518.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1518", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1518", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1519.json b/2019/1xxx/CVE-2019-1519.json index dc2c2a0bc22..abf2630c356 100644 --- a/2019/1xxx/CVE-2019-1519.json +++ b/2019/1xxx/CVE-2019-1519.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1519", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1519", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1520.json b/2019/1xxx/CVE-2019-1520.json index 7766274f9bc..cd5b0b0a285 100644 --- a/2019/1xxx/CVE-2019-1520.json +++ b/2019/1xxx/CVE-2019-1520.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1520", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1520", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1521.json b/2019/1xxx/CVE-2019-1521.json index 762b9e44e3a..6a88afa4093 100644 --- a/2019/1xxx/CVE-2019-1521.json +++ b/2019/1xxx/CVE-2019-1521.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1521", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1521", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1522.json b/2019/1xxx/CVE-2019-1522.json index 6e3d1370806..1990c10ae9b 100644 --- a/2019/1xxx/CVE-2019-1522.json +++ b/2019/1xxx/CVE-2019-1522.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1522", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1522", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1523.json b/2019/1xxx/CVE-2019-1523.json index adf3cfc9362..28be19f9e21 100644 --- a/2019/1xxx/CVE-2019-1523.json +++ b/2019/1xxx/CVE-2019-1523.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1523", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1523", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1524.json b/2019/1xxx/CVE-2019-1524.json index 6a15546b2ec..3697103b1bc 100644 --- a/2019/1xxx/CVE-2019-1524.json +++ b/2019/1xxx/CVE-2019-1524.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1524", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1524", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1525.json b/2019/1xxx/CVE-2019-1525.json index 7220548c200..fc1a47627ff 100644 --- a/2019/1xxx/CVE-2019-1525.json +++ b/2019/1xxx/CVE-2019-1525.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1525", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1525", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1526.json b/2019/1xxx/CVE-2019-1526.json index eaa69b7c0f2..4acfbf4a890 100644 --- a/2019/1xxx/CVE-2019-1526.json +++ b/2019/1xxx/CVE-2019-1526.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1526", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1526", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1527.json b/2019/1xxx/CVE-2019-1527.json index 119888b8cf7..53beb6279aa 100644 --- a/2019/1xxx/CVE-2019-1527.json +++ b/2019/1xxx/CVE-2019-1527.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1527", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1527", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1528.json b/2019/1xxx/CVE-2019-1528.json index 15fbdea5af8..8b2ef56fc83 100644 --- a/2019/1xxx/CVE-2019-1528.json +++ b/2019/1xxx/CVE-2019-1528.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1528", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1528", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1529.json b/2019/1xxx/CVE-2019-1529.json index c56e82203dc..111532a745a 100644 --- a/2019/1xxx/CVE-2019-1529.json +++ b/2019/1xxx/CVE-2019-1529.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1529", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1529", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1530.json b/2019/1xxx/CVE-2019-1530.json index 165293d2049..211e762c99a 100644 --- a/2019/1xxx/CVE-2019-1530.json +++ b/2019/1xxx/CVE-2019-1530.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1530", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1530", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1531.json b/2019/1xxx/CVE-2019-1531.json index 508f2d0de90..ae5c376e64b 100644 --- a/2019/1xxx/CVE-2019-1531.json +++ b/2019/1xxx/CVE-2019-1531.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1531", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1531", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1532.json b/2019/1xxx/CVE-2019-1532.json index 6a21112c8b1..69abd3e2ab3 100644 --- a/2019/1xxx/CVE-2019-1532.json +++ b/2019/1xxx/CVE-2019-1532.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1532", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1532", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1533.json b/2019/1xxx/CVE-2019-1533.json index d013a451455..91830f678ba 100644 --- a/2019/1xxx/CVE-2019-1533.json +++ b/2019/1xxx/CVE-2019-1533.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1533", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1533", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1534.json b/2019/1xxx/CVE-2019-1534.json index 336b75091dc..925a77532e8 100644 --- a/2019/1xxx/CVE-2019-1534.json +++ b/2019/1xxx/CVE-2019-1534.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1534", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1534", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } From fa89ff4aeee11e96f37a087cb95646686490c35b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 24 Jan 2020 22:01:37 +0000 Subject: [PATCH 279/387] "-Synchronized-Data." --- 2014/9xxx/CVE-2014-9625.json | 58 ++++++++++++++++++++++++- 2014/9xxx/CVE-2014-9626.json | 58 ++++++++++++++++++++++++- 2014/9xxx/CVE-2014-9627.json | 58 ++++++++++++++++++++++++- 2014/9xxx/CVE-2014-9628.json | 58 ++++++++++++++++++++++++- 2014/9xxx/CVE-2014-9629.json | 58 ++++++++++++++++++++++++- 2014/9xxx/CVE-2014-9630.json | 58 ++++++++++++++++++++++++- 2015/1xxx/CVE-2015-1202.json | 14 +++--- 2015/1xxx/CVE-2015-1203.json | 14 +++--- 2015/9xxx/CVE-2015-9541.json | 62 +++++++++++++++++++++++++++ 2019/0xxx/CVE-2019-0542.json | 83 +++--------------------------------- 2019/0xxx/CVE-2019-0544.json | 14 +++--- 2019/0xxx/CVE-2019-0563.json | 14 +++--- 2019/0xxx/CVE-2019-0587.json | 14 +++--- 2019/0xxx/CVE-2019-0589.json | 14 +++--- 2019/0xxx/CVE-2019-0629.json | 14 +++--- 2019/0xxx/CVE-2019-0638.json | 14 +++--- 2019/0xxx/CVE-2019-0653.json | 14 +++--- 2019/0xxx/CVE-2019-0677.json | 14 +++--- 2019/0xxx/CVE-2019-0679.json | 14 +++--- 2019/0xxx/CVE-2019-0681.json | 14 +++--- 2019/0xxx/CVE-2019-0684.json | 14 +++--- 2019/0xxx/CVE-2019-0687.json | 14 +++--- 2019/0xxx/CVE-2019-0691.json | 14 +++--- 2019/0xxx/CVE-2019-0699.json | 14 +++--- 2019/0xxx/CVE-2019-0700.json | 14 +++--- 2019/0xxx/CVE-2019-0705.json | 14 +++--- 2019/0xxx/CVE-2019-0706.json | 14 +++--- 2019/0xxx/CVE-2019-0737.json | 14 +++--- 2019/0xxx/CVE-2019-0738.json | 14 +++--- 2019/0xxx/CVE-2019-0740.json | 14 +++--- 2019/0xxx/CVE-2019-0744.json | 14 +++--- 2019/0xxx/CVE-2019-0745.json | 14 +++--- 2019/0xxx/CVE-2019-0747.json | 14 +++--- 2019/0xxx/CVE-2019-0749.json | 14 +++--- 2019/0xxx/CVE-2019-0750.json | 14 +++--- 2019/0xxx/CVE-2019-0751.json | 14 +++--- 2019/0xxx/CVE-2019-0760.json | 14 +++--- 2019/0xxx/CVE-2019-0781.json | 14 +++--- 2019/0xxx/CVE-2019-0789.json | 14 +++--- 2019/0xxx/CVE-2019-0799.json | 14 +++--- 2019/0xxx/CVE-2019-0800.json | 14 +++--- 2019/0xxx/CVE-2019-0807.json | 14 +++--- 2019/0xxx/CVE-2019-0818.json | 14 +++--- 2019/0xxx/CVE-2019-0832.json | 14 +++--- 2019/0xxx/CVE-2019-0834.json | 14 +++--- 2019/0xxx/CVE-2019-0843.json | 14 +++--- 2019/0xxx/CVE-2019-0850.json | 14 +++--- 2019/0xxx/CVE-2019-0852.json | 14 +++--- 2019/0xxx/CVE-2019-0854.json | 14 +++--- 2019/0xxx/CVE-2019-0855.json | 14 +++--- 2019/0xxx/CVE-2019-0873.json | 14 +++--- 2019/0xxx/CVE-2019-0878.json | 14 +++--- 2019/0xxx/CVE-2019-0883.json | 14 +++--- 2019/0xxx/CVE-2019-0910.json | 14 +++--- 2019/0xxx/CVE-2019-0919.json | 14 +++--- 2019/0xxx/CVE-2019-0934.json | 14 +++--- 2019/0xxx/CVE-2019-0935.json | 14 +++--- 2019/0xxx/CVE-2019-0939.json | 14 +++--- 2019/0xxx/CVE-2019-0944.json | 14 +++--- 2019/0xxx/CVE-2019-0954.json | 14 +++--- 2019/0xxx/CVE-2019-0955.json | 14 +++--- 2019/0xxx/CVE-2019-0964.json | 14 +++--- 2019/0xxx/CVE-2019-0967.json | 14 +++--- 2019/0xxx/CVE-2019-0969.json | 14 +++--- 2019/0xxx/CVE-2019-0970.json | 14 +++--- 2019/0xxx/CVE-2019-0978.json | 14 +++--- 2019/0xxx/CVE-2019-0987.json | 14 +++--- 2019/0xxx/CVE-2019-0994.json | 14 +++--- 2019/0xxx/CVE-2019-0997.json | 14 +++--- 2019/1xxx/CVE-2019-1020.json | 14 +++--- 2019/1xxx/CVE-2019-1042.json | 14 +++--- 2019/1xxx/CVE-2019-1058.json | 14 +++--- 2019/1xxx/CVE-2019-1061.json | 14 +++--- 2019/1xxx/CVE-2019-1066.json | 14 +++--- 2019/1xxx/CVE-2019-1114.json | 14 +++--- 2019/1xxx/CVE-2019-1115.json | 14 +++--- 2019/1xxx/CVE-2019-1135.json | 14 +++--- 2019/1xxx/CVE-2019-1160.json | 14 +++--- 2019/1xxx/CVE-2019-1165.json | 14 +++--- 2019/1xxx/CVE-2019-1189.json | 14 +++--- 2019/1xxx/CVE-2019-1191.json | 14 +++--- 2019/1xxx/CVE-2019-1207.json | 14 +++--- 2019/1xxx/CVE-2019-1210.json | 14 +++--- 2019/1xxx/CVE-2019-1275.json | 14 +++--- 2020/5xxx/CVE-2020-5226.json | 4 +- 85 files changed, 939 insertions(+), 622 deletions(-) create mode 100644 2015/9xxx/CVE-2015-9541.json diff --git a/2014/9xxx/CVE-2014-9625.json b/2014/9xxx/CVE-2014-9625.json index d51d9c3e0ce..c3f8d791195 100644 --- a/2014/9xxx/CVE-2014-9625.json +++ b/2014/9xxx/CVE-2014-9625.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9625", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an \"integer truncation\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14", + "url": "https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14" + }, + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/01/20/5", + "url": "http://openwall.com/lists/oss-security/2015/01/20/5" + }, + { + "refsource": "CONFIRM", + "name": "https://www.videolan.org/security/sa1501.html", + "url": "https://www.videolan.org/security/sa1501.html" } ] } diff --git a/2014/9xxx/CVE-2014-9626.json b/2014/9xxx/CVE-2014-9626.json index fc8c59c1581..3b15f6d5021 100644 --- a/2014/9xxx/CVE-2014-9626.json +++ b/2014/9xxx/CVE-2014-9626.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9626", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/01/20/5", + "url": "http://openwall.com/lists/oss-security/2015/01/20/5" + }, + { + "refsource": "MISC", + "name": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39", + "url": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39" + }, + { + "refsource": "CONFIRM", + "name": "https://www.videolan.org/security/sa1501.html", + "url": "https://www.videolan.org/security/sa1501.html" } ] } diff --git a/2014/9xxx/CVE-2014-9627.json b/2014/9xxx/CVE-2014-9627.json index 79169542534..242e138a9bb 100644 --- a/2014/9xxx/CVE-2014-9627.json +++ b/2014/9xxx/CVE-2014-9627.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9627", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/01/20/5", + "url": "http://openwall.com/lists/oss-security/2015/01/20/5" + }, + { + "refsource": "MISC", + "name": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39", + "url": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39" + }, + { + "refsource": "CONFIRM", + "name": "https://www.videolan.org/security/sa1501.html", + "url": "https://www.videolan.org/security/sa1501.html" } ] } diff --git a/2014/9xxx/CVE-2014-9628.json b/2014/9xxx/CVE-2014-9628.json index ff596dd8ef4..fd5d0b08a68 100644 --- a/2014/9xxx/CVE-2014-9628.json +++ b/2014/9xxx/CVE-2014-9628.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9628", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/01/20/5", + "url": "http://openwall.com/lists/oss-security/2015/01/20/5" + }, + { + "refsource": "MISC", + "name": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39", + "url": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39" + }, + { + "refsource": "CONFIRM", + "name": "https://www.videolan.org/security/sa1501.html", + "url": "https://www.videolan.org/security/sa1501.html" } ] } diff --git a/2014/9xxx/CVE-2014-9629.json b/2014/9xxx/CVE-2014-9629.json index b85b96c6e4f..514a4604d51 100644 --- a/2014/9xxx/CVE-2014-9629.json +++ b/2014/9xxx/CVE-2014-9629.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9629", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/01/20/5", + "url": "http://openwall.com/lists/oss-security/2015/01/20/5" + }, + { + "refsource": "MISC", + "name": "https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5", + "url": "https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5" + }, + { + "refsource": "CONFIRM", + "name": "https://www.videolan.org/security/sa1501.html", + "url": "https://www.videolan.org/security/sa1501.html" } ] } diff --git a/2014/9xxx/CVE-2014-9630.json b/2014/9xxx/CVE-2014-9630.json index 156ca49d7a8..38f7b955a9a 100644 --- a/2014/9xxx/CVE-2014-9630.json +++ b/2014/9xxx/CVE-2014-9630.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9630", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/01/20/5", + "url": "http://openwall.com/lists/oss-security/2015/01/20/5" + }, + { + "refsource": "MISC", + "name": "https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97", + "url": "https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97" + }, + { + "refsource": "CONFIRM", + "name": "https://www.videolan.org/security/sa1501.html", + "url": "https://www.videolan.org/security/sa1501.html" } ] } diff --git a/2015/1xxx/CVE-2015-1202.json b/2015/1xxx/CVE-2015-1202.json index be0fc68eb3c..7bc6cd7c5db 100644 --- a/2015/1xxx/CVE-2015-1202.json +++ b/2015/1xxx/CVE-2015-1202.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-1202", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-1202", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2015/1xxx/CVE-2015-1203.json b/2015/1xxx/CVE-2015-1203.json index 2518475080b..dfcea3da87c 100644 --- a/2015/1xxx/CVE-2015-1203.json +++ b/2015/1xxx/CVE-2015-1203.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-1203", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-1203", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2015/9xxx/CVE-2015-9541.json b/2015/9xxx/CVE-2015-9541.json new file mode 100644 index 00000000000..fb9206975da --- /dev/null +++ b/2015/9xxx/CVE-2015-9541.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugreports.qt.io/browse/QTBUG-47417", + "refsource": "MISC", + "name": "https://bugreports.qt.io/browse/QTBUG-47417" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0542.json b/2019/0xxx/CVE-2019-0542.json index 7ec924d9acf..32adb8f0fc6 100644 --- a/2019/0xxx/CVE-2019-0542.json +++ b/2019/0xxx/CVE-2019-0542.json @@ -1,86 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2019-0542", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "xterm.js", - "version": { - "version_data": [ - { - "version_value": "xterm.js" - } - ] - } - } - ] - }, - "vendor_name": "https://xtermjs.org/" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0542", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka \"Xterm Remote Code Execution Vulnerability.\" This affects xterm.js." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://github.com/xtermjs/xterm.js/releases", - "refsource": "MISC", - "url": "https://github.com/xtermjs/xterm.js/releases" - }, - { - "name": "106434", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/106434" - }, - { - "refsource": "REDHAT", - "name": "RHBA-2019:0959", - "url": "https://access.redhat.com/errata/RHBA-2019:0959" - }, - { - "refsource": "REDHAT", - "name": "RHSA-2019:1422", - "url": "https://access.redhat.com/errata/RHSA-2019:1422" - }, - { - "refsource": "REDHAT", - "name": "RHSA-2019:2552", - "url": "https://access.redhat.com/errata/RHSA-2019:2552" - }, - { - "refsource": "REDHAT", - "name": "RHSA-2019:2551", - "url": "https://access.redhat.com/errata/RHSA-2019:2551" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0544.json b/2019/0xxx/CVE-2019-0544.json index f58ec1a789a..f26d7688ac6 100644 --- a/2019/0xxx/CVE-2019-0544.json +++ b/2019/0xxx/CVE-2019-0544.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0544", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0544", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0563.json b/2019/0xxx/CVE-2019-0563.json index 08a270150a5..87de000aa31 100644 --- a/2019/0xxx/CVE-2019-0563.json +++ b/2019/0xxx/CVE-2019-0563.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0563", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0563", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0587.json b/2019/0xxx/CVE-2019-0587.json index ce6a70438a0..180cef0eda1 100644 --- a/2019/0xxx/CVE-2019-0587.json +++ b/2019/0xxx/CVE-2019-0587.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0587", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0587", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0589.json b/2019/0xxx/CVE-2019-0589.json index 5ab66ff1d70..426967ceedb 100644 --- a/2019/0xxx/CVE-2019-0589.json +++ b/2019/0xxx/CVE-2019-0589.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0589", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0589", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0629.json b/2019/0xxx/CVE-2019-0629.json index e1dcdbccb34..b9b9aaf70be 100644 --- a/2019/0xxx/CVE-2019-0629.json +++ b/2019/0xxx/CVE-2019-0629.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0629", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0629", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0638.json b/2019/0xxx/CVE-2019-0638.json index 92ed5438189..d48dfd1c799 100644 --- a/2019/0xxx/CVE-2019-0638.json +++ b/2019/0xxx/CVE-2019-0638.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0638", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0638", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0653.json b/2019/0xxx/CVE-2019-0653.json index 0866788568e..342c150cc3a 100644 --- a/2019/0xxx/CVE-2019-0653.json +++ b/2019/0xxx/CVE-2019-0653.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0653", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0653", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0677.json b/2019/0xxx/CVE-2019-0677.json index e697b4aa8a8..85c1709f41d 100644 --- a/2019/0xxx/CVE-2019-0677.json +++ b/2019/0xxx/CVE-2019-0677.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0677", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0677", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0679.json b/2019/0xxx/CVE-2019-0679.json index 851e987aef8..bb46cc81aa9 100644 --- a/2019/0xxx/CVE-2019-0679.json +++ b/2019/0xxx/CVE-2019-0679.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0679", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0679", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0681.json b/2019/0xxx/CVE-2019-0681.json index 8e0d94393d9..d23255a1f7d 100644 --- a/2019/0xxx/CVE-2019-0681.json +++ b/2019/0xxx/CVE-2019-0681.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0681", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0681", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0684.json b/2019/0xxx/CVE-2019-0684.json index ade776a3ca0..0f213daf21a 100644 --- a/2019/0xxx/CVE-2019-0684.json +++ b/2019/0xxx/CVE-2019-0684.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0684", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0684", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0687.json b/2019/0xxx/CVE-2019-0687.json index 819d53aad1a..cb07f588a8d 100644 --- a/2019/0xxx/CVE-2019-0687.json +++ b/2019/0xxx/CVE-2019-0687.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0687", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0687", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0691.json b/2019/0xxx/CVE-2019-0691.json index c8cc83c0812..67898eb4216 100644 --- a/2019/0xxx/CVE-2019-0691.json +++ b/2019/0xxx/CVE-2019-0691.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0691", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0691", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0699.json b/2019/0xxx/CVE-2019-0699.json index 6fefc200c23..762c3d9674d 100644 --- a/2019/0xxx/CVE-2019-0699.json +++ b/2019/0xxx/CVE-2019-0699.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0699", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0699", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0700.json b/2019/0xxx/CVE-2019-0700.json index 05d51b114a4..63490fb9ffe 100644 --- a/2019/0xxx/CVE-2019-0700.json +++ b/2019/0xxx/CVE-2019-0700.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0700", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0700", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0705.json b/2019/0xxx/CVE-2019-0705.json index fec4dc5ec03..2c58b2906b5 100644 --- a/2019/0xxx/CVE-2019-0705.json +++ b/2019/0xxx/CVE-2019-0705.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0705", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0705", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0706.json b/2019/0xxx/CVE-2019-0706.json index b04d1c71eb6..e08e08c779c 100644 --- a/2019/0xxx/CVE-2019-0706.json +++ b/2019/0xxx/CVE-2019-0706.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0706", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0706", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0737.json b/2019/0xxx/CVE-2019-0737.json index 2cdd6a996b5..2717c8dad2c 100644 --- a/2019/0xxx/CVE-2019-0737.json +++ b/2019/0xxx/CVE-2019-0737.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0737", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0737", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0738.json b/2019/0xxx/CVE-2019-0738.json index af24c556915..e6471c5d562 100644 --- a/2019/0xxx/CVE-2019-0738.json +++ b/2019/0xxx/CVE-2019-0738.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0738", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0738", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0740.json b/2019/0xxx/CVE-2019-0740.json index 1e8580584b6..ee78ffd4871 100644 --- a/2019/0xxx/CVE-2019-0740.json +++ b/2019/0xxx/CVE-2019-0740.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0740", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0740", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0744.json b/2019/0xxx/CVE-2019-0744.json index 44ee74514b3..fe340e4085c 100644 --- a/2019/0xxx/CVE-2019-0744.json +++ b/2019/0xxx/CVE-2019-0744.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0744", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0744", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0745.json b/2019/0xxx/CVE-2019-0745.json index 3c551082c3e..7491afda740 100644 --- a/2019/0xxx/CVE-2019-0745.json +++ b/2019/0xxx/CVE-2019-0745.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0745", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0745", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0747.json b/2019/0xxx/CVE-2019-0747.json index d7a7d20c6de..879274fe726 100644 --- a/2019/0xxx/CVE-2019-0747.json +++ b/2019/0xxx/CVE-2019-0747.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0747", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0747", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0749.json b/2019/0xxx/CVE-2019-0749.json index 1929c4666d7..0b77f015707 100644 --- a/2019/0xxx/CVE-2019-0749.json +++ b/2019/0xxx/CVE-2019-0749.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0749", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0749", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0750.json b/2019/0xxx/CVE-2019-0750.json index e5be4c89326..ad2963af4c5 100644 --- a/2019/0xxx/CVE-2019-0750.json +++ b/2019/0xxx/CVE-2019-0750.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0750", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0750", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0751.json b/2019/0xxx/CVE-2019-0751.json index ab97fd4da02..21bbedd5250 100644 --- a/2019/0xxx/CVE-2019-0751.json +++ b/2019/0xxx/CVE-2019-0751.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0751", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0751", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0760.json b/2019/0xxx/CVE-2019-0760.json index a9d7ccc8036..2130e182b8a 100644 --- a/2019/0xxx/CVE-2019-0760.json +++ b/2019/0xxx/CVE-2019-0760.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0760", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0760", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0781.json b/2019/0xxx/CVE-2019-0781.json index 839ccef7377..935c2c790e4 100644 --- a/2019/0xxx/CVE-2019-0781.json +++ b/2019/0xxx/CVE-2019-0781.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0781", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0781", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0789.json b/2019/0xxx/CVE-2019-0789.json index fd6c0454480..e6bde539e78 100644 --- a/2019/0xxx/CVE-2019-0789.json +++ b/2019/0xxx/CVE-2019-0789.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0789", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0789", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0799.json b/2019/0xxx/CVE-2019-0799.json index 8a5d07447c6..125b0e6df6c 100644 --- a/2019/0xxx/CVE-2019-0799.json +++ b/2019/0xxx/CVE-2019-0799.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0799", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0799", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0800.json b/2019/0xxx/CVE-2019-0800.json index ae4a789a602..f4eaa5fe987 100644 --- a/2019/0xxx/CVE-2019-0800.json +++ b/2019/0xxx/CVE-2019-0800.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0800", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0800", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0807.json b/2019/0xxx/CVE-2019-0807.json index 3de3666f8dd..cb7c19c7b3e 100644 --- a/2019/0xxx/CVE-2019-0807.json +++ b/2019/0xxx/CVE-2019-0807.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0807", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0807", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0818.json b/2019/0xxx/CVE-2019-0818.json index b36f3d56bb4..2492b1abb9d 100644 --- a/2019/0xxx/CVE-2019-0818.json +++ b/2019/0xxx/CVE-2019-0818.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0818", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0818", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0832.json b/2019/0xxx/CVE-2019-0832.json index e55de492f19..c73820713a8 100644 --- a/2019/0xxx/CVE-2019-0832.json +++ b/2019/0xxx/CVE-2019-0832.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0832", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0832", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0834.json b/2019/0xxx/CVE-2019-0834.json index 381bfb4e6b5..f99144ea0aa 100644 --- a/2019/0xxx/CVE-2019-0834.json +++ b/2019/0xxx/CVE-2019-0834.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0834", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0834", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0843.json b/2019/0xxx/CVE-2019-0843.json index 8bd83760f8f..c90e5f19b96 100644 --- a/2019/0xxx/CVE-2019-0843.json +++ b/2019/0xxx/CVE-2019-0843.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0843", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0843", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0850.json b/2019/0xxx/CVE-2019-0850.json index 2a9cc95e694..f225842ee46 100644 --- a/2019/0xxx/CVE-2019-0850.json +++ b/2019/0xxx/CVE-2019-0850.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0850", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0850", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0852.json b/2019/0xxx/CVE-2019-0852.json index 57d796bfeaa..ac653bfd080 100644 --- a/2019/0xxx/CVE-2019-0852.json +++ b/2019/0xxx/CVE-2019-0852.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0852", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0852", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0854.json b/2019/0xxx/CVE-2019-0854.json index e80c25dc345..a0226cc601a 100644 --- a/2019/0xxx/CVE-2019-0854.json +++ b/2019/0xxx/CVE-2019-0854.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0854", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0854", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0855.json b/2019/0xxx/CVE-2019-0855.json index d0096942236..22e646500db 100644 --- a/2019/0xxx/CVE-2019-0855.json +++ b/2019/0xxx/CVE-2019-0855.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0855", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0855", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0873.json b/2019/0xxx/CVE-2019-0873.json index 13ff3298ba7..4ff0ac5d00e 100644 --- a/2019/0xxx/CVE-2019-0873.json +++ b/2019/0xxx/CVE-2019-0873.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0873", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0873", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0878.json b/2019/0xxx/CVE-2019-0878.json index 76e06b4bdd9..885765ca160 100644 --- a/2019/0xxx/CVE-2019-0878.json +++ b/2019/0xxx/CVE-2019-0878.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0878", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0878", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0883.json b/2019/0xxx/CVE-2019-0883.json index cb852ab7fa2..d5891f47cef 100644 --- a/2019/0xxx/CVE-2019-0883.json +++ b/2019/0xxx/CVE-2019-0883.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0883", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0883", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0910.json b/2019/0xxx/CVE-2019-0910.json index 062429de532..1568787c8a7 100644 --- a/2019/0xxx/CVE-2019-0910.json +++ b/2019/0xxx/CVE-2019-0910.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0910", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0910", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0919.json b/2019/0xxx/CVE-2019-0919.json index f5df7f419e6..a112856b113 100644 --- a/2019/0xxx/CVE-2019-0919.json +++ b/2019/0xxx/CVE-2019-0919.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0919", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0919", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0934.json b/2019/0xxx/CVE-2019-0934.json index b23510f1907..9ba7d4f7f10 100644 --- a/2019/0xxx/CVE-2019-0934.json +++ b/2019/0xxx/CVE-2019-0934.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0934", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0934", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0935.json b/2019/0xxx/CVE-2019-0935.json index 25078ea8e16..d89aa13a7e6 100644 --- a/2019/0xxx/CVE-2019-0935.json +++ b/2019/0xxx/CVE-2019-0935.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0935", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0935", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0939.json b/2019/0xxx/CVE-2019-0939.json index e7681237ab5..729b07bf86a 100644 --- a/2019/0xxx/CVE-2019-0939.json +++ b/2019/0xxx/CVE-2019-0939.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0939", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0939", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0944.json b/2019/0xxx/CVE-2019-0944.json index da19dab52f4..e540eb88df5 100644 --- a/2019/0xxx/CVE-2019-0944.json +++ b/2019/0xxx/CVE-2019-0944.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0944", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0944", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0954.json b/2019/0xxx/CVE-2019-0954.json index 765da0c10de..a97ce042069 100644 --- a/2019/0xxx/CVE-2019-0954.json +++ b/2019/0xxx/CVE-2019-0954.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0954", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0954", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0955.json b/2019/0xxx/CVE-2019-0955.json index a420b81da2f..dcfc2d70364 100644 --- a/2019/0xxx/CVE-2019-0955.json +++ b/2019/0xxx/CVE-2019-0955.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0955", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0955", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0964.json b/2019/0xxx/CVE-2019-0964.json index b979888d862..4c56d5da441 100644 --- a/2019/0xxx/CVE-2019-0964.json +++ b/2019/0xxx/CVE-2019-0964.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0964", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0964", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0967.json b/2019/0xxx/CVE-2019-0967.json index 83c6f3e3f58..c7d90de902e 100644 --- a/2019/0xxx/CVE-2019-0967.json +++ b/2019/0xxx/CVE-2019-0967.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0967", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0967", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0969.json b/2019/0xxx/CVE-2019-0969.json index a836b22297d..4ff1c20cfef 100644 --- a/2019/0xxx/CVE-2019-0969.json +++ b/2019/0xxx/CVE-2019-0969.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0969", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0969", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0970.json b/2019/0xxx/CVE-2019-0970.json index c025f86a649..cbabec26115 100644 --- a/2019/0xxx/CVE-2019-0970.json +++ b/2019/0xxx/CVE-2019-0970.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0970", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0970", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0978.json b/2019/0xxx/CVE-2019-0978.json index 5525df0b515..5a15fd2849a 100644 --- a/2019/0xxx/CVE-2019-0978.json +++ b/2019/0xxx/CVE-2019-0978.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0978", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0978", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0987.json b/2019/0xxx/CVE-2019-0987.json index 296551c8449..571548f78a3 100644 --- a/2019/0xxx/CVE-2019-0987.json +++ b/2019/0xxx/CVE-2019-0987.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0987", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0987", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0994.json b/2019/0xxx/CVE-2019-0994.json index d42fa8d27c4..d4a2fbb4ee0 100644 --- a/2019/0xxx/CVE-2019-0994.json +++ b/2019/0xxx/CVE-2019-0994.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0994", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0994", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0997.json b/2019/0xxx/CVE-2019-0997.json index 341bb9283ba..2372fabc7e3 100644 --- a/2019/0xxx/CVE-2019-0997.json +++ b/2019/0xxx/CVE-2019-0997.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0997", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0997", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1020.json b/2019/1xxx/CVE-2019-1020.json index 15bd1260df5..ac92440c8be 100644 --- a/2019/1xxx/CVE-2019-1020.json +++ b/2019/1xxx/CVE-2019-1020.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1020", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1020", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1042.json b/2019/1xxx/CVE-2019-1042.json index 5a9ed8f12dc..342b939bd08 100644 --- a/2019/1xxx/CVE-2019-1042.json +++ b/2019/1xxx/CVE-2019-1042.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1042", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1042", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1058.json b/2019/1xxx/CVE-2019-1058.json index d2441e9850c..8da07ff211f 100644 --- a/2019/1xxx/CVE-2019-1058.json +++ b/2019/1xxx/CVE-2019-1058.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1058", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1058", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1061.json b/2019/1xxx/CVE-2019-1061.json index f1f81356f23..4f76f6c663d 100644 --- a/2019/1xxx/CVE-2019-1061.json +++ b/2019/1xxx/CVE-2019-1061.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1061", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1061", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1066.json b/2019/1xxx/CVE-2019-1066.json index 86a79717d34..bb03652aee6 100644 --- a/2019/1xxx/CVE-2019-1066.json +++ b/2019/1xxx/CVE-2019-1066.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1066", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1066", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1114.json b/2019/1xxx/CVE-2019-1114.json index 1b0a3989ad9..6b2b898968e 100644 --- a/2019/1xxx/CVE-2019-1114.json +++ b/2019/1xxx/CVE-2019-1114.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1114", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1114", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1115.json b/2019/1xxx/CVE-2019-1115.json index d9205ec0a09..63fb53bbb5a 100644 --- a/2019/1xxx/CVE-2019-1115.json +++ b/2019/1xxx/CVE-2019-1115.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1115", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1115", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1135.json b/2019/1xxx/CVE-2019-1135.json index f98ba370751..8c8cba476f3 100644 --- a/2019/1xxx/CVE-2019-1135.json +++ b/2019/1xxx/CVE-2019-1135.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1135", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1135", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1160.json b/2019/1xxx/CVE-2019-1160.json index 3a796a6ab14..269240c006e 100644 --- a/2019/1xxx/CVE-2019-1160.json +++ b/2019/1xxx/CVE-2019-1160.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1160", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1160", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1165.json b/2019/1xxx/CVE-2019-1165.json index 4298e28790c..b92effdbce8 100644 --- a/2019/1xxx/CVE-2019-1165.json +++ b/2019/1xxx/CVE-2019-1165.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1165", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1165", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1189.json b/2019/1xxx/CVE-2019-1189.json index fca23a09011..9eec7da4bf6 100644 --- a/2019/1xxx/CVE-2019-1189.json +++ b/2019/1xxx/CVE-2019-1189.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1189", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1189", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1191.json b/2019/1xxx/CVE-2019-1191.json index def0cd9f7d7..5c73b112585 100644 --- a/2019/1xxx/CVE-2019-1191.json +++ b/2019/1xxx/CVE-2019-1191.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1191", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1191", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1207.json b/2019/1xxx/CVE-2019-1207.json index fe63a4eadcd..cfea80f4946 100644 --- a/2019/1xxx/CVE-2019-1207.json +++ b/2019/1xxx/CVE-2019-1207.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1207", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1207", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1210.json b/2019/1xxx/CVE-2019-1210.json index 44bd8465e5a..730a2194e79 100644 --- a/2019/1xxx/CVE-2019-1210.json +++ b/2019/1xxx/CVE-2019-1210.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1210", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1210", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1275.json b/2019/1xxx/CVE-2019-1275.json index bb7261614a0..f8507b1bba8 100644 --- a/2019/1xxx/CVE-2019-1275.json +++ b/2019/1xxx/CVE-2019-1275.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1275", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1275", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2020/5xxx/CVE-2020-5226.json b/2020/5xxx/CVE-2020-5226.json index c1446fd2be0..d2f1c81ddb7 100644 --- a/2020/5xxx/CVE-2020-5226.json +++ b/2020/5xxx/CVE-2020-5226.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Cross-site scripting in SimpleSAMLphp before version 1.18.4.\n\nThe www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\\Utils\\EMail class was introduced to handle sending emails, implemented as a wrapper of an external dependency.\n\nThis new wrapper allows us to use Twig templates in order to create the email sent with an error report. Since Twig provides automatic escaping of variables, manual escaping of the free-text field in www/errorreport.php was removed to avoid double escaping. However, for those not using the new user interface yet, an email template is hardcoded into the class itself in plain PHP. Since no escaping is provided in this template, it is then possible to inject HTML inside the template by manually crafting the contents of the free-text field." + "value": "Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\\Utils\\EMail class was introduced to handle sending emails, implemented as a wrapper of an external dependency. This new wrapper allows us to use Twig templates in order to create the email sent with an error report. Since Twig provides automatic escaping of variables, manual escaping of the free-text field in www/errorreport.php was removed to avoid double escaping. However, for those not using the new user interface yet, an email template is hardcoded into the class itself in plain PHP. Since no escaping is provided in this template, it is then possible to inject HTML inside the template by manually crafting the contents of the free-text field." } ] }, @@ -85,4 +85,4 @@ "advisory": "GHSA-mj9p-v2r8-wf8w", "discovery": "UNKNOWN" } -} +} \ No newline at end of file From 9670e99bc0d22e444aaa87e06eec990f194a652a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 25 Jan 2020 00:01:28 +0000 Subject: [PATCH 280/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7966.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7967.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7968.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7969.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7970.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7971.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7972.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7973.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7974.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7975.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7976.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7977.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7978.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7979.json | 18 ++++++++++++++++++ 14 files changed, 252 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7966.json create mode 100644 2020/7xxx/CVE-2020-7967.json create mode 100644 2020/7xxx/CVE-2020-7968.json create mode 100644 2020/7xxx/CVE-2020-7969.json create mode 100644 2020/7xxx/CVE-2020-7970.json create mode 100644 2020/7xxx/CVE-2020-7971.json create mode 100644 2020/7xxx/CVE-2020-7972.json create mode 100644 2020/7xxx/CVE-2020-7973.json create mode 100644 2020/7xxx/CVE-2020-7974.json create mode 100644 2020/7xxx/CVE-2020-7975.json create mode 100644 2020/7xxx/CVE-2020-7976.json create mode 100644 2020/7xxx/CVE-2020-7977.json create mode 100644 2020/7xxx/CVE-2020-7978.json create mode 100644 2020/7xxx/CVE-2020-7979.json diff --git a/2020/7xxx/CVE-2020-7966.json b/2020/7xxx/CVE-2020-7966.json new file mode 100644 index 00000000000..1fcec07d40b --- /dev/null +++ b/2020/7xxx/CVE-2020-7966.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7966", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7967.json b/2020/7xxx/CVE-2020-7967.json new file mode 100644 index 00000000000..c347aa6a9a2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7967.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7967", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7968.json b/2020/7xxx/CVE-2020-7968.json new file mode 100644 index 00000000000..cd53def4693 --- /dev/null +++ b/2020/7xxx/CVE-2020-7968.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7968", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7969.json b/2020/7xxx/CVE-2020-7969.json new file mode 100644 index 00000000000..7d0dcb61853 --- /dev/null +++ b/2020/7xxx/CVE-2020-7969.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7969", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7970.json b/2020/7xxx/CVE-2020-7970.json new file mode 100644 index 00000000000..1b03ef9a16a --- /dev/null +++ b/2020/7xxx/CVE-2020-7970.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7970", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7971.json b/2020/7xxx/CVE-2020-7971.json new file mode 100644 index 00000000000..ef43611e8b9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7971.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7971", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7972.json b/2020/7xxx/CVE-2020-7972.json new file mode 100644 index 00000000000..d135619f247 --- /dev/null +++ b/2020/7xxx/CVE-2020-7972.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7972", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7973.json b/2020/7xxx/CVE-2020-7973.json new file mode 100644 index 00000000000..ab133e86132 --- /dev/null +++ b/2020/7xxx/CVE-2020-7973.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7973", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7974.json b/2020/7xxx/CVE-2020-7974.json new file mode 100644 index 00000000000..0ce7d08bcee --- /dev/null +++ b/2020/7xxx/CVE-2020-7974.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7974", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7975.json b/2020/7xxx/CVE-2020-7975.json new file mode 100644 index 00000000000..fc08a86d412 --- /dev/null +++ b/2020/7xxx/CVE-2020-7975.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7975", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7976.json b/2020/7xxx/CVE-2020-7976.json new file mode 100644 index 00000000000..a2e74f981cb --- /dev/null +++ b/2020/7xxx/CVE-2020-7976.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7976", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7977.json b/2020/7xxx/CVE-2020-7977.json new file mode 100644 index 00000000000..8b278845071 --- /dev/null +++ b/2020/7xxx/CVE-2020-7977.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7977", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7978.json b/2020/7xxx/CVE-2020-7978.json new file mode 100644 index 00000000000..254b8bc4f7c --- /dev/null +++ b/2020/7xxx/CVE-2020-7978.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7978", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7979.json b/2020/7xxx/CVE-2020-7979.json new file mode 100644 index 00000000000..bf229470ac5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7979.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7979", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From d953d31802075b56cdd623018fce6477a42a92fa Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 25 Jan 2020 01:01:09 +0000 Subject: [PATCH 281/387] "-Synchronized-Data." --- 2019/0xxx/CVE-2019-0205.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/2019/0xxx/CVE-2019-0205.json b/2019/0xxx/CVE-2019-0205.json index 77a082a4008..0dcd307f60f 100644 --- a/2019/0xxx/CVE-2019-0205.json +++ b/2019/0xxx/CVE-2019-0205.json @@ -103,6 +103,16 @@ "refsource": "MLIST", "name": "[hive-issues] 20200116 [jira] [Updated] (HIVE-22738) CVE-2019-0205", "url": "https://lists.apache.org/thread.html/r73a3c8b80765e3d2430ff51f22b778d0c917919f01815b69ed16cf9d@%3Cissues.hive.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[thrift-dev] 20200124 [jira] [Commented] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", + "url": "https://lists.apache.org/thread.html/r0d08f5576286f4a042aabde13ecf58979644f6dc210f25aa9a4d469b@%3Cdev.thrift.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[thrift-dev] 20200124 [jira] [Created] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", + "url": "https://lists.apache.org/thread.html/rf359e5cc6a185494fc0cfe837fe82f7db2ef49242d35cbf3895aebce@%3Cdev.thrift.apache.org%3E" } ] }, From 6103c3471476d7d4773aa437c622a8baf10b4306 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 25 Jan 2020 09:01:07 +0000 Subject: [PATCH 282/387] "-Synchronized-Data." --- 2019/19xxx/CVE-2019-19746.json | 5 +++++ 2019/19xxx/CVE-2019-19797.json | 5 +++++ 2019/3xxx/CVE-2019-3992.json | 5 +++++ 2019/3xxx/CVE-2019-3993.json | 5 +++++ 2019/3xxx/CVE-2019-3994.json | 5 +++++ 2019/3xxx/CVE-2019-3995.json | 5 +++++ 2019/3xxx/CVE-2019-3996.json | 5 +++++ 2020/5xxx/CVE-2020-5395.json | 5 +++++ 8 files changed, 40 insertions(+) diff --git a/2019/19xxx/CVE-2019-19746.json b/2019/19xxx/CVE-2019-19746.json index 91b7f73c9b8..cca12c3f03c 100644 --- a/2019/19xxx/CVE-2019-19746.json +++ b/2019/19xxx/CVE-2019-19746.json @@ -61,6 +61,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-6a2824178e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ILJM2G6NM5MMBKTT5CH23TAI6DJGNW36/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-5d0f0593ae", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7XOY5NXUZ6JRBBPYA3CXWGRGQTSDVVG2/" } ] } diff --git a/2019/19xxx/CVE-2019-19797.json b/2019/19xxx/CVE-2019-19797.json index 17db1b52305..7e462f0d529 100644 --- a/2019/19xxx/CVE-2019-19797.json +++ b/2019/19xxx/CVE-2019-19797.json @@ -61,6 +61,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-6a2824178e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ILJM2G6NM5MMBKTT5CH23TAI6DJGNW36/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-5d0f0593ae", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7XOY5NXUZ6JRBBPYA3CXWGRGQTSDVVG2/" } ] } diff --git a/2019/3xxx/CVE-2019-3992.json b/2019/3xxx/CVE-2019-3992.json index 705b578bba6..4085fcff362 100644 --- a/2019/3xxx/CVE-2019-3992.json +++ b/2019/3xxx/CVE-2019-3992.json @@ -53,6 +53,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-9f8bc040c8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-f49fe7f011", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4IAS4HI24H2ERKBZTDEVJ3LEQEFWYSCT/" } ] }, diff --git a/2019/3xxx/CVE-2019-3993.json b/2019/3xxx/CVE-2019-3993.json index adfbc8fbec9..94927cd54ed 100644 --- a/2019/3xxx/CVE-2019-3993.json +++ b/2019/3xxx/CVE-2019-3993.json @@ -53,6 +53,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-9f8bc040c8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-f49fe7f011", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4IAS4HI24H2ERKBZTDEVJ3LEQEFWYSCT/" } ] }, diff --git a/2019/3xxx/CVE-2019-3994.json b/2019/3xxx/CVE-2019-3994.json index 4978cb3adde..ec10cac4e61 100644 --- a/2019/3xxx/CVE-2019-3994.json +++ b/2019/3xxx/CVE-2019-3994.json @@ -53,6 +53,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-9f8bc040c8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-f49fe7f011", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4IAS4HI24H2ERKBZTDEVJ3LEQEFWYSCT/" } ] }, diff --git a/2019/3xxx/CVE-2019-3995.json b/2019/3xxx/CVE-2019-3995.json index 1f515e355ec..1879f62a3f9 100644 --- a/2019/3xxx/CVE-2019-3995.json +++ b/2019/3xxx/CVE-2019-3995.json @@ -53,6 +53,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-9f8bc040c8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-f49fe7f011", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4IAS4HI24H2ERKBZTDEVJ3LEQEFWYSCT/" } ] }, diff --git a/2019/3xxx/CVE-2019-3996.json b/2019/3xxx/CVE-2019-3996.json index a35085451d6..65166f9faab 100644 --- a/2019/3xxx/CVE-2019-3996.json +++ b/2019/3xxx/CVE-2019-3996.json @@ -53,6 +53,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-9f8bc040c8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-f49fe7f011", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4IAS4HI24H2ERKBZTDEVJ3LEQEFWYSCT/" } ] }, diff --git a/2020/5xxx/CVE-2020-5395.json b/2020/5xxx/CVE-2020-5395.json index b2d7af2149f..340ae313b86 100644 --- a/2020/5xxx/CVE-2020-5395.json +++ b/2020/5xxx/CVE-2020-5395.json @@ -61,6 +61,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0089", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00041.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-229ad63391", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S75EAVF4KPCH3WFBMZADUAU7EAXA7ZQ/" } ] } From ee92f797c432493321ce1ff9fb8969cd73690900 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 25 Jan 2020 11:01:05 +0000 Subject: [PATCH 283/387] "-Synchronized-Data." --- 2019/0xxx/CVE-2019-0205.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/2019/0xxx/CVE-2019-0205.json b/2019/0xxx/CVE-2019-0205.json index 0dcd307f60f..730a0bea275 100644 --- a/2019/0xxx/CVE-2019-0205.json +++ b/2019/0xxx/CVE-2019-0205.json @@ -113,6 +113,16 @@ "refsource": "MLIST", "name": "[thrift-dev] 20200124 [jira] [Created] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", "url": "https://lists.apache.org/thread.html/rf359e5cc6a185494fc0cfe837fe82f7db2ef49242d35cbf3895aebce@%3Cdev.thrift.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[thrift-dev] 20200125 [jira] [Comment Edited] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", + "url": "https://lists.apache.org/thread.html/r228ac842260c2c516af7b09f3cf4cf76e5b9c002e359954a203ab5a5@%3Cdev.thrift.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[thrift-dev] 20200125 [jira] [Commented] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", + "url": "https://lists.apache.org/thread.html/r4633082b834eebccd0d322697651d931ab10ca9c51ee7ef18e1f60f4@%3Cdev.thrift.apache.org%3E" } ] }, From a6d04acb33dbe1e1c00794e7950f03cceab67e72 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 25 Jan 2020 18:01:06 +0000 Subject: [PATCH 284/387] "-Synchronized-Data." --- 2019/5xxx/CVE-2019-5124.json | 58 +++++++++++++++++++++++++++++++----- 2019/5xxx/CVE-2019-5146.json | 58 +++++++++++++++++++++++++++++++----- 2019/5xxx/CVE-2019-5147.json | 58 +++++++++++++++++++++++++++++++----- 2019/5xxx/CVE-2019-5183.json | 58 +++++++++++++++++++++++++++++++----- 4 files changed, 204 insertions(+), 28 deletions(-) diff --git a/2019/5xxx/CVE-2019-5124.json b/2019/5xxx/CVE-2019-5124.json index 2ff6d1ca14a..2a356f0607f 100644 --- a/2019/5xxx/CVE-2019-5124.json +++ b/2019/5xxx/CVE-2019-5124.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5124", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5124", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "AMD", + "version": { + "version_data": [ + { + "version_value": "AMD ATIDXX64.DLL (26.20.13001.50005) running on Radeon RX 550 / 550 Series VMware Workstation 15 (15.1.0 build-13591040) with Windows 10 x64 as guestVM" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0913", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0913" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host." } ] } diff --git a/2019/5xxx/CVE-2019-5146.json b/2019/5xxx/CVE-2019-5146.json index 55f5f520a9c..7cf49758115 100644 --- a/2019/5xxx/CVE-2019-5146.json +++ b/2019/5xxx/CVE-2019-5146.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5146", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5146", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "AMD", + "version": { + "version_data": [ + { + "version_value": "AMD ATIDXX64.DLL (26.20.13025.10004) running on Radeon RX 550 / 550 Series VMware Workstation 15 (15.5.0 build-14665864) with Windows 10 x64 as guestVM" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0937", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0937" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host." } ] } diff --git a/2019/5xxx/CVE-2019-5147.json b/2019/5xxx/CVE-2019-5147.json index c17a50a5cb1..e82ea9dffcb 100644 --- a/2019/5xxx/CVE-2019-5147.json +++ b/2019/5xxx/CVE-2019-5147.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5147", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5147", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "AMD", + "version": { + "version_data": [ + { + "version_value": "AMD ATIDXX64.DLL (26.20.13003.1007) running on Radeon RX 550 / 550 Series VMware Workstation 15 (15.5.0 build-14665864) with Windows 10 x64 as guestVM" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out of bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0936", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0936" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host." } ] } diff --git a/2019/5xxx/CVE-2019-5183.json b/2019/5xxx/CVE-2019-5183.json index 23dab81312e..79b7040a1dc 100644 --- a/2019/5xxx/CVE-2019-5183.json +++ b/2019/5xxx/CVE-2019-5183.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5183", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5183", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "AMD", + "version": { + "version_data": [ + { + "version_value": "AMD ATIDXX64.DLL (26.20.13031.10003, 26.20.13031.15006, 26.20.13031.18002) running on Radeon RX 550 / 550 Series VMware Workstation 15 (15.5.0 build-14665864) with Windows 10 x64 as guestVM" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "type confusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0964", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0964" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host." } ] } From 464f5d554ee8639f6de169d0b849df4049e3e94e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 25 Jan 2020 19:01:11 +0000 Subject: [PATCH 285/387] "-Synchronized-Data." --- 2012/6xxx/CVE-2012-6344.json | 48 ++++++++++++++++++++++++-- 2012/6xxx/CVE-2012-6345.json | 48 ++++++++++++++++++++++++-- 2012/6xxx/CVE-2012-6494.json | 53 +++++++++++++++++++++++++++-- 2012/6xxx/CVE-2012-6613.json | 48 ++++++++++++++++++++++++-- 2013/1xxx/CVE-2013-1744.json | 48 ++++++++++++++++++++++++-- 2014/0xxx/CVE-2014-0160.json | 5 +++ 2015/9xxx/CVE-2015-9275.json | 5 +++ 2019/0xxx/CVE-2019-0141.json | 14 ++++---- 2019/14xxx/CVE-2019-14889.json | 5 +++ 2019/19xxx/CVE-2019-19363.json | 5 +++ 2020/7xxx/CVE-2020-7596.json | 50 +++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7980.json | 62 ++++++++++++++++++++++++++++++++++ 12 files changed, 371 insertions(+), 20 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7980.json diff --git a/2012/6xxx/CVE-2012-6344.json b/2012/6xxx/CVE-2012-6344.json index 25a34530fdb..434a270f20a 100644 --- a/2012/6xxx/CVE-2012-6344.json +++ b/2012/6xxx/CVE-2012-6344.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6344", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Novell ZENworks Configuration Management before 11.2.4 allows XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.microfocus.com/kb/doc.php?id=7012761", + "refsource": "MISC", + "name": "https://support.microfocus.com/kb/doc.php?id=7012761" } ] } diff --git a/2012/6xxx/CVE-2012-6345.json b/2012/6xxx/CVE-2012-6345.json index 3c8900a82ef..e1650a367ae 100644 --- a/2012/6xxx/CVE-2012-6345.json +++ b/2012/6xxx/CVE-2012-6345.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6345", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.microfocus.com/kb/doc.php?id=7012763", + "refsource": "MISC", + "name": "https://support.microfocus.com/kb/doc.php?id=7012763" } ] } diff --git a/2012/6xxx/CVE-2012-6494.json b/2012/6xxx/CVE-2012-6494.json index e9a0afcb7b6..999bc88d18a 100644 --- a/2012/6xxx/CVE-2012-6494.json +++ b/2012/6xxx/CVE-2012-6494.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6494", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user's session and gain unauthorized access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "57150", + "url": "http://www.securityfocus.com/bid/57150" + }, + { + "refsource": "XF", + "name": "80982", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80982" } ] } diff --git a/2012/6xxx/CVE-2012-6613.json b/2012/6xxx/CVE-2012-6613.json index b695c49dbb7..b61c14efa81 100644 --- a/2012/6xxx/CVE-2012-6613.json +++ b/2012/6xxx/CVE-2012-6613.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6613", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "EXPLOIT-DB", + "name": "22930", + "url": "http://www.exploit-db.com/exploits/22930/" } ] } diff --git a/2013/1xxx/CVE-2013-1744.json b/2013/1xxx/CVE-2013-1744.json index cda41c98b72..cc351c48a65 100644 --- a/2013/1xxx/CVE-2013-1744.json +++ b/2013/1xxx/CVE-2013-1744.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1744", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://infosecabsurdity.wordpress.com/research/isa-2013-002/", + "refsource": "MISC", + "name": "http://infosecabsurdity.wordpress.com/research/isa-2013-002/" } ] } diff --git a/2014/0xxx/CVE-2014-0160.json b/2014/0xxx/CVE-2014-0160.json index 87f3abd1438..aeac3a9bbb1 100644 --- a/2014/0xxx/CVE-2014-0160.json +++ b/2014/0xxx/CVE-2014-0160.json @@ -671,6 +671,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html", + "url": "https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html" } ] } diff --git a/2015/9xxx/CVE-2015-9275.json b/2015/9xxx/CVE-2015-9275.json index e354b93b28d..09479833570 100644 --- a/2015/9xxx/CVE-2015-9275.json +++ b/2015/9xxx/CVE-2015-9275.json @@ -61,6 +61,11 @@ "name": "https://bugs.debian.org/774527", "refsource": "MISC", "url": "https://bugs.debian.org/774527" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0103", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00048.html" } ] } diff --git a/2019/0xxx/CVE-2019-0141.json b/2019/0xxx/CVE-2019-0141.json index e361d2aafe8..353f9106aaa 100644 --- a/2019/0xxx/CVE-2019-0141.json +++ b/2019/0xxx/CVE-2019-0141.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0141", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0141", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2019/14xxx/CVE-2019-14889.json b/2019/14xxx/CVE-2019-14889.json index 0229b901361..58d4f553756 100644 --- a/2019/14xxx/CVE-2019-14889.json +++ b/2019/14xxx/CVE-2019-14889.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-46b6bd2459", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EV2ONSPDJCTDVORCB4UGRQUZQQ46JHRN/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0102", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00047.html" } ] }, diff --git a/2019/19xxx/CVE-2019-19363.json b/2019/19xxx/CVE-2019-19363.json index 7ed3c6962f9..0307de6786b 100644 --- a/2019/19xxx/CVE-2019-19363.json +++ b/2019/19xxx/CVE-2019-19363.json @@ -61,6 +61,11 @@ "refsource": "FULLDISC", "name": "20200124 CVE-2019-19363 - Local Privilege Escalation in many Ricoh Printer Drivers for Windows", "url": "http://seclists.org/fulldisclosure/2020/Jan/34" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html" } ] } diff --git a/2020/7xxx/CVE-2020-7596.json b/2020/7xxx/CVE-2020-7596.json index 26fed58a431..45951919da0 100644 --- a/2020/7xxx/CVE-2020-7596.json +++ b/2020/7xxx/CVE-2020-7596.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7596", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "codecov npm module", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 3.6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-CODECOV-543183", + "url": "https://snyk.io/vuln/SNYK-JS-CODECOV-543183" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the \"gcov-args\" argument." } ] } diff --git a/2020/7xxx/CVE-2020-7980.json b/2020/7xxx/CVE-2020-7980.json new file mode 100644 index 00000000000..09a2b553665 --- /dev/null +++ b/2020/7xxx/CVE-2020-7980.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/intellian-aptus-web-rce-intellian.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/intellian-aptus-web-rce-intellian.html" + } + ] + } +} \ No newline at end of file From 715009208b7a3564a15b9b306034c4fba0c0d5fd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 25 Jan 2020 20:01:09 +0000 Subject: [PATCH 286/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7981.json | 67 ++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7981.json diff --git a/2020/7xxx/CVE-2020-7981.json b/2020/7xxx/CVE-2020-7981.json new file mode 100644 index 00000000000..f5c9538b58c --- /dev/null +++ b/2020/7xxx/CVE-2020-7981.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613", + "refsource": "MISC", + "name": "https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613" + }, + { + "url": "https://github.com/alexreisner/geocoder/compare/v1.6.0...v1.6.1", + "refsource": "MISC", + "name": "https://github.com/alexreisner/geocoder/compare/v1.6.0...v1.6.1" + } + ] + } +} \ No newline at end of file From 9b0ce82623646bef450ddd4038a52b115d153e7e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 26 Jan 2020 03:01:09 +0000 Subject: [PATCH 287/387] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17626.json | 5 +++++ 2019/20xxx/CVE-2019-20093.json | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/2019/17xxx/CVE-2019-17626.json b/2019/17xxx/CVE-2019-17626.json index 8bbf24fbf92..8002a799559 100644 --- a/2019/17xxx/CVE-2019-17626.json +++ b/2019/17xxx/CVE-2019-17626.json @@ -71,6 +71,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0195", "url": "https://access.redhat.com/errata/RHSA-2020:0195" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-d2fb999600", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZPHP2BJSTP4IYCSJRQINP763IHO6ASL/" } ] } diff --git a/2019/20xxx/CVE-2019-20093.json b/2019/20xxx/CVE-2019-20093.json index 74d53a287e8..27b1f3fcafd 100644 --- a/2019/20xxx/CVE-2019-20093.json +++ b/2019/20xxx/CVE-2019-20093.json @@ -56,6 +56,11 @@ "url": "https://sourceforge.net/p/podofo/tickets/75/", "refsource": "MISC", "name": "https://sourceforge.net/p/podofo/tickets/75/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-968a89619e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHFOCBZCF3GX7A6FWE3JM7P37TQWGINJ/" } ] } From ccf84057b4a0e56e2fa6df6dc7013f9930fc238a Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:23:32 +0000 Subject: [PATCH 288/387] Adding Cisco CVE-2019-12619 --- 2019/12xxx/CVE-2019-12619.json | 85 +++++++++++++++++++++++++++++++--- 1 file changed, 78 insertions(+), 7 deletions(-) diff --git a/2019/12xxx/CVE-2019-12619.json b/2019/12xxx/CVE-2019-12619.json index a1f78457391..dcd9de5a998 100644 --- a/2019/12xxx/CVE-2019-12619.json +++ b/2019/12xxx/CVE-2019-12619.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", "ID": "CVE-2019-12619", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco SD-WAN Solution SQL Injection Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco SD-WAN Solution ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data. " } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco SD-WAN Solution SQL Injection Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-sqlinj" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200122-sdwan-sqlinj", + "defect": [ + [ + "CSCvi01888", + "CSCvi56327", + "CSCvi59629" + ] + ], + "discovery": "INTERNAL" } -} \ No newline at end of file +} From e3de92a33ce1d0601f1de99f138e302d220b7b1b Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:23:47 +0000 Subject: [PATCH 289/387] Adding Cisco CVE-2019-12629 --- 2019/12xxx/CVE-2019-12629.json | 83 +++++++++++++++++++++++++++++++--- 1 file changed, 76 insertions(+), 7 deletions(-) diff --git a/2019/12xxx/CVE-2019-12629.json b/2019/12xxx/CVE-2019-12629.json index 4a83bc0eddd..ab5a73dc35e 100644 --- a/2019/12xxx/CVE-2019-12629.json +++ b/2019/12xxx/CVE-2019-12629.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", "ID": "CVE-2019-12629", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco SD-WAN vManage Command Injection Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco SD-WAN Solution ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. " } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco SD-WAN vManage Command Injection Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-cmd-inject" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200122-sdwan-cmd-inject", + "defect": [ + [ + "CSCvi70009" + ] + ], + "discovery": "INTERNAL" } -} \ No newline at end of file +} From 452f6b7533ede50f4489a48e5741aacfc7943ae5 Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:23:54 +0000 Subject: [PATCH 290/387] Adding Cisco CVE-2019-15989 --- 2019/15xxx/CVE-2019-15989.json | 87 ++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 2019/15xxx/CVE-2019-15989.json diff --git a/2019/15xxx/CVE-2019-15989.json b/2019/15xxx/CVE-2019-15989.json new file mode 100644 index 00000000000..176dc38943f --- /dev/null +++ b/2019/15xxx/CVE-2019-15989.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", + "ID": "CVE-2019-15989", + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XR Software Border Gateway Protocol Attribute Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR Software ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer. " + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.6", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco IOS XR Software Border Gateway Protocol Attribute Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-bgp-dos" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200122-ios-xr-bgp-dos", + "defect": [ + [ + "CSCvr69950" + ] + ], + "discovery": "INTERNAL" + } +} From ff6c33bb16995699bd3b2d0b98aef9c0693be2c0 Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:24:02 +0000 Subject: [PATCH 291/387] Adding Cisco CVE-2019-16018 --- 2019/16xxx/CVE-2019-16018.json | 87 ++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 2019/16xxx/CVE-2019-16018.json diff --git a/2019/16xxx/CVE-2019-16018.json b/2019/16xxx/CVE-2019-16018.json new file mode 100644 index 00000000000..c2d2862ea27 --- /dev/null +++ b/2019/16xxx/CVE-2019-16018.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", + "ID": "CVE-2019-16018", + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR Software ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes’ status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. " + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200122-ios-xr-routes", + "defect": [ + [ + "CSCvr74902" + ] + ], + "discovery": "INTERNAL" + } +} From ac261833b1edf7d54fda52f2792a8d603ce6ca55 Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:24:09 +0000 Subject: [PATCH 292/387] Adding Cisco CVE-2019-16020 --- 2019/16xxx/CVE-2019-16020.json | 91 ++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 2019/16xxx/CVE-2019-16020.json diff --git a/2019/16xxx/CVE-2019-16020.json b/2019/16xxx/CVE-2019-16020.json new file mode 100644 index 00000000000..e0d73e7389e --- /dev/null +++ b/2019/16xxx/CVE-2019-16020.json @@ -0,0 +1,91 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", + "ID": "CVE-2019-16020", + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR Software ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. " + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.6", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200122-ios-xr-evpn", + "defect": [ + [ + "CSCvr74413", + "CSCvr74986", + "CSCvr80793", + "CSCvr83742", + "CSCvr84254" + ] + ], + "discovery": "INTERNAL" + } +} From 1db8751b95a5ba28a2374bbb7647ae4fd4e97460 Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:24:16 +0000 Subject: [PATCH 293/387] Adding Cisco CVE-2019-16022 --- 2019/16xxx/CVE-2019-16022.json | 91 ++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 2019/16xxx/CVE-2019-16022.json diff --git a/2019/16xxx/CVE-2019-16022.json b/2019/16xxx/CVE-2019-16022.json new file mode 100644 index 00000000000..7a1c2c1d117 --- /dev/null +++ b/2019/16xxx/CVE-2019-16022.json @@ -0,0 +1,91 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", + "ID": "CVE-2019-16022", + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR Software ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. " + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.6", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200122-ios-xr-evpn", + "defect": [ + [ + "CSCvr74413", + "CSCvr74986", + "CSCvr80793", + "CSCvr83742", + "CSCvr84254" + ] + ], + "discovery": "INTERNAL" + } +} From 092b78374dbef84a497f65fedfa87bd06bb8c674 Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:24:24 +0000 Subject: [PATCH 294/387] Adding Cisco CVE-2019-16027 --- 2019/16xxx/CVE-2019-16027.json | 87 ++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 2019/16xxx/CVE-2019-16027.json diff --git a/2019/16xxx/CVE-2019-16027.json b/2019/16xxx/CVE-2019-16027.json new file mode 100644 index 00000000000..95600fd3453 --- /dev/null +++ b/2019/16xxx/CVE-2019-16027.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", + "ID": "CVE-2019-16027", + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XR Software Intermediate System\u2013to\u2013Intermediate System Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR Software ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS–IS process. The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS–IS process. An attacker could exploit this vulnerability by sending a crafted SNMP request to the affected device. A successful exploit could allow the attacker to cause a DoS condition in the IS–IS process. " + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco IOS XR Software Intermediate System\u2013to\u2013Intermediate System Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-dos" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200122-ios-xr-dos", + "defect": [ + [ + "CSCvr62342" + ] + ], + "discovery": "INTERNAL" + } +} From fdae32c055e655426c65660bdcdd196558e0ac38 Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:24:31 +0000 Subject: [PATCH 295/387] Adding Cisco CVE-2019-16029 --- 2019/16xxx/CVE-2019-16029.json | 88 ++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 2019/16xxx/CVE-2019-16029.json diff --git a/2019/16xxx/CVE-2019-16029.json b/2019/16xxx/CVE-2019-16029.json new file mode 100644 index 00000000000..6bdb7fa566a --- /dev/null +++ b/2019/16xxx/CVE-2019-16029.json @@ -0,0 +1,88 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", + "ID": "CVE-2019-16029", + "STATE": "PUBLIC", + "TITLE": "Cisco Smart Software Manager On-Prem Web Interface Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Smart Software Manager On-Prem ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. The vulnerability is due to the lack of input validation in the API. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to change or corrupt user account information which could grant the attacker administrator access or prevent legitimate user access to the web interface, resulting in a denial of service (DoS) condition. " + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco Smart Software Manager On-Prem Web Interface Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-on-prem-dos" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200122-on-prem-dos", + "defect": [ + [ + "CSCvr52711", + "CSCvr78992" + ] + ], + "discovery": "INTERNAL" + } +} From a402e2eff57219723f4651deae3dcadcf25f9697 Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:24:39 +0000 Subject: [PATCH 296/387] Adding Cisco CVE-2020-3115 --- 2020/3xxx/CVE-2020-3115.json | 83 +++++++++++++++++++++++++++++++++--- 1 file changed, 76 insertions(+), 7 deletions(-) diff --git a/2020/3xxx/CVE-2020-3115.json b/2020/3xxx/CVE-2020-3115.json index 338a546f687..4b3f83fdb40 100644 --- a/2020/3xxx/CVE-2020-3115.json +++ b/2020/3xxx/CVE-2020-3115.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", "ID": "CVE-2020-3115", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco SD-WAN Solution Local Privilege Escalation Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco SD-WAN Solution ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted file to the affected system. An exploit could allow the attacker to elevate privileges to root-level privileges. " } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.8", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco SD-WAN Solution Local Privilege Escalation Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-priv-esc" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200122-sdwan-priv-esc", + "defect": [ + [ + "CSCvr00305" + ] + ], + "discovery": "INTERNAL" } -} \ No newline at end of file +} From e90244f750ca21a32fdaf17b6bfcc012b56d9046 Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:24:46 +0000 Subject: [PATCH 297/387] Adding Cisco CVE-2020-3121 --- 2020/3xxx/CVE-2020-3121.json | 83 +++++++++++++++++++++++++++++++++--- 1 file changed, 76 insertions(+), 7 deletions(-) diff --git a/2020/3xxx/CVE-2020-3121.json b/2020/3xxx/CVE-2020-3121.json index 06a768e0750..7916388386a 100644 --- a/2020/3xxx/CVE-2020-3121.json +++ b/2020/3xxx/CVE-2020-3121.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", "ID": "CVE-2020-3121", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco 550X Series Stackable Managed Switches ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. " } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200122-sbsms-xss", + "defect": [ + [ + "CSCvs09313" + ] + ], + "discovery": "INTERNAL" } -} \ No newline at end of file +} From 24bb31de139c746d80d96170fb97443f407272be Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:24:53 +0000 Subject: [PATCH 298/387] Adding Cisco CVE-2020-3129 --- 2020/3xxx/CVE-2020-3129.json | 83 +++++++++++++++++++++++++++++++++--- 1 file changed, 76 insertions(+), 7 deletions(-) diff --git a/2020/3xxx/CVE-2020-3129.json b/2020/3xxx/CVE-2020-3129.json index d8df5362061..03f87c2f4a1 100644 --- a/2020/3xxx/CVE-2020-3129.json +++ b/2020/3xxx/CVE-2020-3129.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", "ID": "CVE-2020-3129", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Unity Connection Stored Cross-Site Scripting Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unity Connection ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing crafted data to a specific field within the interface. A successful exploit could allow the attacker to store an XSS attack within the interface. This stored XSS attack would then be executed on the system of any user viewing the attacker-supplied data element. " } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "4.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco Unity Connection Stored Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-uc-xss" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200122-uc-xss", + "defect": [ + [ + "CSCvq97490" + ] + ], + "discovery": "INTERNAL" } -} \ No newline at end of file +} From 005bb1b3791615ee0f917442a6746efb6360008b Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:25:01 +0000 Subject: [PATCH 299/387] Adding Cisco CVE-2020-3131 --- 2020/3xxx/CVE-2020-3131.json | 83 +++++++++++++++++++++++++++++++++--- 1 file changed, 76 insertions(+), 7 deletions(-) diff --git a/2020/3xxx/CVE-2020-3131.json b/2020/3xxx/CVE-2020-3131.json index 4768420e95f..29ae3ced197 100644 --- a/2020/3xxx/CVE-2020-3131.json +++ b/2020/3xxx/CVE-2020-3131.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", "ID": "CVE-2020-3131", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Webex Teams Adaptive Cards Denial of Service Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Webex Teams ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "[CVE-2020-3131_su] A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user's client to crash continuously. " } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "[CVE-2020-3131_ex] " + } + ], + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco Webex Teams Adaptive Cards Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cards-dos-FWzNcXPq" + } + ] + }, + "source": { + "advisory": "cisco-sa-webex-cards-dos-FWzNcXPq", + "defect": [ + [ + "CSCvs25793" + ] + ], + "discovery": "INTERNAL" } -} \ No newline at end of file +} From 68d0fccb186c46632b1f00a4724dfbeee0507781 Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:25:09 +0000 Subject: [PATCH 300/387] Adding Cisco CVE-2020-3134 --- 2020/3xxx/CVE-2020-3134.json | 83 +++++++++++++++++++++++++++++++++--- 1 file changed, 76 insertions(+), 7 deletions(-) diff --git a/2020/3xxx/CVE-2020-3134.json b/2020/3xxx/CVE-2020-3134.json index b036f4b5548..dce220c07be 100644 --- a/2020/3xxx/CVE-2020-3134.json +++ b/2020/3xxx/CVE-2020-3134.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", "ID": "CVE-2020-3134", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Email Security Appliance (ESA) ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "[CVE-2020-3134_su] A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition. " } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "[CVE-2020-3134_ex] " + } + ], + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-87mBkc8n" + } + ] + }, + "source": { + "advisory": "cisco-sa-esa-dos-87mBkc8n", + "defect": [ + [ + "CSCvq65126" + ] + ], + "discovery": "INTERNAL" } -} \ No newline at end of file +} From 29f33993159304099b06251262a99b31c5551cdb Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:25:16 +0000 Subject: [PATCH 301/387] Adding Cisco CVE-2020-3136 --- 2020/3xxx/CVE-2020-3136.json | 83 +++++++++++++++++++++++++++++++++--- 1 file changed, 76 insertions(+), 7 deletions(-) diff --git a/2020/3xxx/CVE-2020-3136.json b/2020/3xxx/CVE-2020-3136.json index 5dcb3db3490..04b96e8fbfc 100644 --- a/2020/3xxx/CVE-2020-3136.json +++ b/2020/3xxx/CVE-2020-3136.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", "ID": "CVE-2020-3136", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Jabber Guest Cross-Site Scripting Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Jabber Guest ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "[CVE-2020-3136_su] A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. " } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "[CVE-2020-3136_ex] " + } + ], + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco Jabber Guest Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-guest-xss-6urXhkqv" + } + ] + }, + "source": { + "advisory": "cisco-sa-jabber-guest-xss-6urXhkqv", + "defect": [ + [ + "CSCvr48419" + ] + ], + "discovery": "INTERNAL" } -} \ No newline at end of file +} From 3aac0998ba8da16dd09320469dca540870e0b8e3 Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:25:24 +0000 Subject: [PATCH 302/387] Adding Cisco CVE-2020-3139 --- 2020/3xxx/CVE-2020-3139.json | 83 +++++++++++++++++++++++++++++++++--- 1 file changed, 76 insertions(+), 7 deletions(-) diff --git a/2020/3xxx/CVE-2020-3139.json b/2020/3xxx/CVE-2020-3139.json index b03f7ff4bc4..8efc783d720 100644 --- a/2020/3xxx/CVE-2020-3139.json +++ b/2020/3xxx/CVE-2020-3139.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", "ID": "CVE-2020-3139", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Application Policy Infrastructure Controller Out Of Band Management IP Tables Bypass Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Application Policy Infrastructure Controller (APIC) ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "[CVE-2020-3139_su] A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB management interface when, in fact, the packets should be dropped. The vulnerability is due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. An attacker could exploit this vulnerability by sending traffic to the OOB management interface on the targeted device. A successful exploit could allow the attacker to bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself. " } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "[CVE-2020-3139_ex] " + } + ], + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco Application Policy Infrastructure Controller Out Of Band Management IP Tables Bypass Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iptable-bypass-GxW88XjL" + } + ] + }, + "source": { + "advisory": "cisco-sa-iptable-bypass-GxW88XjL", + "defect": [ + [ + "CSCvs10135" + ] + ], + "discovery": "INTERNAL" } -} \ No newline at end of file +} From 39c9bca0e8df2e5f7c9b57135bb0f2a646c0d274 Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:36:33 +0000 Subject: [PATCH 303/387] Adding Cisco CVE-2019-16003 --- 2019/16xxx/CVE-2019-16003.json | 87 ++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 2019/16xxx/CVE-2019-16003.json diff --git a/2019/16xxx/CVE-2019-16003.json b/2019/16xxx/CVE-2019-16003.json new file mode 100644 index 00000000000..d6d67a34be7 --- /dev/null +++ b/2019/16xxx/CVE-2019-16003.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-08T16:00:00-0800", + "ID": "CVE-2019-16003", + "STATE": "PUBLIC", + "TITLE": "Cisco UCS Director Information Disclosure Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco UCS Director ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to download system log files from an affected device. The vulnerability is due to an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to download log files if they were previously generated by an administrator. " + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200108 Cisco UCS Director Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-ucs-dir-infodis" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200108-ucs-dir-infodis", + "defect": [ + [ + "CSCvr00602" + ] + ], + "discovery": "INTERNAL" + } +} From 5073cefd29707a227705d3c8f8934b41fb6495d9 Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:36:40 +0000 Subject: [PATCH 304/387] Adding Cisco CVE-2019-16005 --- 2019/16xxx/CVE-2019-16005.json | 87 ++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 2019/16xxx/CVE-2019-16005.json diff --git a/2019/16xxx/CVE-2019-16005.json b/2019/16xxx/CVE-2019-16005.json new file mode 100644 index 00000000000..c3379f37712 --- /dev/null +++ b/2019/16xxx/CVE-2019-16005.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-08T16:00:00-0800", + "ID": "CVE-2019-16005", + "STATE": "PUBLIC", + "TITLE": "Cisco Webex Video Mesh Node Command Injection Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Webex Video Mesh ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. The vulnerability is due to improper validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrative privileges and supplying crafted requests to the application. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges on a targeted node. " + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200108 Cisco Webex Video Mesh Node Command Injection Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-webex-video" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200108-webex-video", + "defect": [ + [ + "CSCvr35921" + ] + ], + "discovery": "INTERNAL" + } +} From 46344f7c6f556a9ebc97c57b91391a9be7ed5a17 Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:36:48 +0000 Subject: [PATCH 305/387] Adding Cisco CVE-2019-16008 --- 2019/16xxx/CVE-2019-16008.json | 87 ++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 2019/16xxx/CVE-2019-16008.json diff --git a/2019/16xxx/CVE-2019-16008.json b/2019/16xxx/CVE-2019-16008.json new file mode 100644 index 00000000000..90ce684c457 --- /dev/null +++ b/2019/16xxx/CVE-2019-16008.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-08T16:00:00-0800", + "ID": "CVE-2019-16008", + "STATE": "PUBLIC", + "TITLE": "Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IP Phone 7800 Series with Multiplatform Firmware ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based GUI of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. " + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200108 Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-iphone-xss" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200108-iphone-xss", + "defect": [ + [ + "CSCvq85331" + ] + ], + "discovery": "INTERNAL" + } +} From 4e02194c678ec4f9ccf9369873162b5b001f3d4a Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:36:56 +0000 Subject: [PATCH 306/387] Adding Cisco CVE-2019-16015 --- 2019/16xxx/CVE-2019-16015.json | 87 ++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 2019/16xxx/CVE-2019-16015.json diff --git a/2019/16xxx/CVE-2019-16015.json b/2019/16xxx/CVE-2019-16015.json new file mode 100644 index 00000000000..7cf742c71fc --- /dev/null +++ b/2019/16xxx/CVE-2019-16015.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-08T16:00:00-0800", + "ID": "CVE-2019-16015", + "STATE": "PUBLIC", + "TITLE": "Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Data Center Analytics Framework ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information on the affected system. " + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200108 Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-dcaf-xss" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200108-dcaf-xss", + "defect": [ + [ + "CSCvs23487" + ] + ], + "discovery": "INTERNAL" + } +} From 02bac77950ffaf3adfd9f7eb71042cc956796213 Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:37:04 +0000 Subject: [PATCH 307/387] Adding Cisco CVE-2019-16024 --- 2019/16xxx/CVE-2019-16024.json | 90 ++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 2019/16xxx/CVE-2019-16024.json diff --git a/2019/16xxx/CVE-2019-16024.json b/2019/16xxx/CVE-2019-16024.json new file mode 100644 index 00000000000..d5ef78727d6 --- /dev/null +++ b/2019/16xxx/CVE-2019-16024.json @@ -0,0 +1,90 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-08T16:00:00-0800", + "ID": "CVE-2019-16024", + "STATE": "PUBLIC", + "TITLE": "Cisco Crosswork Change Automation Cross-Site Scripting Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Crosswork Network Change Automation ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. " + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200108 Cisco Crosswork Change Automation Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-cnca-xss" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200108-cnca-xss", + "defect": [ + [ + "CSCvr04270", + "CSCvr04277", + "CSCvs07146", + "CSCvs37930" + ] + ], + "discovery": "INTERNAL" + } +} From bc043f42ef01d7f8417255802cc336174900e6cd Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:37:11 +0000 Subject: [PATCH 308/387] Adding Cisco CVE-2019-16026 --- 2019/16xxx/CVE-2019-16026.json | 87 ++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 2019/16xxx/CVE-2019-16026.json diff --git a/2019/16xxx/CVE-2019-16026.json b/2019/16xxx/CVE-2019-16026.json new file mode 100644 index 00000000000..f0193977cf7 --- /dev/null +++ b/2019/16xxx/CVE-2019-16026.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-08T16:00:00-0800", + "ID": "CVE-2019-16026", + "STATE": "PUBLIC", + "TITLE": "Cisco Mobility Management Entity Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco ASR 5000 Series Software ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. The vulnerability is due to insufficient input validation of SCTP traffic. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position between the eNodeB and the MME and then sending a crafted SCTP message to the MME. A successful exploit would cause the MME to stop sending SCTP messages to the eNodeB, triggering a DoS condition. " + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.8", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200108 Cisco Mobility Management Entity Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-mme-dos" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200108-mme-dos", + "defect": [ + [ + "CSCvs01456" + ] + ], + "discovery": "INTERNAL" + } +} From 4074d82941234c3a5752633f9a5374e60dbc6b49 Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:44:08 +0000 Subject: [PATCH 309/387] Adding Cisco CVE-2019-15255 --- 2019/15xxx/CVE-2019-15255.json | 87 ++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 2019/15xxx/CVE-2019-15255.json diff --git a/2019/15xxx/CVE-2019-15255.json b/2019/15xxx/CVE-2019-15255.json new file mode 100644 index 00000000000..c0521644fcd --- /dev/null +++ b/2019/15xxx/CVE-2019-15255.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-08T16:00:00-0800", + "ID": "CVE-2019-15255", + "STATE": "PUBLIC", + "TITLE": "Cisco Identity Services Engine Authorization Bypass Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Identity Services Engine Software ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information. " + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200108 Cisco Identity Services Engine Authorization Bypass Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-ise-auth-bypass" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200108-ise-auth-bypass", + "defect": [ + [ + "CSCvq67348" + ] + ], + "discovery": "INTERNAL" + } +} From 3515508bfa8cae66164b7a36084ea92de14cd37d Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:45:31 +0000 Subject: [PATCH 310/387] Adding Cisco CVE-2019-15278 --- 2019/15xxx/CVE-2019-15278.json | 88 ++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 2019/15xxx/CVE-2019-15278.json diff --git a/2019/15xxx/CVE-2019-15278.json b/2019/15xxx/CVE-2019-15278.json new file mode 100644 index 00000000000..469ea8afd46 --- /dev/null +++ b/2019/15xxx/CVE-2019-15278.json @@ -0,0 +1,88 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-08T16:00:00-0800", + "ID": "CVE-2019-15278", + "STATE": "PUBLIC", + "TITLE": "Cisco Finesse Cross-Site Scripting Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Finesse ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information. " + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200108 Cisco Finesse Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-finesse-xss" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200108-finesse-xss", + "defect": [ + [ + "CSCvr19591", + "CSCvr33151" + ] + ], + "discovery": "INTERNAL" + } +} From 1e4eddd7713296014a77a3fe2374f9e1a73b5f48 Mon Sep 17 00:00:00 2001 From: santosomar Date: Sun, 26 Jan 2020 04:52:27 +0000 Subject: [PATCH 311/387] Adding Cisco CVE-2020-3142 --- 2020/3xxx/CVE-2020-3142.json | 83 +++++++++++++++++++++++++++++++++--- 1 file changed, 76 insertions(+), 7 deletions(-) diff --git a/2020/3xxx/CVE-2020-3142.json b/2020/3xxx/CVE-2020-3142.json index 221cc828373..61865014903 100644 --- a/2020/3xxx/CVE-2020-3142.json +++ b/2020/3xxx/CVE-2020-3142.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-24T16:00:00-0800", "ID": "CVE-2020-3142", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Webex Meetings Suite and Cisco Webex Meetings Online Unauthenticated Meeting Join Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Webex Meetings ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "[CVE-2020-3142_su] A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device’s web browser. The browser will then request to launch the device’s Webex mobile application. A successful exploit could allow the unauthorized attendee to join the password-protected meeting. The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee. Cisco has applied updates that address this vulnerability and no user action is required. " } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "[CVE-2020-3142_ex] " + } + ], + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200124 Cisco Webex Meetings Suite and Cisco Webex Meetings Online Unauthenticated Meeting Join Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200124-webex-unauthjoin" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200124-webex-unauthjoin", + "defect": [ + [ + "CSCvs69110" + ] + ], + "discovery": "INTERNAL" } -} \ No newline at end of file +} From 3b0ea2937dda2494d3a68058e7c086a9fa41c80e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 26 Jan 2020 05:01:17 +0000 Subject: [PATCH 312/387] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12619.json | 4 ++-- 2019/12xxx/CVE-2019-12629.json | 4 ++-- 2019/15xxx/CVE-2019-15255.json | 4 ++-- 2019/15xxx/CVE-2019-15278.json | 4 ++-- 2019/15xxx/CVE-2019-15989.json | 4 ++-- 2019/16xxx/CVE-2019-16003.json | 4 ++-- 2019/16xxx/CVE-2019-16005.json | 4 ++-- 2019/16xxx/CVE-2019-16008.json | 4 ++-- 2019/16xxx/CVE-2019-16015.json | 4 ++-- 2019/16xxx/CVE-2019-16018.json | 4 ++-- 2019/16xxx/CVE-2019-16020.json | 4 ++-- 2019/16xxx/CVE-2019-16022.json | 4 ++-- 2019/16xxx/CVE-2019-16024.json | 4 ++-- 2019/16xxx/CVE-2019-16026.json | 4 ++-- 2019/16xxx/CVE-2019-16027.json | 4 ++-- 2019/16xxx/CVE-2019-16029.json | 4 ++-- 2020/3xxx/CVE-2020-3115.json | 4 ++-- 2020/3xxx/CVE-2020-3121.json | 4 ++-- 2020/3xxx/CVE-2020-3129.json | 4 ++-- 2020/3xxx/CVE-2020-3131.json | 4 ++-- 2020/3xxx/CVE-2020-3134.json | 4 ++-- 2020/3xxx/CVE-2020-3136.json | 4 ++-- 2020/3xxx/CVE-2020-3139.json | 4 ++-- 2020/3xxx/CVE-2020-3142.json | 4 ++-- 24 files changed, 48 insertions(+), 48 deletions(-) diff --git a/2019/12xxx/CVE-2019-12619.json b/2019/12xxx/CVE-2019-12619.json index dcd9de5a998..e704aa0aec6 100644 --- a/2019/12xxx/CVE-2019-12619.json +++ b/2019/12xxx/CVE-2019-12619.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data. " + "value": "A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data." } ] }, @@ -86,4 +86,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12629.json b/2019/12xxx/CVE-2019-12629.json index ab5a73dc35e..8f0a0b43411 100644 --- a/2019/12xxx/CVE-2019-12629.json +++ b/2019/12xxx/CVE-2019-12629.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. " + "value": "A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15255.json b/2019/15xxx/CVE-2019-15255.json index c0521644fcd..f1a4988ea81 100644 --- a/2019/15xxx/CVE-2019-15255.json +++ b/2019/15xxx/CVE-2019-15255.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information. " + "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15278.json b/2019/15xxx/CVE-2019-15278.json index 469ea8afd46..f9b8dd2e28a 100644 --- a/2019/15xxx/CVE-2019-15278.json +++ b/2019/15xxx/CVE-2019-15278.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information. " + "value": "A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information." } ] }, @@ -85,4 +85,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15989.json b/2019/15xxx/CVE-2019-15989.json index 176dc38943f..bbf22beb0ca 100644 --- a/2019/15xxx/CVE-2019-15989.json +++ b/2019/15xxx/CVE-2019-15989.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer. " + "value": "A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16003.json b/2019/16xxx/CVE-2019-16003.json index d6d67a34be7..66f6534ae04 100644 --- a/2019/16xxx/CVE-2019-16003.json +++ b/2019/16xxx/CVE-2019-16003.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to download system log files from an affected device. The vulnerability is due to an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to download log files if they were previously generated by an administrator. " + "value": "A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to download system log files from an affected device. The vulnerability is due to an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to download log files if they were previously generated by an administrator." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16005.json b/2019/16xxx/CVE-2019-16005.json index c3379f37712..6759053436a 100644 --- a/2019/16xxx/CVE-2019-16005.json +++ b/2019/16xxx/CVE-2019-16005.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. The vulnerability is due to improper validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrative privileges and supplying crafted requests to the application. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges on a targeted node. " + "value": "A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. The vulnerability is due to improper validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrative privileges and supplying crafted requests to the application. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges on a targeted node." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16008.json b/2019/16xxx/CVE-2019-16008.json index 90ce684c457..7494017bb8e 100644 --- a/2019/16xxx/CVE-2019-16008.json +++ b/2019/16xxx/CVE-2019-16008.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based GUI of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. " + "value": "A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based GUI of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16015.json b/2019/16xxx/CVE-2019-16015.json index 7cf742c71fc..4f831806bbf 100644 --- a/2019/16xxx/CVE-2019-16015.json +++ b/2019/16xxx/CVE-2019-16015.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information on the affected system. " + "value": "A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information on the affected system." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16018.json b/2019/16xxx/CVE-2019-16018.json index c2d2862ea27..7f961b2c330 100644 --- a/2019/16xxx/CVE-2019-16018.json +++ b/2019/16xxx/CVE-2019-16018.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes’ status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. " + "value": "A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes’ status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16020.json b/2019/16xxx/CVE-2019-16020.json index e0d73e7389e..e0e955d68dc 100644 --- a/2019/16xxx/CVE-2019-16020.json +++ b/2019/16xxx/CVE-2019-16020.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. " + "value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer." } ] }, @@ -88,4 +88,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16022.json b/2019/16xxx/CVE-2019-16022.json index 7a1c2c1d117..eb6f29ae50b 100644 --- a/2019/16xxx/CVE-2019-16022.json +++ b/2019/16xxx/CVE-2019-16022.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. " + "value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer." } ] }, @@ -88,4 +88,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16024.json b/2019/16xxx/CVE-2019-16024.json index d5ef78727d6..4b7aa682bbc 100644 --- a/2019/16xxx/CVE-2019-16024.json +++ b/2019/16xxx/CVE-2019-16024.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. " + "value": "A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." } ] }, @@ -87,4 +87,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16026.json b/2019/16xxx/CVE-2019-16026.json index f0193977cf7..6fe13a89034 100644 --- a/2019/16xxx/CVE-2019-16026.json +++ b/2019/16xxx/CVE-2019-16026.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. The vulnerability is due to insufficient input validation of SCTP traffic. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position between the eNodeB and the MME and then sending a crafted SCTP message to the MME. A successful exploit would cause the MME to stop sending SCTP messages to the eNodeB, triggering a DoS condition. " + "value": "A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. The vulnerability is due to insufficient input validation of SCTP traffic. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position between the eNodeB and the MME and then sending a crafted SCTP message to the MME. A successful exploit would cause the MME to stop sending SCTP messages to the eNodeB, triggering a DoS condition." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16027.json b/2019/16xxx/CVE-2019-16027.json index 95600fd3453..e7165f6437a 100644 --- a/2019/16xxx/CVE-2019-16027.json +++ b/2019/16xxx/CVE-2019-16027.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS–IS process. The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS–IS process. An attacker could exploit this vulnerability by sending a crafted SNMP request to the affected device. A successful exploit could allow the attacker to cause a DoS condition in the IS–IS process. " + "value": "A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS–IS process. The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS–IS process. An attacker could exploit this vulnerability by sending a crafted SNMP request to the affected device. A successful exploit could allow the attacker to cause a DoS condition in the IS–IS process." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16029.json b/2019/16xxx/CVE-2019-16029.json index 6bdb7fa566a..434e6b3ce74 100644 --- a/2019/16xxx/CVE-2019-16029.json +++ b/2019/16xxx/CVE-2019-16029.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. The vulnerability is due to the lack of input validation in the API. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to change or corrupt user account information which could grant the attacker administrator access or prevent legitimate user access to the web interface, resulting in a denial of service (DoS) condition. " + "value": "A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. The vulnerability is due to the lack of input validation in the API. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to change or corrupt user account information which could grant the attacker administrator access or prevent legitimate user access to the web interface, resulting in a denial of service (DoS) condition." } ] }, @@ -85,4 +85,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3115.json b/2020/3xxx/CVE-2020-3115.json index 4b3f83fdb40..81b88078f92 100644 --- a/2020/3xxx/CVE-2020-3115.json +++ b/2020/3xxx/CVE-2020-3115.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted file to the affected system. An exploit could allow the attacker to elevate privileges to root-level privileges. " + "value": "A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted file to the affected system. An exploit could allow the attacker to elevate privileges to root-level privileges." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3121.json b/2020/3xxx/CVE-2020-3121.json index 7916388386a..e2d05cfe64b 100644 --- a/2020/3xxx/CVE-2020-3121.json +++ b/2020/3xxx/CVE-2020-3121.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. " + "value": "A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3129.json b/2020/3xxx/CVE-2020-3129.json index 03f87c2f4a1..c515e6fdaf5 100644 --- a/2020/3xxx/CVE-2020-3129.json +++ b/2020/3xxx/CVE-2020-3129.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing crafted data to a specific field within the interface. A successful exploit could allow the attacker to store an XSS attack within the interface. This stored XSS attack would then be executed on the system of any user viewing the attacker-supplied data element. " + "value": "A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing crafted data to a specific field within the interface. A successful exploit could allow the attacker to store an XSS attack within the interface. This stored XSS attack would then be executed on the system of any user viewing the attacker-supplied data element." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3131.json b/2020/3xxx/CVE-2020-3131.json index 29ae3ced197..b7385222380 100644 --- a/2020/3xxx/CVE-2020-3131.json +++ b/2020/3xxx/CVE-2020-3131.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "[CVE-2020-3131_su] A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user's client to crash continuously. " + "value": "[CVE-2020-3131_su] A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user's client to crash continuously." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3134.json b/2020/3xxx/CVE-2020-3134.json index dce220c07be..73c33275287 100644 --- a/2020/3xxx/CVE-2020-3134.json +++ b/2020/3xxx/CVE-2020-3134.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "[CVE-2020-3134_su] A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition. " + "value": "[CVE-2020-3134_su] A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3136.json b/2020/3xxx/CVE-2020-3136.json index 04b96e8fbfc..bb636ed921c 100644 --- a/2020/3xxx/CVE-2020-3136.json +++ b/2020/3xxx/CVE-2020-3136.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "[CVE-2020-3136_su] A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. " + "value": "[CVE-2020-3136_su] A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3139.json b/2020/3xxx/CVE-2020-3139.json index 8efc783d720..252f45d9640 100644 --- a/2020/3xxx/CVE-2020-3139.json +++ b/2020/3xxx/CVE-2020-3139.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "[CVE-2020-3139_su] A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB management interface when, in fact, the packets should be dropped. The vulnerability is due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. An attacker could exploit this vulnerability by sending traffic to the OOB management interface on the targeted device. A successful exploit could allow the attacker to bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself. " + "value": "[CVE-2020-3139_su] A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB management interface when, in fact, the packets should be dropped. The vulnerability is due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. An attacker could exploit this vulnerability by sending traffic to the OOB management interface on the targeted device. A successful exploit could allow the attacker to bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3142.json b/2020/3xxx/CVE-2020-3142.json index 61865014903..704f0b9a1cc 100644 --- a/2020/3xxx/CVE-2020-3142.json +++ b/2020/3xxx/CVE-2020-3142.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "[CVE-2020-3142_su] A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device’s web browser. The browser will then request to launch the device’s Webex mobile application. A successful exploit could allow the unauthorized attendee to join the password-protected meeting. The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee. Cisco has applied updates that address this vulnerability and no user action is required. " + "value": "[CVE-2020-3142_su] A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device’s web browser. The browser will then request to launch the device’s Webex mobile application. A successful exploit could allow the unauthorized attendee to join the password-protected meeting. The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee. Cisco has applied updates that address this vulnerability and no user action is required." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file From a77da58cf1b5271b2835745bf116471f5fffbee1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 26 Jan 2020 07:01:16 +0000 Subject: [PATCH 313/387] "-Synchronized-Data." --- 2019/2xxx/CVE-2019-2126.json | 5 +++++ 2019/9xxx/CVE-2019-9232.json | 5 +++++ 2019/9xxx/CVE-2019-9325.json | 5 +++++ 2019/9xxx/CVE-2019-9371.json | 5 +++++ 2019/9xxx/CVE-2019-9433.json | 5 +++++ 5 files changed, 25 insertions(+) diff --git a/2019/2xxx/CVE-2019-2126.json b/2019/2xxx/CVE-2019-2126.json index 4297cd2cddf..37082cef624 100644 --- a/2019/2xxx/CVE-2019-2126.json +++ b/2019/2xxx/CVE-2019-2126.json @@ -63,6 +63,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-6cd410d9e4", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0105", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9232.json b/2019/9xxx/CVE-2019-9232.json index 4e47f85a4ad..19c7e56a602 100644 --- a/2019/9xxx/CVE-2019-9232.json +++ b/2019/9xxx/CVE-2019-9232.json @@ -93,6 +93,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-6cd410d9e4", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0105", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9325.json b/2019/9xxx/CVE-2019-9325.json index 567edbaab93..757e4a1cb09 100644 --- a/2019/9xxx/CVE-2019-9325.json +++ b/2019/9xxx/CVE-2019-9325.json @@ -88,6 +88,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-6cd410d9e4", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0105", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9371.json b/2019/9xxx/CVE-2019-9371.json index 9b39366c0ff..1ef290ae958 100644 --- a/2019/9xxx/CVE-2019-9371.json +++ b/2019/9xxx/CVE-2019-9371.json @@ -88,6 +88,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-6cd410d9e4", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0105", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9433.json b/2019/9xxx/CVE-2019-9433.json index 3c6f37b5e18..4d4d378cd9e 100644 --- a/2019/9xxx/CVE-2019-9433.json +++ b/2019/9xxx/CVE-2019-9433.json @@ -93,6 +93,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-6cd410d9e4", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0105", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html" } ] }, From 9780ad50529f6a4f55465af56ea2bb6ddcf9690e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 26 Jan 2020 19:01:15 +0000 Subject: [PATCH 314/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7982.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7982.json diff --git a/2020/7xxx/CVE-2020-7982.json b/2020/7xxx/CVE-2020-7982.json new file mode 100644 index 00000000000..6a9a431e467 --- /dev/null +++ b/2020/7xxx/CVE-2020-7982.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7982", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From e97d5700fecc62a40f1da6f7b3b0465c32521548 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 26 Jan 2020 20:01:08 +0000 Subject: [PATCH 315/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7983.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7983.json diff --git a/2020/7xxx/CVE-2020-7983.json b/2020/7xxx/CVE-2020-7983.json new file mode 100644 index 00000000000..689bc1cbd90 --- /dev/null +++ b/2020/7xxx/CVE-2020-7983.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7983", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From eb1edf09f3c158d8d77326937e1c2a8e134cb51f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 26 Jan 2020 21:01:09 +0000 Subject: [PATCH 316/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7984.json | 97 ++++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7985.json | 18 +++++++ 2020/7xxx/CVE-2020-7986.json | 18 +++++++ 2020/7xxx/CVE-2020-7987.json | 18 +++++++ 4 files changed, 151 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7984.json create mode 100644 2020/7xxx/CVE-2020-7985.json create mode 100644 2020/7xxx/CVE-2020-7986.json create mode 100644 2020/7xxx/CVE-2020-7987.json diff --git a/2020/7xxx/CVE-2020-7984.json b/2020/7xxx/CVE-2020-7984.json new file mode 100644 index 00000000000..f190d69c8d5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7984.json @@ -0,0 +1,97 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.huntresslabs.com/validating-the-solarwinds-n-central-dumpster-diver-vulnerability-5e3a045982e5", + "refsource": "MISC", + "name": "https://blog.huntresslabs.com/validating-the-solarwinds-n-central-dumpster-diver-vulnerability-5e3a045982e5" + }, + { + "url": "https://www.crn.com/news/managed-services/solarwinds-rmm-tool-has-open-zero-day-exploit-huntress-labs", + "refsource": "MISC", + "name": "https://www.crn.com/news/managed-services/solarwinds-rmm-tool-has-open-zero-day-exploit-huntress-labs" + }, + { + "url": "https://success.solarwindsmsp.com/kb/solarwinds_n-central/How-to-Expunge-credentials-for-Customer-levels-of-SolarWinds-N-central", + "refsource": "MISC", + "name": "https://success.solarwindsmsp.com/kb/solarwinds_n-central/How-to-Expunge-credentials-for-Customer-levels-of-SolarWinds-N-central" + }, + { + "url": "https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-2-SP1-HF2", + "refsource": "MISC", + "name": "https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-2-SP1-HF2" + }, + { + "url": "https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-1-SP1-HF5", + "refsource": "MISC", + "name": "https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-1-SP1-HF5" + }, + { + "url": "https://github.com/flipflopfpv", + "refsource": "MISC", + "name": "https://github.com/flipflopfpv" + }, + { + "url": "https://packetstormsecurity.com/files/156033", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/156033" + }, + { + "url": "https://twitter.com/SecurityNewsbot/status/1219722631898812416", + "refsource": "MISC", + "name": "https://twitter.com/SecurityNewsbot/status/1219722631898812416" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7985.json b/2020/7xxx/CVE-2020-7985.json new file mode 100644 index 00000000000..be4f245a5a7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7985.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7985", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7986.json b/2020/7xxx/CVE-2020-7986.json new file mode 100644 index 00000000000..4b633511147 --- /dev/null +++ b/2020/7xxx/CVE-2020-7986.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7986", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7987.json b/2020/7xxx/CVE-2020-7987.json new file mode 100644 index 00000000000..6e2dbd74b91 --- /dev/null +++ b/2020/7xxx/CVE-2020-7987.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7987", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From ca71f76e648728238b0eb5545640151d71bfbb59 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 26 Jan 2020 22:01:08 +0000 Subject: [PATCH 317/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7988.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7989.json | 67 ++++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7990.json | 67 ++++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7991.json | 67 ++++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7992.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7993.json | 18 ++++++++++ 6 files changed, 255 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7988.json create mode 100644 2020/7xxx/CVE-2020-7989.json create mode 100644 2020/7xxx/CVE-2020-7990.json create mode 100644 2020/7xxx/CVE-2020-7991.json create mode 100644 2020/7xxx/CVE-2020-7992.json create mode 100644 2020/7xxx/CVE-2020-7993.json diff --git a/2020/7xxx/CVE-2020-7988.json b/2020/7xxx/CVE-2020-7988.json new file mode 100644 index 00000000000..3e110402367 --- /dev/null +++ b/2020/7xxx/CVE-2020-7988.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7988", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7989.json b/2020/7xxx/CVE-2020-7989.json new file mode 100644 index 00000000000..3bff7d332cc --- /dev/null +++ b/2020/7xxx/CVE-2020-7989.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adive Framework 2.0.8 has admin/user/add userUsername XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/47946", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/47946" + }, + { + "url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md", + "refsource": "MISC", + "name": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7990.json b/2020/7xxx/CVE-2020-7990.json new file mode 100644 index 00000000000..a3e2dc28309 --- /dev/null +++ b/2020/7xxx/CVE-2020-7990.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adive Framework 2.0.8 has admin/user/add userName XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/47946", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/47946" + }, + { + "url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md", + "refsource": "MISC", + "name": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7991.json b/2020/7xxx/CVE-2020-7991.json new file mode 100644 index 00000000000..b0475d4b0f1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7991.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/47946", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/47946" + }, + { + "url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md", + "refsource": "MISC", + "name": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7992.json b/2020/7xxx/CVE-2020-7992.json new file mode 100644 index 00000000000..0559f8745c2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7992.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7992", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7993.json b/2020/7xxx/CVE-2020-7993.json new file mode 100644 index 00000000000..b2cdc93ea55 --- /dev/null +++ b/2020/7xxx/CVE-2020-7993.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7993", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 39604ff450263e95a1909fe7fbb715e321d76421 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 26 Jan 2020 23:01:09 +0000 Subject: [PATCH 318/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7994.json | 67 ++++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7995.json | 67 ++++++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7996.json | 67 ++++++++++++++++++++++++++++++++++++ 3 files changed, 201 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7994.json create mode 100644 2020/7xxx/CVE-2020-7995.json create mode 100644 2020/7xxx/CVE-2020-7996.json diff --git a/2020/7xxx/CVE-2020-7994.json b/2020/7xxx/CVE-2020-7994.json new file mode 100644 index 00000000000..6434c33416f --- /dev/null +++ b/2020/7xxx/CVE-2020-7994.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the /htdocs/admin/const.php?mainmenu=home page; the (3) note[note] parameter to the /htdocs/admin/dict.php?id=10 page; the (4) zip[MAIN_INFO_SOCIETE_ZIP] or email[mail] parameter to the /htdocs/admin/company.php page; the (5) url[defaulturl], field[defaultkey], or value[defaultvalue] parameter to the /htdocs/admin/defaultvalues.php page; the (6) key[transkey] or key[transvalue] parameter to the /htdocs/admin/translation.php page; or the (7) [main_motd] or [main_home] parameter to the /htdocs/admin/ihm.php page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://tufangungor.github.io/0days", + "refsource": "MISC", + "name": "https://tufangungor.github.io/0days" + }, + { + "url": "https://github.com/tufangungor/tufangungor.github.io/blob/master/0days.md", + "refsource": "MISC", + "name": "https://github.com/tufangungor/tufangungor.github.io/blob/master/0days.md" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7995.json b/2020/7xxx/CVE-2020-7995.json new file mode 100644 index 00000000000..702ec75cdac --- /dev/null +++ b/2020/7xxx/CVE-2020-7995.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-brute-force.html", + "refsource": "MISC", + "name": "https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-brute-force.html" + }, + { + "url": "https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-brute-force.md", + "refsource": "MISC", + "name": "https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-brute-force.md" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7996.json b/2020/7xxx/CVE-2020-7996.json new file mode 100644 index 00000000000..65c05f1dde5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7996.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-xss-in-http-header.html", + "refsource": "MISC", + "name": "https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-xss-in-http-header.html" + }, + { + "url": "https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-xss-in-http-header.md", + "refsource": "MISC", + "name": "https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-xss-in-http-header.md" + } + ] + } +} \ No newline at end of file From 25780b2428778393dfddca469841ca789032a0fd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 00:01:10 +0000 Subject: [PATCH 319/387] "-Synchronized-Data." --- 2015/6xxx/CVE-2015-6748.json | 5 +++++ 2020/7xxx/CVE-2020-7039.json | 5 +++++ 2020/7xxx/CVE-2020-7997.json | 18 ++++++++++++++++++ 2020/7xxx/CVE-2020-7998.json | 18 ++++++++++++++++++ 4 files changed, 46 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7997.json create mode 100644 2020/7xxx/CVE-2020-7998.json diff --git a/2015/6xxx/CVE-2015-6748.json b/2015/6xxx/CVE-2015-6748.json index d15ade869a2..91e3e240792 100644 --- a/2015/6xxx/CVE-2015-6748.json +++ b/2015/6xxx/CVE-2015-6748.json @@ -81,6 +81,11 @@ "name": "https://issues.jboss.org/browse/WFLY-5223?_sscc=t", "refsource": "CONFIRM", "url": "https://issues.jboss.org/browse/WFLY-5223?_sscc=t" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200126 [SECURITY] [DLA 2075-1] jsoup security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00021.html" } ] } diff --git a/2020/7xxx/CVE-2020-7039.json b/2020/7xxx/CVE-2020-7039.json index 211fc62797c..2f91372d414 100644 --- a/2020/7xxx/CVE-2020-7039.json +++ b/2020/7xxx/CVE-2020-7039.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "http://www.openwall.com/lists/oss-security/2020/01/16/2", "url": "http://www.openwall.com/lists/oss-security/2020/01/16/2" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200126 [SECURITY] [DLA 2076-1] slirp security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00022.html" } ] } diff --git a/2020/7xxx/CVE-2020-7997.json b/2020/7xxx/CVE-2020-7997.json new file mode 100644 index 00000000000..95a9e9d698f --- /dev/null +++ b/2020/7xxx/CVE-2020-7997.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7997", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7998.json b/2020/7xxx/CVE-2020-7998.json new file mode 100644 index 00000000000..f4c523b1974 --- /dev/null +++ b/2020/7xxx/CVE-2020-7998.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7998", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 5abd3dee0606d4d91cd9a2da2d129d6598eeca60 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 01:01:13 +0000 Subject: [PATCH 320/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7999.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/8xxx/CVE-2020-8000.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/8xxx/CVE-2020-8001.json | 62 ++++++++++++++++++++++++++++++++++++ 3 files changed, 186 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7999.json create mode 100644 2020/8xxx/CVE-2020-8000.json create mode 100644 2020/8xxx/CVE-2020-8001.json diff --git a/2020/7xxx/CVE-2020-7999.json b/2020/7xxx/CVE-2020-7999.json new file mode 100644 index 00000000000..1082759c397 --- /dev/null +++ b/2020/7xxx/CVE-2020-7999.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOAD_API_KEY and FILE_DOWNLOAD_API_KEY." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/intellian-multiple-vulnerabilities-in.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/intellian-multiple-vulnerabilities-in.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8000.json b/2020/8xxx/CVE-2020-8000.json new file mode 100644 index 00000000000..d9700b02013 --- /dev/null +++ b/2020/8xxx/CVE-2020-8000.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/intellian-multiple-vulnerabilities-in.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/intellian-multiple-vulnerabilities-in.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8001.json b/2020/8xxx/CVE-2020-8001.json new file mode 100644 index 00000000000..ab9c3e4e00b --- /dev/null +++ b/2020/8xxx/CVE-2020-8001.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Intellian Aptus application 1.0.2 for Android has a hardcoded password of intellian for the masteruser FTP account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/intellian-multiple-vulnerabilities-in.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/intellian-multiple-vulnerabilities-in.html" + } + ] + } +} \ No newline at end of file From 1e78caaa349b1a8a7a2f9d141d8acb173d15b2e0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 04:01:09 +0000 Subject: [PATCH 321/387] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12399.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/12xxx/CVE-2019-12399.json b/2019/12xxx/CVE-2019-12399.json index 40417662e27..3ab1597bd6b 100644 --- a/2019/12xxx/CVE-2019-12399.json +++ b/2019/12xxx/CVE-2019-12399.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[kafka-commits] 20200115 [kafka-site] branch asf-site updated: Add CVE-2019-12399 (#250)", "url": "https://lists.apache.org/thread.html/rc27d424d0bdeaf31081c3e246db3c66e882243ae3f342dfa845e0261@%3Ccommits.kafka.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200126 [GitHub] [druid] clintropolis opened a new pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/rde947ee866de6687bc51cdc8dfa6d7e6b3ad4ce8c708c344f773e6dc@%3Ccommits.druid.apache.org%3E" } ] }, From b9d2c4f25c9c3b0f144eaf84d4606859cea309ed Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 05:01:13 +0000 Subject: [PATCH 322/387] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12399.json | 5 +++ 2019/20xxx/CVE-2019-20421.json | 67 +++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20422.json | 67 +++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20423.json | 77 ++++++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20424.json | 77 ++++++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20425.json | 77 ++++++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20426.json | 77 ++++++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20427.json | 77 ++++++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20428.json | 77 ++++++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20429.json | 77 ++++++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20430.json | 77 ++++++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20431.json | 77 ++++++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20432.json | 77 ++++++++++++++++++++++++++++++++++ 2020/8xxx/CVE-2020-8002.json | 72 +++++++++++++++++++++++++++++++ 2020/8xxx/CVE-2020-8003.json | 77 ++++++++++++++++++++++++++++++++++ 15 files changed, 1058 insertions(+) create mode 100644 2019/20xxx/CVE-2019-20421.json create mode 100644 2019/20xxx/CVE-2019-20422.json create mode 100644 2019/20xxx/CVE-2019-20423.json create mode 100644 2019/20xxx/CVE-2019-20424.json create mode 100644 2019/20xxx/CVE-2019-20425.json create mode 100644 2019/20xxx/CVE-2019-20426.json create mode 100644 2019/20xxx/CVE-2019-20427.json create mode 100644 2019/20xxx/CVE-2019-20428.json create mode 100644 2019/20xxx/CVE-2019-20429.json create mode 100644 2019/20xxx/CVE-2019-20430.json create mode 100644 2019/20xxx/CVE-2019-20431.json create mode 100644 2019/20xxx/CVE-2019-20432.json create mode 100644 2020/8xxx/CVE-2020-8002.json create mode 100644 2020/8xxx/CVE-2020-8003.json diff --git a/2019/12xxx/CVE-2019-12399.json b/2019/12xxx/CVE-2019-12399.json index 3ab1597bd6b..cd74a382491 100644 --- a/2019/12xxx/CVE-2019-12399.json +++ b/2019/12xxx/CVE-2019-12399.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[druid-commits] 20200126 [GitHub] [druid] clintropolis opened a new pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399", "url": "https://lists.apache.org/thread.html/rde947ee866de6687bc51cdc8dfa6d7e6b3ad4ce8c708c344f773e6dc@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200126 [GitHub] [druid] suneet-s commented on a change in pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/r4b20b40c40d4a4c641e2ef4228098a57935e5782bfdfdf3650e48265@%3Ccommits.druid.apache.org%3E" } ] }, diff --git a/2019/20xxx/CVE-2019-20421.json b/2019/20xxx/CVE-2019-20421.json new file mode 100644 index 00000000000..440aa07689d --- /dev/null +++ b/2019/20xxx/CVE-2019-20421.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Exiv2/exiv2/issues/1011", + "refsource": "MISC", + "name": "https://github.com/Exiv2/exiv2/issues/1011" + }, + { + "url": "https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8", + "refsource": "MISC", + "name": "https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20422.json b/2019/20xxx/CVE-2019-20422.json new file mode 100644 index 00000000000..9f442ac0a2c --- /dev/null +++ b/2019/20xxx/CVE-2019-20422.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4" + }, + { + "url": "https://github.com/torvalds/linux/commit/7b09c2d052db4b4ad0b27b97918b46a7746966fa", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/7b09c2d052db4b4ad0b27b97918b46a7746966fa" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20423.json b/2019/20xxx/CVE-2019-20423.json new file mode 100644 index 00000000000..51318b4ab62 --- /dev/null +++ b/2019/20xxx/CVE-2019-20423.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.whamcloud.com/browse/LU-12605", + "refsource": "MISC", + "name": "https://jira.whamcloud.com/browse/LU-12605" + }, + { + "url": "https://review.whamcloud.com/#/c/35935/", + "refsource": "MISC", + "name": "https://review.whamcloud.com/#/c/35935/" + }, + { + "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog", + "refsource": "MISC", + "name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog" + }, + { + "url": "http://lustre.org/", + "refsource": "MISC", + "name": "http://lustre.org/" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20424.json b/2019/20xxx/CVE-2019-20424.json new file mode 100644 index 00000000000..f40ef1fdf7a --- /dev/null +++ b/2019/20xxx/CVE-2019-20424.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog", + "refsource": "MISC", + "name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog" + }, + { + "url": "http://lustre.org/", + "refsource": "MISC", + "name": "http://lustre.org/" + }, + { + "url": "https://jira.whamcloud.com/browse/LU-12615", + "refsource": "MISC", + "name": "https://jira.whamcloud.com/browse/LU-12615" + }, + { + "url": "https://review.whamcloud.com/#/c/35869/", + "refsource": "MISC", + "name": "https://review.whamcloud.com/#/c/35869/" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20425.json b/2019/20xxx/CVE-2019-20425.json new file mode 100644 index 00000000000..cacaffeede8 --- /dev/null +++ b/2019/20xxx/CVE-2019-20425.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog", + "refsource": "MISC", + "name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog" + }, + { + "url": "http://lustre.org/", + "refsource": "MISC", + "name": "http://lustre.org/" + }, + { + "url": "https://jira.whamcloud.com/browse/LU-12613", + "refsource": "MISC", + "name": "https://jira.whamcloud.com/browse/LU-12613" + }, + { + "url": "https://review.whamcloud.com/#/c/36209/", + "refsource": "MISC", + "name": "https://review.whamcloud.com/#/c/36209/" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20426.json b/2019/20xxx/CVE-2019-20426.json new file mode 100644 index 00000000000..fd95f714de4 --- /dev/null +++ b/2019/20xxx/CVE-2019-20426.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog", + "refsource": "MISC", + "name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog" + }, + { + "url": "http://lustre.org/", + "refsource": "MISC", + "name": "http://lustre.org/" + }, + { + "url": "https://jira.whamcloud.com/browse/LU-12614", + "refsource": "MISC", + "name": "https://jira.whamcloud.com/browse/LU-12614" + }, + { + "url": "https://review.whamcloud.com/#/c/36107/", + "refsource": "MISC", + "name": "https://review.whamcloud.com/#/c/36107/" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20427.json b/2019/20xxx/CVE-2019-20427.json new file mode 100644 index 00000000000..fe11a49fb9b --- /dev/null +++ b/2019/20xxx/CVE-2019-20427.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog", + "refsource": "MISC", + "name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog" + }, + { + "url": "http://lustre.org/", + "refsource": "MISC", + "name": "http://lustre.org/" + }, + { + "url": "https://jira.whamcloud.com/browse/LU-12600", + "refsource": "MISC", + "name": "https://jira.whamcloud.com/browse/LU-12600" + }, + { + "url": "https://review.whamcloud.com/#/c/35867/", + "refsource": "MISC", + "name": "https://review.whamcloud.com/#/c/35867/" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20428.json b/2019/20xxx/CVE-2019-20428.json new file mode 100644 index 00000000000..78a6d4e4a15 --- /dev/null +++ b/2019/20xxx/CVE-2019-20428.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog", + "refsource": "MISC", + "name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog" + }, + { + "url": "http://lustre.org/", + "refsource": "MISC", + "name": "http://lustre.org/" + }, + { + "url": "https://jira.whamcloud.com/browse/LU-12603", + "refsource": "MISC", + "name": "https://jira.whamcloud.com/browse/LU-12603" + }, + { + "url": "https://review.whamcloud.com/#/c/36108/", + "refsource": "MISC", + "name": "https://review.whamcloud.com/#/c/36108/" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20429.json b/2019/20xxx/CVE-2019-20429.json new file mode 100644 index 00000000000..8062215c398 --- /dev/null +++ b/2019/20xxx/CVE-2019-20429.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog", + "refsource": "MISC", + "name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog" + }, + { + "url": "http://lustre.org/", + "refsource": "MISC", + "name": "http://lustre.org/" + }, + { + "url": "https://jira.whamcloud.com/browse/LU-12590", + "refsource": "MISC", + "name": "https://jira.whamcloud.com/browse/LU-12590" + }, + { + "url": "https://review.whamcloud.com/#/c/36119/", + "refsource": "MISC", + "name": "https://review.whamcloud.com/#/c/36119/" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20430.json b/2019/20xxx/CVE-2019-20430.json new file mode 100644 index 00000000000..5d9bfb97024 --- /dev/null +++ b/2019/20xxx/CVE-2019-20430.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog", + "refsource": "MISC", + "name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog" + }, + { + "url": "http://lustre.org/", + "refsource": "MISC", + "name": "http://lustre.org/" + }, + { + "url": "https://jira.whamcloud.com/browse/LU-12602", + "refsource": "MISC", + "name": "https://jira.whamcloud.com/browse/LU-12602" + }, + { + "url": "https://review.whamcloud.com/#/c/36208/", + "refsource": "MISC", + "name": "https://review.whamcloud.com/#/c/36208/" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20431.json b/2019/20xxx/CVE-2019-20431.json new file mode 100644 index 00000000000..1f1c0238e62 --- /dev/null +++ b/2019/20xxx/CVE-2019-20431.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog", + "refsource": "MISC", + "name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog" + }, + { + "url": "http://lustre.org/", + "refsource": "MISC", + "name": "http://lustre.org/" + }, + { + "url": "https://jira.whamcloud.com/browse/LU-12612", + "refsource": "MISC", + "name": "https://jira.whamcloud.com/browse/LU-12612" + }, + { + "url": "https://review.whamcloud.com/#/c/36273/", + "refsource": "MISC", + "name": "https://review.whamcloud.com/#/c/36273/" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20432.json b/2019/20xxx/CVE-2019-20432.json new file mode 100644 index 00000000000..edaa55b0d0f --- /dev/null +++ b/2019/20xxx/CVE-2019-20432.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog", + "refsource": "MISC", + "name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog" + }, + { + "url": "http://lustre.org/", + "refsource": "MISC", + "name": "http://lustre.org/" + }, + { + "url": "https://jira.whamcloud.com/browse/LU-12604", + "refsource": "MISC", + "name": "https://jira.whamcloud.com/browse/LU-12604" + }, + { + "url": "https://review.whamcloud.com/#/c/35868/", + "refsource": "MISC", + "name": "https://review.whamcloud.com/#/c/35868/" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8002.json b/2020/8xxx/CVE-2020-8002.json new file mode 100644 index 00000000000..4c508fe1814 --- /dev/null +++ b/2020/8xxx/CVE-2020-8002.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=572a36879701598fa727f50313508be99865b58f", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=572a36879701598fa727f50313508be99865b58f" + }, + { + "url": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=725e12beba4a41934f0ab62d399b5d4de2d13190", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=725e12beba4a41934f0ab62d399b5d4de2d13190" + }, + { + "url": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8003.json b/2020/8xxx/CVE-2020-8003.json new file mode 100644 index 00000000000..b06a668238f --- /dev/null +++ b/2020/8xxx/CVE-2020-8003.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340" + }, + { + "url": "https://gitlab.freedesktop.org/virgl/virglrenderer/commit/f9b079ccc319c98499111f66bd654fc9b56cf15f?merge_request_iid=340", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/virgl/virglrenderer/commit/f9b079ccc319c98499111f66bd654fc9b56cf15f?merge_request_iid=340" + }, + { + "url": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=f9b079ccc319c98499111f66bd654fc9b56cf15f", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=f9b079ccc319c98499111f66bd654fc9b56cf15f" + }, + { + "url": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=3320973c9f2068f60cf6613c2811a8824781878a", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=3320973c9f2068f60cf6613c2811a8824781878a" + } + ] + } +} \ No newline at end of file From 325f68d9c7e0cfdc8f3e3130b23d7e04d99770cf Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 06:01:10 +0000 Subject: [PATCH 323/387] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12399.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/2019/12xxx/CVE-2019-12399.json b/2019/12xxx/CVE-2019-12399.json index cd74a382491..15c5905f3b4 100644 --- a/2019/12xxx/CVE-2019-12399.json +++ b/2019/12xxx/CVE-2019-12399.json @@ -96,6 +96,16 @@ "refsource": "MLIST", "name": "[druid-commits] 20200126 [GitHub] [druid] suneet-s commented on a change in pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399", "url": "https://lists.apache.org/thread.html/r4b20b40c40d4a4c641e2ef4228098a57935e5782bfdfdf3650e48265@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200126 [GitHub] [druid] clintropolis commented on a change in pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/r6fa1cff4786dcef2ddd1d717836ef123c878e8321c24855bad24ae0f@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200126 [GitHub] [druid] clintropolis commented on issue #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/r3203d7f25a6ca56ff3e48c43a6aa7cb60b8e5d57d0eed9f76dc2b7a8@%3Ccommits.druid.apache.org%3E" } ] }, From 5ea41a4be288d0e8eb9135f0a4348a31131fca09 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 08:01:11 +0000 Subject: [PATCH 324/387] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12399.json | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/2019/12xxx/CVE-2019-12399.json b/2019/12xxx/CVE-2019-12399.json index 15c5905f3b4..5698252873b 100644 --- a/2019/12xxx/CVE-2019-12399.json +++ b/2019/12xxx/CVE-2019-12399.json @@ -106,6 +106,36 @@ "refsource": "MLIST", "name": "[druid-commits] 20200126 [GitHub] [druid] clintropolis commented on issue #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399", "url": "https://lists.apache.org/thread.html/r3203d7f25a6ca56ff3e48c43a6aa7cb60b8e5d57d0eed9f76dc2b7a8@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200127 [GitHub] [druid] ccaominh opened a new pull request #9261: Address CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/rfe90ca0463c199b99c2921410639aed53a172ea8b733eab0dc776262@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200127 [GitHub] [druid] suneet-s commented on a change in pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/r801c68bf987931f35d2e24ecc99f3aa2850fdd8f5ef15fe6c60fecf3@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200127 [GitHub] [druid] ccaominh commented on issue #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/r3154f5adbc905f1f9012a92240c8e00a96628470cc819453b9606d0e@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200127 [GitHub] [druid] clintropolis commented on a change in pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/r4d9e87cdae99e98d7b244cfa53d9d2532d368d3a187fbc87c493dcbe@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200127 [GitHub] [druid] clintropolis commented on issue #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/r56eb055b544931451283fee51f7e1f5b8ebd3085fed7d77aaba504c9@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200127 [GitHub] [druid] clintropolis commented on a change in pull request #9261: Address CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/r0e3a613705d70950aca2bfe9a6265c87503921852d9a3dbce512ca9f@%3Ccommits.druid.apache.org%3E" } ] }, From cfd237abb44e4bdf35e568c0f5c5ad63a2c07d9c Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Mon, 27 Jan 2020 09:27:51 +0100 Subject: [PATCH 325/387] data for CVE-2018-12476 --- 2018/12xxx/CVE-2018-12476.json | 105 ++++++++++++++++++++++++++++++++- 1 file changed, 102 insertions(+), 3 deletions(-) diff --git a/2018/12xxx/CVE-2018-12476.json b/2018/12xxx/CVE-2018-12476.json index c49e3ca7e76..0c46eb574e8 100644 --- a/2018/12xxx/CVE-2018-12476.json +++ b/2018/12xxx/CVE-2018-12476.json @@ -1,9 +1,61 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2020-01-27T00:00:00.000Z", "ID": "CVE-2018-12476", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "obs-service-extract_file's outfilename parameter allows to write files outside of package directory" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SUSE Linux Enterprise Server 15", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "obs-service-tar_scm", + "version_value": "0.9.2.1537788075.fefaa74:" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + }, + { + "product": { + "product_data": [ + { + "product_name": "Factory", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "obs-service-tar_scm", + "version_value": "0.9.2.1537788075.fefaa74" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Matthias Gerstner of SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +63,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed.\nThis issue affects:\nSUSE Linux Enterprise Server 15\nobs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:.\nopenSUSE Factory\nobs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-23: Relative Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1107944", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1107944" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1107944", + "defect": [ + "1107944" + ], + "discovery": "INTERNAL" } } \ No newline at end of file From 57f026fa0c89de191456882811b2dd6827709f96 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Mon, 27 Jan 2020 09:46:02 +0100 Subject: [PATCH 326/387] data for CVE-2018-20105 --- 2018/20xxx/CVE-2018-20105.json | 105 ++++++++++++++++++++++++++++++++- 1 file changed, 102 insertions(+), 3 deletions(-) diff --git a/2018/20xxx/CVE-2018-20105.json b/2018/20xxx/CVE-2018-20105.json index 28a219fdba9..b5e87948560 100644 --- a/2018/20xxx/CVE-2018-20105.json +++ b/2018/20xxx/CVE-2018-20105.json @@ -1,9 +1,61 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2020-01-27T00:00:00.000Z", "ID": "CVE-2018-20105", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "yast2-rmt exposes CA private key passhrase in log-file" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SUSE Linux Enterprise Server 15", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "yast2-rmt", + "version_value": "1.2.2" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + }, + { + "product": { + "product_data": [ + { + "product_name": "Leap", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "yast2-rmt", + "version_value": "1.2.2" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Fabian Schilling of SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +63,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file.\nThis issue affects:\nSUSE Linux Enterprise Server 15\nyast2-rmt versions prior to 1.2.2.\nopenSUSE Leap\nyast2-rmt versions prior to 1.2.2." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532: Inclusion of Sensitive Information in Log Files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1119835", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1119835" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1119835", + "defect": [ + "1119835" + ], + "discovery": "INTERNAL" } } \ No newline at end of file From 5ab8798260f9d5ebf9d338508922a4f74436f063 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 09:01:14 +0000 Subject: [PATCH 327/387] "-Synchronized-Data." --- 2018/12xxx/CVE-2018-12476.json | 4 ++-- 2018/20xxx/CVE-2018-20105.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/2018/12xxx/CVE-2018-12476.json b/2018/12xxx/CVE-2018-12476.json index 0c46eb574e8..3a31799b83a 100644 --- a/2018/12xxx/CVE-2018-12476.json +++ b/2018/12xxx/CVE-2018-12476.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-01-27T00:00:00.000Z", "ID": "CVE-2018-12476", "STATE": "PUBLIC", @@ -63,7 +63,7 @@ "description_data": [ { "lang": "eng", - "value": "Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed.\nThis issue affects:\nSUSE Linux Enterprise Server 15\nobs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:.\nopenSUSE Factory\nobs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74." + "value": "Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74." } ] }, diff --git a/2018/20xxx/CVE-2018-20105.json b/2018/20xxx/CVE-2018-20105.json index b5e87948560..452d843ed7d 100644 --- a/2018/20xxx/CVE-2018-20105.json +++ b/2018/20xxx/CVE-2018-20105.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-01-27T00:00:00.000Z", "ID": "CVE-2018-20105", "STATE": "PUBLIC", @@ -63,7 +63,7 @@ "description_data": [ { "lang": "eng", - "value": "A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file.\nThis issue affects:\nSUSE Linux Enterprise Server 15\nyast2-rmt versions prior to 1.2.2.\nopenSUSE Leap\nyast2-rmt versions prior to 1.2.2." + "value": "A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2." } ] }, From e164a265d5cbc69e09e759470836f4f4d41663a2 Mon Sep 17 00:00:00 2001 From: Ikuya Fukumoto Date: Mon, 27 Jan 2020 18:28:49 +0900 Subject: [PATCH 328/387] JPCERT/CC 2020-01-27 --- 2019/6xxx/CVE-2019-6036.json | 60 +++++++++++++++++++++++++++++++----- 2020/5xxx/CVE-2020-5520.json | 58 +++++++++++++++++++++++++++++----- 2020/5xxx/CVE-2020-5521.json | 58 +++++++++++++++++++++++++++++----- 2020/5xxx/CVE-2020-5522.json | 58 +++++++++++++++++++++++++++++----- 4 files changed, 205 insertions(+), 29 deletions(-) diff --git a/2019/6xxx/CVE-2019-6036.json b/2019/6xxx/CVE-2019-6036.json index 283f36a974d..e57c3062a63 100644 --- a/2019/6xxx/CVE-2019-6036.json +++ b/2019/6xxx/CVE-2019-6036.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6036", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://f-revocrm.jp/2019/12/9393" + }, + { + "url": "http://jvn.jp/en/jp/JVN97325754/index.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 patch6 (version 6 series) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.0 to F-RevoCRM 6.5 patch6 (version 6 series)" + } + ] + }, + "product_name": "F-RevoCRM" + } + ] + }, + "vendor_name": "ThinkingReed inc." + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2019-6036", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] } ] } diff --git a/2020/5xxx/CVE-2020-5520.json b/2020/5xxx/CVE-2020-5520.json index ac6e6f011cc..ba8abd435a0 100644 --- a/2020/5xxx/CVE-2020-5520.json +++ b/2020/5xxx/CVE-2020-5520.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5520", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "references": { + "reference_data": [ + { + "url": "https://www.printing.ne.jp/support/information/AppVulnerability.html" + }, + { + "url": "http://jvn.jp/en/jp/JVN66435380/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "3.2.3 and earlier" + } + ] + }, + "product_name": "netprint App for iOS" + } + ] + }, + "vendor_name": "Fuji Xerox Co.,Ltd." + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-5520", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to verify SSL certificates" + } + ] } ] } diff --git a/2020/5xxx/CVE-2020-5521.json b/2020/5xxx/CVE-2020-5521.json index 91e24480172..1eb6290aa96 100644 --- a/2020/5xxx/CVE-2020-5521.json +++ b/2020/5xxx/CVE-2020-5521.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5521", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "references": { + "reference_data": [ + { + "url": "https://www.printing.ne.jp/support/information/AppVulnerability.html" + }, + { + "url": "http://jvn.jp/en/jp/JVN66435380/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The kantan netprint App for iOS 2.0.2 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.0.2 and earlier" + } + ] + }, + "product_name": "kantan netprint App for iOS" + } + ] + }, + "vendor_name": "Fuji Xerox Co.,Ltd." + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-5521", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to verify SSL certificates" + } + ] } ] } diff --git a/2020/5xxx/CVE-2020-5522.json b/2020/5xxx/CVE-2020-5522.json index 0ba2bcd6e08..746e651eb27 100644 --- a/2020/5xxx/CVE-2020-5522.json +++ b/2020/5xxx/CVE-2020-5522.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5522", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "references": { + "reference_data": [ + { + "url": "https://www.printing.ne.jp/support/information/AppVulnerability.html" + }, + { + "url": "http://jvn.jp/en/jp/JVN66435380/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.0.3 and earlier" + } + ] + }, + "product_name": "kantan netprint App for Android" + } + ] + }, + "vendor_name": "Fuji Xerox Co.,Ltd." + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-5522", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to verify SSL certificates" + } + ] } ] } From dc75faa93a31fa5754a4e784f12974bc9fca2660 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Mon, 27 Jan 2020 10:42:34 +0100 Subject: [PATCH 329/387] data for CVE-2017-14806, CVE-2017-14807 --- 2017/14xxx/CVE-2017-14806.json | 86 ++++++++++++++++++++++++++++++++-- 2017/14xxx/CVE-2017-14807.json | 86 ++++++++++++++++++++++++++++++++-- 2 files changed, 166 insertions(+), 6 deletions(-) diff --git a/2017/14xxx/CVE-2017-14806.json b/2017/14xxx/CVE-2017-14806.json index fa1c3900fd6..d5e42fb59b6 100644 --- a/2017/14xxx/CVE-2017-14806.json +++ b/2017/14xxx/CVE-2017-14806.json @@ -1,9 +1,42 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2020-01-27T00:00:00.000Z", "ID": "CVE-2017-14806", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Insecure handling of repodata and packages in SUSE Studio onlite" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Studio onsite", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "susestudio-common", + "version_value": "1.3.17-56.6.3" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Johannes Segitz of SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +44,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections.\nThis issue affects:\nSUSE Studio onsite\nsusestudio-common version 1.3.17-56.6.3 and prior versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295: Improper Certificate Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1065397", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1065397" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1065397", + "defect": [ + "1065397" + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14807.json b/2017/14xxx/CVE-2017-14807.json index bfcdb7cc006..237c0ab844b 100644 --- a/2017/14xxx/CVE-2017-14807.json +++ b/2017/14xxx/CVE-2017-14807.json @@ -1,9 +1,42 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2020-01-27T00:00:00.000Z", "ID": "CVE-2017-14807", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "SQL injection in ui-server/app/models/diary_entry.rb in SUSE Studio onsite" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Studio onsite", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "susestudio-ui-server", + "version_value": "1.3.17-56.6.3" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Johannes Segitz of SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +44,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data.\nThis issue affects:\nSUSE Studio onsite\nsusestudio-ui-server version 1.3.17-56.6.3 and prior versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1065396", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1065396" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1065396", + "defect": [ + "1065396" + ], + "discovery": "INTERNAL" } } \ No newline at end of file From 88bcf3e6ea3469388ace6aa17fc59c4798448971 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 10:01:17 +0000 Subject: [PATCH 330/387] "-Synchronized-Data." --- 2017/14xxx/CVE-2017-14806.json | 4 ++-- 2017/14xxx/CVE-2017-14807.json | 4 ++-- 2017/5xxx/CVE-2017-5645.json | 5 +++++ 2019/17xxx/CVE-2019-17571.json | 5 +++++ 2019/6xxx/CVE-2019-6036.json | 11 ++++++++--- 2020/5xxx/CVE-2020-5520.json | 11 ++++++++--- 2020/5xxx/CVE-2020-5521.json | 11 ++++++++--- 2020/5xxx/CVE-2020-5522.json | 11 ++++++++--- 8 files changed, 46 insertions(+), 16 deletions(-) diff --git a/2017/14xxx/CVE-2017-14806.json b/2017/14xxx/CVE-2017-14806.json index d5e42fb59b6..f915e8867f6 100644 --- a/2017/14xxx/CVE-2017-14806.json +++ b/2017/14xxx/CVE-2017-14806.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-01-27T00:00:00.000Z", "ID": "CVE-2017-14806", "STATE": "PUBLIC", @@ -44,7 +44,7 @@ "description_data": [ { "lang": "eng", - "value": "A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections.\nThis issue affects:\nSUSE Studio onsite\nsusestudio-common version 1.3.17-56.6.3 and prior versions." + "value": "A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions." } ] }, diff --git a/2017/14xxx/CVE-2017-14807.json b/2017/14xxx/CVE-2017-14807.json index 237c0ab844b..cc4326e6d67 100644 --- a/2017/14xxx/CVE-2017-14807.json +++ b/2017/14xxx/CVE-2017-14807.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-01-27T00:00:00.000Z", "ID": "CVE-2017-14807", "STATE": "PUBLIC", @@ -44,7 +44,7 @@ "description_data": [ { "lang": "eng", - "value": "An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data.\nThis issue affects:\nSUSE Studio onsite\nsusestudio-ui-server version 1.3.17-56.6.3 and prior versions." + "value": "An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects: SUSE Studio onsite susestudio-ui-server version 1.3.17-56.6.3 and prior versions." } ] }, diff --git a/2017/5xxx/CVE-2017-5645.json b/2017/5xxx/CVE-2017-5645.json index 6bdc5d85ea9..1e57c852c37 100644 --- a/2017/5xxx/CVE-2017-5645.json +++ b/2017/5xxx/CVE-2017-5645.json @@ -346,6 +346,11 @@ "refsource": "MLIST", "name": "[activemq-issues] 20200122 [jira] [Resolved] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", "url": "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200127 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78@%3Cissues.activemq.apache.org%3E" } ] } diff --git a/2019/17xxx/CVE-2019-17571.json b/2019/17xxx/CVE-2019-17571.json index aaf861d02bb..f641e7534c5 100644 --- a/2019/17xxx/CVE-2019-17571.json +++ b/2019/17xxx/CVE-2019-17571.json @@ -253,6 +253,11 @@ "refsource": "MLIST", "name": "[activemq-issues] 20200122 [jira] [Resolved] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", "url": "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200127 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78@%3Cissues.activemq.apache.org%3E" } ] }, diff --git a/2019/6xxx/CVE-2019-6036.json b/2019/6xxx/CVE-2019-6036.json index e57c3062a63..8a368ff83e3 100644 --- a/2019/6xxx/CVE-2019-6036.json +++ b/2019/6xxx/CVE-2019-6036.json @@ -3,10 +3,14 @@ "references": { "reference_data": [ { - "url": "https://f-revocrm.jp/2019/12/9393" + "url": "https://f-revocrm.jp/2019/12/9393", + "refsource": "MISC", + "name": "https://f-revocrm.jp/2019/12/9393" }, { - "url": "http://jvn.jp/en/jp/JVN97325754/index.html" + "url": "http://jvn.jp/en/jp/JVN97325754/index.html", + "refsource": "MISC", + "name": "http://jvn.jp/en/jp/JVN97325754/index.html" } ] }, @@ -44,7 +48,8 @@ }, "CVE_data_meta": { "ID": "CVE-2019-6036", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "data_format": "MITRE", "problemtype": { diff --git a/2020/5xxx/CVE-2020-5520.json b/2020/5xxx/CVE-2020-5520.json index ba8abd435a0..b9c71cf5e5c 100644 --- a/2020/5xxx/CVE-2020-5520.json +++ b/2020/5xxx/CVE-2020-5520.json @@ -3,10 +3,14 @@ "references": { "reference_data": [ { - "url": "https://www.printing.ne.jp/support/information/AppVulnerability.html" + "url": "https://www.printing.ne.jp/support/information/AppVulnerability.html", + "refsource": "MISC", + "name": "https://www.printing.ne.jp/support/information/AppVulnerability.html" }, { - "url": "http://jvn.jp/en/jp/JVN66435380/index.html" + "url": "http://jvn.jp/en/jp/JVN66435380/index.html", + "refsource": "MISC", + "name": "http://jvn.jp/en/jp/JVN66435380/index.html" } ] }, @@ -44,7 +48,8 @@ }, "CVE_data_meta": { "ID": "CVE-2020-5520", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "data_format": "MITRE", "problemtype": { diff --git a/2020/5xxx/CVE-2020-5521.json b/2020/5xxx/CVE-2020-5521.json index 1eb6290aa96..18b2c1325d2 100644 --- a/2020/5xxx/CVE-2020-5521.json +++ b/2020/5xxx/CVE-2020-5521.json @@ -3,10 +3,14 @@ "references": { "reference_data": [ { - "url": "https://www.printing.ne.jp/support/information/AppVulnerability.html" + "url": "https://www.printing.ne.jp/support/information/AppVulnerability.html", + "refsource": "MISC", + "name": "https://www.printing.ne.jp/support/information/AppVulnerability.html" }, { - "url": "http://jvn.jp/en/jp/JVN66435380/index.html" + "url": "http://jvn.jp/en/jp/JVN66435380/index.html", + "refsource": "MISC", + "name": "http://jvn.jp/en/jp/JVN66435380/index.html" } ] }, @@ -44,7 +48,8 @@ }, "CVE_data_meta": { "ID": "CVE-2020-5521", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "data_format": "MITRE", "problemtype": { diff --git a/2020/5xxx/CVE-2020-5522.json b/2020/5xxx/CVE-2020-5522.json index 746e651eb27..e34c816d396 100644 --- a/2020/5xxx/CVE-2020-5522.json +++ b/2020/5xxx/CVE-2020-5522.json @@ -3,10 +3,14 @@ "references": { "reference_data": [ { - "url": "https://www.printing.ne.jp/support/information/AppVulnerability.html" + "url": "https://www.printing.ne.jp/support/information/AppVulnerability.html", + "refsource": "MISC", + "name": "https://www.printing.ne.jp/support/information/AppVulnerability.html" }, { - "url": "http://jvn.jp/en/jp/JVN66435380/index.html" + "url": "http://jvn.jp/en/jp/JVN66435380/index.html", + "refsource": "MISC", + "name": "http://jvn.jp/en/jp/JVN66435380/index.html" } ] }, @@ -44,7 +48,8 @@ }, "CVE_data_meta": { "ID": "CVE-2020-5522", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "data_format": "MITRE", "problemtype": { From f3dd52ef3a63ecc45bcde300d90a8e9b96855a3b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 11:01:12 +0000 Subject: [PATCH 331/387] "-Synchronized-Data." --- 2019/15xxx/CVE-2019-15601.json | 5 +++++ 2019/20xxx/CVE-2019-20330.json | 5 +++++ 2019/20xxx/CVE-2019-20372.json | 5 +++++ 2020/6xxx/CVE-2020-6750.json | 5 +++++ 4 files changed, 20 insertions(+) diff --git a/2019/15xxx/CVE-2019-15601.json b/2019/15xxx/CVE-2019-15601.json index 6752fd15207..17f8de22e0e 100644 --- a/2019/15xxx/CVE-2019-15601.json +++ b/2019/15xxx/CVE-2019-15601.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200108 [SECURITY ADVISORY] curl: SMB access smuggling via FILE URL on Windows (CVE-2019-15601)", "url": "http://www.openwall.com/lists/oss-security/2020/01/08/1" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200127-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200127-0002/" } ] }, diff --git a/2019/20xxx/CVE-2019-20330.json b/2019/20xxx/CVE-2019-20330.json index a5353c8950a..694e7c19379 100644 --- a/2019/20xxx/CVE-2019-20330.json +++ b/2019/20xxx/CVE-2019-20330.json @@ -176,6 +176,11 @@ "refsource": "MLIST", "name": "[zookeeper-commits] 20200123 [zookeeper] branch master updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330", "url": "https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200127-0004/", + "url": "https://security.netapp.com/advisory/ntap-20200127-0004/" } ] } diff --git a/2019/20xxx/CVE-2019-20372.json b/2019/20xxx/CVE-2019-20372.json index 9ff16bde2dd..6ce84b7e4fa 100644 --- a/2019/20xxx/CVE-2019-20372.json +++ b/2019/20xxx/CVE-2019-20372.json @@ -86,6 +86,11 @@ "refsource": "UBUNTU", "name": "USN-4235-2", "url": "https://usn.ubuntu.com/4235-2/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200127-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200127-0003/" } ] } diff --git a/2020/6xxx/CVE-2020-6750.json b/2020/6xxx/CVE-2020-6750.json index a55514afd74..e3f5ab6fe12 100644 --- a/2020/6xxx/CVE-2020-6750.json +++ b/2020/6xxx/CVE-2020-6750.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://bugzilla.suse.com/show_bug.cgi?id=1160668", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1160668" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200127-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200127-0001/" } ] } From 2a455f68a166e22dc9ded196e0eb16309ef1574c Mon Sep 17 00:00:00 2001 From: Bogdan Botezatu Date: Mon, 27 Jan 2020 14:58:02 +0200 Subject: [PATCH 332/387] Adding data for CEV-2019-17094 --- 2019/17xxx/CVE-2019-17094.json | 98 ++++++++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100644 2019/17xxx/CVE-2019-17094.json diff --git a/2019/17xxx/CVE-2019-17094.json b/2019/17xxx/CVE-2019-17094.json new file mode 100644 index 00000000000..1f3d5c6cb84 --- /dev/null +++ b/2019/17xxx/CVE-2019-17094.json @@ -0,0 +1,98 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve-requests@bitdefender.com", + "DATE_PUBLIC": "2019-12-20T10:00:00.000Z", + "ID": "CVE-2019-17094", + "STATE": "PUBLIC", + "TITLE": "Stack-Based Overflow vulnerability in Belkin WeMo Insights Switch" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Belkin WeMo Insight Switch", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.00.11396" + } + ] + } + } + ] + }, + "vendor_name": "Belkin" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Bitdefender Labs" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Stack-based Buffer Overflow vulnerability in libbelkin_api.so component of Belkin WeMo Insight Switch firmware allows a local attacker to obtain code execution on the device.\nThis issue affects:\nBelkin WeMo Insight Switch firmware\nversion 2.00.11396 and prior versions." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://labs.bitdefender.com/2019/12/multiple-vulnerabilities-in-belkin-wemo-insight-switch/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to the latest firmware version available." + } + ], + "source": { + "discovery": "INTERNAL" + } +} \ No newline at end of file From e4ad1822679bb2ef7864085b634e92b0033170ee Mon Sep 17 00:00:00 2001 From: Bogdan Botezatu Date: Mon, 27 Jan 2020 15:00:53 +0200 Subject: [PATCH 333/387] Added data for CVE-2019-17095 --- 2019/17xxx/CVE-2019-17095.json | 108 +++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 2019/17xxx/CVE-2019-17095.json diff --git a/2019/17xxx/CVE-2019-17095.json b/2019/17xxx/CVE-2019-17095.json new file mode 100644 index 00000000000..b6a47383311 --- /dev/null +++ b/2019/17xxx/CVE-2019-17095.json @@ -0,0 +1,108 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve-requests@bitdefender.com", + "DATE_PUBLIC": "2019-11-23T10:00:00.000Z", + "ID": "CVE-2019-17095", + "STATE": "PUBLIC", + "TITLE": "Bitdefender BOX 2 bootstrap download_image command injection vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bitdefender BOX 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.1.47.42", + "version_value": "2.1.59-12" + }, + { + "version_affected": "<", + "version_name": "2.1.53.45", + "version_value": "2.1.59-12" + } + ] + } + } + ] + }, + "vendor_name": "Bitdefender" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Claudio Bozzato, Lilith Wyatt and Dave McDaniel of Cisco Talos" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In order to exploit the condition, an unauthenticated attacker should impersonate a infrastructure server to trigger this vulnerability." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.bitdefender.com/support/security-advisories/command-injection-vulnerability-in-bitdefender-box-v2-va-5706" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "An update that mitigates the issue has been delivered in:\nBitdefender Central Android App version 2.0.66.88\nBitdefender Central iOS App version 2.0.66" + } + ], + "source": { + "advisory": "VA-5706", + "defect": [ + "VA-5706" + ], + "discovery": "EXTERNAL" + } +} \ No newline at end of file From 57893f1d5696c7f3049ff7a7bf2a2b604a4d925f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 13:01:17 +0000 Subject: [PATCH 334/387] "-Synchronized-Data." --- 2017/16xxx/CVE-2017-16112.json | 14 +++++++------- 2019/18xxx/CVE-2019-18932.json | 5 +++++ 2019/20xxx/CVE-2019-20093.json | 5 +++++ 2020/8xxx/CVE-2020-8004.json | 18 ++++++++++++++++++ 2020/8xxx/CVE-2020-8005.json | 18 ++++++++++++++++++ 2020/8xxx/CVE-2020-8006.json | 18 ++++++++++++++++++ 2020/8xxx/CVE-2020-8007.json | 18 ++++++++++++++++++ 7 files changed, 89 insertions(+), 7 deletions(-) create mode 100644 2020/8xxx/CVE-2020-8004.json create mode 100644 2020/8xxx/CVE-2020-8005.json create mode 100644 2020/8xxx/CVE-2020-8006.json create mode 100644 2020/8xxx/CVE-2020-8007.json diff --git a/2017/16xxx/CVE-2017-16112.json b/2017/16xxx/CVE-2017-16112.json index af03bf9cc28..b3dec0c8351 100644 --- a/2017/16xxx/CVE-2017-16112.json +++ b/2017/16xxx/CVE-2017-16112.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-16112", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16112", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs:CVE-2017-15010. Reason: This candidate is a reservation duplicate of CVE-2017-15010. Notes: All CVE users should reference CVE-2017-15010 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2019/18xxx/CVE-2019-18932.json b/2019/18xxx/CVE-2019-18932.json index cd3baf313a1..eb246e86e47 100644 --- a/2019/18xxx/CVE-2019-18932.json +++ b/2019/18xxx/CVE-2019-18932.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[oss-security] CVE-2019-18932: sarg: insecure usage of /tmp/sarg allows privilege escalation / DoS attack vector", "url": "https://seclists.org/oss-sec/2020/q1/23" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200127 Re: CVE-2019-18932: sarg: insecure usage of /tmp/sarg allows privilege escalation / DoS attack vector", + "url": "http://www.openwall.com/lists/oss-security/2020/01/27/1" } ] } diff --git a/2019/20xxx/CVE-2019-20093.json b/2019/20xxx/CVE-2019-20093.json index 27b1f3fcafd..ee083924506 100644 --- a/2019/20xxx/CVE-2019-20093.json +++ b/2019/20xxx/CVE-2019-20093.json @@ -61,6 +61,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-968a89619e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHFOCBZCF3GX7A6FWE3JM7P37TQWGINJ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-dd79b615cd", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTB2J5XWOEGAJYR2N66GAECUIKDG6O2S/" } ] } diff --git a/2020/8xxx/CVE-2020-8004.json b/2020/8xxx/CVE-2020-8004.json new file mode 100644 index 00000000000..5852b296b4f --- /dev/null +++ b/2020/8xxx/CVE-2020-8004.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8004", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8005.json b/2020/8xxx/CVE-2020-8005.json new file mode 100644 index 00000000000..86fcc6b59b2 --- /dev/null +++ b/2020/8xxx/CVE-2020-8005.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8005", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8006.json b/2020/8xxx/CVE-2020-8006.json new file mode 100644 index 00000000000..21818977c02 --- /dev/null +++ b/2020/8xxx/CVE-2020-8006.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8006", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8007.json b/2020/8xxx/CVE-2020-8007.json new file mode 100644 index 00000000000..5e5f237461b --- /dev/null +++ b/2020/8xxx/CVE-2020-8007.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8007", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 616dd92602476923b567aa254c0bbafd744d07a3 Mon Sep 17 00:00:00 2001 From: Bogdan Botezatu Date: Mon, 27 Jan 2020 15:07:33 +0200 Subject: [PATCH 335/387] Added data for CVE-2019-17096 --- 2019/17xxx/CVE-2019-17096.json | 108 +++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 2019/17xxx/CVE-2019-17096.json diff --git a/2019/17xxx/CVE-2019-17096.json b/2019/17xxx/CVE-2019-17096.json new file mode 100644 index 00000000000..51faa828d20 --- /dev/null +++ b/2019/17xxx/CVE-2019-17096.json @@ -0,0 +1,108 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve-requests@bitdefender.com", + "DATE_PUBLIC": "2019-03-11T10:00:00.000Z", + "ID": "CVE-2019-17096", + "STATE": "PUBLIC", + "TITLE": "Bitdefender BOX 2 bootstrap get_image_size command injection vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bitdefender BOX 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.1.47.42", + "version_value": "2.1.59-12" + }, + { + "version_affected": "<", + "version_name": "2.1.53.45", + "version_value": "2.1.59-12" + } + ] + } + } + ] + }, + "vendor_name": "Bitdefender" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Claudio Bozzato, Lilith Wyatt and Dave McDaniel of Cisco Talos." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": " https://www.bitdefender.com/support/security-advisories/bitdefender-box-2-bootstrap-get_image_size-command-injection-vulnerability/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "An update that mitigates the issue has been delivered in:\nBitdefender Central Android App version 2.0.66.88\nBitdefender Central iOS App version 2.0.66" + } + ], + "source": { + "advisory": "VA-5706", + "defect": [ + "VA-5706" + ], + "discovery": "EXTERNAL" + } +} \ No newline at end of file From 916af0e659ef6cf699ebf5b6d64086dab83108e7 Mon Sep 17 00:00:00 2001 From: Bogdan Botezatu Date: Mon, 27 Jan 2020 15:13:02 +0200 Subject: [PATCH 336/387] Added data for CVE-2019-17099 --- 2019/17xxx/CVE-2019-17099.json | 103 +++++++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 2019/17xxx/CVE-2019-17099.json diff --git a/2019/17xxx/CVE-2019-17099.json b/2019/17xxx/CVE-2019-17099.json new file mode 100644 index 00000000000..3f662c4666b --- /dev/null +++ b/2019/17xxx/CVE-2019-17099.json @@ -0,0 +1,103 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve-requests@bitdefender.com", + "DATE_PUBLIC": "2019-12-18T10:00:00.000Z", + "ID": "CVE-2019-17099", + "STATE": "PUBLIC", + "TITLE": "Untrusted Search Path vulnerability in EPSecurityService.exe (VA-3500)" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EPSecurityService.exe ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.6.11.162", + "version_value": "6.6.11.162" + } + ] + } + } + ] + }, + "vendor_name": "Bitdefender" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Bugcrowd user khangkito" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path.\nThis issue affects:\nBitdefender EPSecurityService.exe versions prior to 6.6.11.163." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-426 Untrusted Search Path" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-epsecurityservice-exe-va-3500/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Automatic update to version 6.6.11.163 mitigates the issue." + } + ], + "source": { + "advisory": "VA-3500", + "defect": [ + "VA-3500" + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file From 9b9422046cf41d523e46f99f95058797843806a7 Mon Sep 17 00:00:00 2001 From: Bogdan Botezatu Date: Mon, 27 Jan 2020 15:47:31 +0200 Subject: [PATCH 337/387] Update CVE-2019-17096.json Fixed reference URL after failed validation --- 2019/17xxx/CVE-2019-17096.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2019/17xxx/CVE-2019-17096.json b/2019/17xxx/CVE-2019-17096.json index 51faa828d20..d6df6ad7652 100644 --- a/2019/17xxx/CVE-2019-17096.json +++ b/2019/17xxx/CVE-2019-17096.json @@ -88,7 +88,7 @@ "reference_data": [ { "refsource": "CONFIRM", - "url": " https://www.bitdefender.com/support/security-advisories/bitdefender-box-2-bootstrap-get_image_size-command-injection-vulnerability/" + "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-box-2-bootstrap-get_image_size-command-injection-vulnerability/" } ] }, @@ -105,4 +105,4 @@ ], "discovery": "EXTERNAL" } -} \ No newline at end of file +} From 2ca5d98678c00d314405b16ffee238449888dcea Mon Sep 17 00:00:00 2001 From: Bogdan Botezatu Date: Mon, 27 Jan 2020 15:51:17 +0200 Subject: [PATCH 338/387] Added data for CVE-2019-17100 --- 2019/17xxx/CVE-2019-17100.json | 96 ++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) create mode 100644 2019/17xxx/CVE-2019-17100.json diff --git a/2019/17xxx/CVE-2019-17100.json b/2019/17xxx/CVE-2019-17100.json new file mode 100644 index 00000000000..5c10f9f8d77 --- /dev/null +++ b/2019/17xxx/CVE-2019-17100.json @@ -0,0 +1,96 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve-requests@bitdefender.com", + "DATE_PUBLIC": "2019-12-19T10:00:00.000Z", + "ID": "CVE-2019-17100", + "STATE": "PUBLIC", + "TITLE": "Untrusted Search Path vulnerability in Bitdefender Total Security 2020 (VA-5895)" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "bdserviceshost.exe", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "24.0.12.69" + } + ] + } + } + ] + }, + "vendor_name": "Bitdefender" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code.\nThis issue does not affect:\nBitdefender Total Security\nversions prior to 24.0.12.69." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-426 Untrusted Search Path" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-bitdefender-total-security-2020-va-5895/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Automatic update to Bitdefender Total Security version 24.0.12.69 mitigates the issue" + } + ], + "source": { + "advisory": "VA-5895", + "defect": [ + "VA-5895" + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file From d5b6f417297ad2de0b162e2fabaf5f89a197a2ac Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 14:01:18 +0000 Subject: [PATCH 339/387] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17100.json | 7 ++-- 2019/20xxx/CVE-2019-20433.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8008.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8009.json | 62 ++++++++++++++++++++++++++++++++++ 2020/8xxx/CVE-2020-8010.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8011.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8012.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8013.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8014.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8015.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8016.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8017.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8018.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8019.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8020.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8021.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8022.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8023.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8024.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8025.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8026.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8027.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8028.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8029.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8030.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8031.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8032.json | 18 ++++++++++ 27 files changed, 516 insertions(+), 3 deletions(-) create mode 100644 2019/20xxx/CVE-2019-20433.json create mode 100644 2020/8xxx/CVE-2020-8008.json create mode 100644 2020/8xxx/CVE-2020-8009.json create mode 100644 2020/8xxx/CVE-2020-8010.json create mode 100644 2020/8xxx/CVE-2020-8011.json create mode 100644 2020/8xxx/CVE-2020-8012.json create mode 100644 2020/8xxx/CVE-2020-8013.json create mode 100644 2020/8xxx/CVE-2020-8014.json create mode 100644 2020/8xxx/CVE-2020-8015.json create mode 100644 2020/8xxx/CVE-2020-8016.json create mode 100644 2020/8xxx/CVE-2020-8017.json create mode 100644 2020/8xxx/CVE-2020-8018.json create mode 100644 2020/8xxx/CVE-2020-8019.json create mode 100644 2020/8xxx/CVE-2020-8020.json create mode 100644 2020/8xxx/CVE-2020-8021.json create mode 100644 2020/8xxx/CVE-2020-8022.json create mode 100644 2020/8xxx/CVE-2020-8023.json create mode 100644 2020/8xxx/CVE-2020-8024.json create mode 100644 2020/8xxx/CVE-2020-8025.json create mode 100644 2020/8xxx/CVE-2020-8026.json create mode 100644 2020/8xxx/CVE-2020-8027.json create mode 100644 2020/8xxx/CVE-2020-8028.json create mode 100644 2020/8xxx/CVE-2020-8029.json create mode 100644 2020/8xxx/CVE-2020-8030.json create mode 100644 2020/8xxx/CVE-2020-8031.json create mode 100644 2020/8xxx/CVE-2020-8032.json diff --git a/2019/17xxx/CVE-2019-17100.json b/2019/17xxx/CVE-2019-17100.json index 5c10f9f8d77..ed062c31b17 100644 --- a/2019/17xxx/CVE-2019-17100.json +++ b/2019/17xxx/CVE-2019-17100.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code.\nThis issue does not affect:\nBitdefender Total Security\nversions prior to 24.0.12.69." + "value": "An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69." } ] }, @@ -75,8 +75,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-bitdefender-total-security-2020-va-5895/" + "refsource": "MISC", + "url": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-bitdefender-total-security-2020-va-5895/", + "name": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-bitdefender-total-security-2020-va-5895/" } ] }, diff --git a/2019/20xxx/CVE-2019-20433.json b/2019/20xxx/CVE-2019-20433.json new file mode 100644 index 00000000000..f0e35ddf763 --- /dev/null +++ b/2019/20xxx/CVE-2019-20433.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20433", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8008.json b/2020/8xxx/CVE-2020-8008.json new file mode 100644 index 00000000000..14308effa02 --- /dev/null +++ b/2020/8xxx/CVE-2020-8008.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8008", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8009.json b/2020/8xxx/CVE-2020-8009.json new file mode 100644 index 00000000000..97f62dedc41 --- /dev/null +++ b/2020/8xxx/CVE-2020-8009.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as demonstrated by reading the /etc/passwd file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.securenetworkinc.com/news/2020/1/22/new-vulnerability-motu-avb-directory-traversal", + "refsource": "MISC", + "name": "https://www.securenetworkinc.com/news/2020/1/22/new-vulnerability-motu-avb-directory-traversal" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8010.json b/2020/8xxx/CVE-2020-8010.json new file mode 100644 index 00000000000..fc0e2456266 --- /dev/null +++ b/2020/8xxx/CVE-2020-8010.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8010", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8011.json b/2020/8xxx/CVE-2020-8011.json new file mode 100644 index 00000000000..88802ab9889 --- /dev/null +++ b/2020/8xxx/CVE-2020-8011.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8011", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8012.json b/2020/8xxx/CVE-2020-8012.json new file mode 100644 index 00000000000..2dc7e87f9e0 --- /dev/null +++ b/2020/8xxx/CVE-2020-8012.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8012", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8013.json b/2020/8xxx/CVE-2020-8013.json new file mode 100644 index 00000000000..8ccb44e80f6 --- /dev/null +++ b/2020/8xxx/CVE-2020-8013.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8013", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8014.json b/2020/8xxx/CVE-2020-8014.json new file mode 100644 index 00000000000..7df52028e54 --- /dev/null +++ b/2020/8xxx/CVE-2020-8014.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8014", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8015.json b/2020/8xxx/CVE-2020-8015.json new file mode 100644 index 00000000000..5f0ac48f357 --- /dev/null +++ b/2020/8xxx/CVE-2020-8015.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8015", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8016.json b/2020/8xxx/CVE-2020-8016.json new file mode 100644 index 00000000000..517d2e4d93d --- /dev/null +++ b/2020/8xxx/CVE-2020-8016.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8016", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8017.json b/2020/8xxx/CVE-2020-8017.json new file mode 100644 index 00000000000..59af93dd4c6 --- /dev/null +++ b/2020/8xxx/CVE-2020-8017.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8017", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8018.json b/2020/8xxx/CVE-2020-8018.json new file mode 100644 index 00000000000..40f294a8a2c --- /dev/null +++ b/2020/8xxx/CVE-2020-8018.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8018", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8019.json b/2020/8xxx/CVE-2020-8019.json new file mode 100644 index 00000000000..81b04560e48 --- /dev/null +++ b/2020/8xxx/CVE-2020-8019.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8019", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8020.json b/2020/8xxx/CVE-2020-8020.json new file mode 100644 index 00000000000..1e4f922fdaf --- /dev/null +++ b/2020/8xxx/CVE-2020-8020.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8020", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8021.json b/2020/8xxx/CVE-2020-8021.json new file mode 100644 index 00000000000..b15af44d473 --- /dev/null +++ b/2020/8xxx/CVE-2020-8021.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8021", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8022.json b/2020/8xxx/CVE-2020-8022.json new file mode 100644 index 00000000000..adeb3e9492e --- /dev/null +++ b/2020/8xxx/CVE-2020-8022.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8022", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8023.json b/2020/8xxx/CVE-2020-8023.json new file mode 100644 index 00000000000..dd7f18008ae --- /dev/null +++ b/2020/8xxx/CVE-2020-8023.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8023", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8024.json b/2020/8xxx/CVE-2020-8024.json new file mode 100644 index 00000000000..888ab9e3c25 --- /dev/null +++ b/2020/8xxx/CVE-2020-8024.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8024", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8025.json b/2020/8xxx/CVE-2020-8025.json new file mode 100644 index 00000000000..eb4da7fea1c --- /dev/null +++ b/2020/8xxx/CVE-2020-8025.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8025", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8026.json b/2020/8xxx/CVE-2020-8026.json new file mode 100644 index 00000000000..ab0f4eb10cc --- /dev/null +++ b/2020/8xxx/CVE-2020-8026.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8026", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8027.json b/2020/8xxx/CVE-2020-8027.json new file mode 100644 index 00000000000..a5d5d96fb25 --- /dev/null +++ b/2020/8xxx/CVE-2020-8027.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8027", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8028.json b/2020/8xxx/CVE-2020-8028.json new file mode 100644 index 00000000000..0f050f1c8be --- /dev/null +++ b/2020/8xxx/CVE-2020-8028.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8028", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8029.json b/2020/8xxx/CVE-2020-8029.json new file mode 100644 index 00000000000..ce3d41cd72e --- /dev/null +++ b/2020/8xxx/CVE-2020-8029.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8029", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8030.json b/2020/8xxx/CVE-2020-8030.json new file mode 100644 index 00000000000..16046bd1b56 --- /dev/null +++ b/2020/8xxx/CVE-2020-8030.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8030", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8031.json b/2020/8xxx/CVE-2020-8031.json new file mode 100644 index 00000000000..3f47ddad012 --- /dev/null +++ b/2020/8xxx/CVE-2020-8031.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8031", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8032.json b/2020/8xxx/CVE-2020-8032.json new file mode 100644 index 00000000000..326d6ed5eca --- /dev/null +++ b/2020/8xxx/CVE-2020-8032.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8032", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 4791c562004449020b0e1d832b743e2274290aab Mon Sep 17 00:00:00 2001 From: Bogdan Botezatu Date: Mon, 27 Jan 2020 16:01:38 +0200 Subject: [PATCH 340/387] Added data for CVE-2019-17102 --- 2019/17xxx/CVE-2019-17102.json | 102 +++++++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 2019/17xxx/CVE-2019-17102.json diff --git a/2019/17xxx/CVE-2019-17102.json b/2019/17xxx/CVE-2019-17102.json new file mode 100644 index 00000000000..eeb76017f82 --- /dev/null +++ b/2019/17xxx/CVE-2019-17102.json @@ -0,0 +1,102 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve-requests@bitdefender.com", + "DATE_PUBLIC": "2019-12-30T10:00:00.000Z", + "ID": "CVE-2019-17102", + "STATE": "PUBLIC", + "TITLE": "Bitdefender BOX v2 bootstrap update_setup command execution vulnerability (VA-2226)" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bitdefender BOX 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.1.47.36" + } + ] + } + } + ] + }, + "vendor_name": "Bitdefender" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Bugcrowd user Mongo" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitrary execution of system commands. \nThis issue affects:\nBitdefender Bitdefender BOX 2\nversions prior to 2.1.47.36." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-413: Improper Resource Locking" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-box-v2-bootstrap-update_setup-command-execution-vulnerability-va-2226" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Updating to firmware version 2.1.47.36 resolves this issue." + } + ], + "source": { + "advisory": "VA-2226", + "defect": [ + "VA-2226" + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file From ea04dcdd40a6a2dace92551bbfd9f4dc2e35b8ef Mon Sep 17 00:00:00 2001 From: Bogdan Botezatu Date: Mon, 27 Jan 2020 16:05:45 +0200 Subject: [PATCH 341/387] Added data for CVE-2019-17103 --- 2019/17xxx/CVE-2019-17103.json | 102 +++++++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 2019/17xxx/CVE-2019-17103.json diff --git a/2019/17xxx/CVE-2019-17103.json b/2019/17xxx/CVE-2019-17103.json new file mode 100644 index 00000000000..31f72f9f0b6 --- /dev/null +++ b/2019/17xxx/CVE-2019-17103.json @@ -0,0 +1,102 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve-requests@bitdefender.com", + "DATE_PUBLIC": "2019-12-30T10:00:00.000Z", + "ID": "CVE-2019-17103", + "STATE": "PUBLIC", + "TITLE": "Get-task-allow entitlement via BDLDaemon on macOS" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bitdefender AV for Mac", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Bitdefender" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Bugcrowd user Bohops" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories.\nThis issue affects:\nBitdefender AV for Mac\nversions prior to 8.0.0." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276 Incorrect Default Permissions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.bitdefender.com/support/security-advisories/get-task-allow-entitlement-via-bdldaemon-macos-va-3448/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update Bitdefender AV for Mac to version 8.0.0 or higher." + } + ], + "source": { + "advisory": "VA-3448", + "defect": [ + "VA-3448" + ], + "discovery": "EXTERNAL" + } +} \ No newline at end of file From 55028909d46336b213b9d8b3c666b8690051c08d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 15:01:22 +0000 Subject: [PATCH 342/387] "-Synchronized-Data." --- 2006/7xxx/CVE-2006-7246.json | 63 ++++++++++++++++++++++++++++++++-- 2011/4xxx/CVE-2011-4558.json | 48 ++++++++++++++++++++++++-- 2012/1xxx/CVE-2012-1495.json | 63 ++++++++++++++++++++++++++++++++-- 2012/1xxx/CVE-2012-1496.json | 48 ++++++++++++++++++++++++-- 2013/0xxx/CVE-2013-0286.json | 50 +++++++++++++++++++++++++-- 2013/3xxx/CVE-2013-3486.json | 55 +++++++++++++++++++++++++++-- 2013/3xxx/CVE-2013-3492.json | 50 +++++++++++++++++++++++++-- 2013/3xxx/CVE-2013-3493.json | 50 +++++++++++++++++++++++++-- 2013/4xxx/CVE-2013-4462.json | 55 +++++++++++++++++++++++++++-- 2013/5xxx/CVE-2013-5659.json | 53 ++++++++++++++++++++++++++-- 2013/6xxx/CVE-2013-6056.json | 48 ++++++++++++++++++++++++-- 2014/4xxx/CVE-2014-4156.json | 53 ++++++++++++++++++++++++++-- 2015/4xxx/CVE-2015-4709.json | 14 ++++---- 2019/17xxx/CVE-2019-17102.json | 7 ++-- 2019/17xxx/CVE-2019-17103.json | 7 ++-- 2019/20xxx/CVE-2019-20433.json | 56 ++++++++++++++++++++++++++---- 2020/8xxx/CVE-2020-8033.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8034.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8035.json | 18 ++++++++++ 19 files changed, 726 insertions(+), 48 deletions(-) create mode 100644 2020/8xxx/CVE-2020-8033.json create mode 100644 2020/8xxx/CVE-2020-8034.json create mode 100644 2020/8xxx/CVE-2020-8035.json diff --git a/2006/7xxx/CVE-2006-7246.json b/2006/7xxx/CVE-2006-7246.json index 5b3b899f6d9..7d9d0bdc79f 100644 --- a/2006/7xxx/CVE-2006-7246.json +++ b/2006/7xxx/CVE-2006-7246.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-7246", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=341323", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=341323" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2010/04/22/2", + "url": "http://www.openwall.com/lists/oss-security/2010/04/22/2" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.novell.com/show_bug.cgi?id=574266", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=574266" + }, + { + "refsource": "MISC", + "name": "https://lwn.net/Articles/468868/", + "url": "https://lwn.net/Articles/468868/" } ] } diff --git a/2011/4xxx/CVE-2011-4558.json b/2011/4xxx/CVE-2011-4558.json index 81a582adcd9..9d449eb17f1 100644 --- a/2011/4xxx/CVE-2011-4558.json +++ b/2011/4xxx/CVE-2011-4558.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-4558", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/108111/Tiki-Wiki-CMS-Groupware-8.2-Code-Injection.html", + "url": "https://packetstormsecurity.com/files/108111/Tiki-Wiki-CMS-Groupware-8.2-Code-Injection.html" } ] } diff --git a/2012/1xxx/CVE-2012-1495.json b/2012/1xxx/CVE-2012-1495.json index 0b005b61664..1e1acbdd685 100644 --- a/2012/1xxx/CVE-2012-1495.json +++ b/2012/1xxx/CVE-2012-1495.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1495", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/", + "url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/18775", + "url": "https://www.exploit-db.com/exploits/18775" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html", + "url": "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html", + "url": "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html" } ] } diff --git a/2012/1xxx/CVE-2012-1496.json b/2012/1xxx/CVE-2012-1496.json index e1b8fa6b375..70e50bf2e1f 100644 --- a/2012/1xxx/CVE-2012-1496.json +++ b/2012/1xxx/CVE-2012-1496.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1496", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Local file inclusion in WebCalendar before 1.2.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/", + "url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/" } ] } diff --git a/2013/0xxx/CVE-2013-0286.json b/2013/0xxx/CVE-2013-0286.json index cf759c89298..4db217d5cf2 100644 --- a/2013/0xxx/CVE-2013-0286.json +++ b/2013/0xxx/CVE-2013-0286.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0286", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Pinboard theme authors", + "product": { + "product_data": [ + { + "product_name": "Pinboard theme", + "version": { + "version_data": [ + { + "version_value": "1.0.6" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pinboard 1.0.6 theme for Wordpress has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2013/02/14/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/02/14/4" } ] } diff --git a/2013/3xxx/CVE-2013-3486.json b/2013/3xxx/CVE-2013-3486.json index a24b251c16e..e272a6b4019 100644 --- a/2013/3xxx/CVE-2013-3486.json +++ b/2013/3xxx/CVE-2013-3486.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2013-3486", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IrfanView FlashPix PlugIn", + "version": { + "version_data": [ + { + "version_value": "4.3" + } + ] + } + } + ] + }, + "vendor_name": "IrfanView FlashPix PlugIn" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "integer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/60232", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/60232" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84903", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84903" } ] } diff --git a/2013/3xxx/CVE-2013-3492.json b/2013/3xxx/CVE-2013-3492.json index 97732d06619..0f283432077 100644 --- a/2013/3xxx/CVE-2013-3492.json +++ b/2013/3xxx/CVE-2013-3492.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2013-3492", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "XnView", + "product": { + "product_data": [ + { + "product_name": "XnView", + "version": { + "version_data": [ + { + "version_value": "2.03" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XnView 2.03 has a stack-based buffer overflow vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/61503", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/61503" } ] } diff --git a/2013/3xxx/CVE-2013-3493.json b/2013/3xxx/CVE-2013-3493.json index 26fca4d5daa..c1b5ec010c4 100644 --- a/2013/3xxx/CVE-2013-3493.json +++ b/2013/3xxx/CVE-2013-3493.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2013-3493", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "XnView", + "product": { + "product_data": [ + { + "product_name": "XnView", + "version": { + "version_data": [ + { + "version_value": "2.03" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XnView 2.03 has an integer overflow vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "integer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/61505", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/61505" } ] } diff --git a/2013/4xxx/CVE-2013-4462.json b/2013/4xxx/CVE-2013-4462.json index 832c777e178..1be9c6f2bd8 100644 --- a/2013/4xxx/CVE-2013-4462.json +++ b/2013/4xxx/CVE-2013-4462.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4462", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Portable phpMyAdmin Plugin authors", + "product": { + "product_data": [ + { + "product_name": "Portable phpMyAdmin Plugin", + "version": { + "version_data": [ + { + "version_value": "through at least 2013-10-22" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "auth bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/63249", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/63249" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/10/24/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/10/24/1" } ] } diff --git a/2013/5xxx/CVE-2013-5659.json b/2013/5xxx/CVE-2013-5659.json index 6f1a6ef4f2c..97ae5f00af4 100644 --- a/2013/5xxx/CVE-2013-5659.json +++ b/2013/5xxx/CVE-2013-5659.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-5659", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Wiz 5.0.3 has a user mode write access violation" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://seclists.org/fulldisclosure/2013/Sep/8", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2013/Sep/8" + }, + { + "refsource": "MISC", + "name": "http://realpentesting.blogspot.com/p/realpentesting-advisory-title-user-mode.html", + "url": "http://realpentesting.blogspot.com/p/realpentesting-advisory-title-user-mode.html" } ] } diff --git a/2013/6xxx/CVE-2013-6056.json b/2013/6xxx/CVE-2013-6056.json index 509c723f5a3..f92101ed6fe 100644 --- a/2013/6xxx/CVE-2013-6056.json +++ b/2013/6xxx/CVE-2013-6056.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6056", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/plugins/nessus/76122", + "url": "https://www.tenable.com/plugins/nessus/76122" } ] } diff --git a/2014/4xxx/CVE-2014-4156.json b/2014/4xxx/CVE-2014-4156.json index c476a88f364..c33653dd86d 100644 --- a/2014/4xxx/CVE-2014-4156.json +++ b/2014/4xxx/CVE-2014-4156.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4156", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/68028", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/68028" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2014/06/17/16", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/06/17/16" } ] } diff --git a/2015/4xxx/CVE-2015-4709.json b/2015/4xxx/CVE-2015-4709.json index 76a5c369123..353b28a203d 100644 --- a/2015/4xxx/CVE-2015-4709.json +++ b/2015/4xxx/CVE-2015-4709.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-4709", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-4709", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2019/17xxx/CVE-2019-17102.json b/2019/17xxx/CVE-2019-17102.json index eeb76017f82..d2a9c9b6608 100644 --- a/2019/17xxx/CVE-2019-17102.json +++ b/2019/17xxx/CVE-2019-17102.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitrary execution of system commands. \nThis issue affects:\nBitdefender Bitdefender BOX 2\nversions prior to 2.1.47.36." + "value": "An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitrary execution of system commands. This issue affects: Bitdefender Bitdefender BOX 2 versions prior to 2.1.47.36." } ] }, @@ -81,8 +81,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-box-v2-bootstrap-update_setup-command-execution-vulnerability-va-2226" + "refsource": "MISC", + "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-box-v2-bootstrap-update_setup-command-execution-vulnerability-va-2226", + "name": "https://www.bitdefender.com/support/security-advisories/bitdefender-box-v2-bootstrap-update_setup-command-execution-vulnerability-va-2226" } ] }, diff --git a/2019/17xxx/CVE-2019-17103.json b/2019/17xxx/CVE-2019-17103.json index 31f72f9f0b6..48447c93f58 100644 --- a/2019/17xxx/CVE-2019-17103.json +++ b/2019/17xxx/CVE-2019-17103.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories.\nThis issue affects:\nBitdefender AV for Mac\nversions prior to 8.0.0." + "value": "An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0." } ] }, @@ -81,8 +81,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.bitdefender.com/support/security-advisories/get-task-allow-entitlement-via-bdldaemon-macos-va-3448/" + "refsource": "MISC", + "url": "https://www.bitdefender.com/support/security-advisories/get-task-allow-entitlement-via-bdldaemon-macos-va-3448/", + "name": "https://www.bitdefender.com/support/security-advisories/get-task-allow-entitlement-via-bdldaemon-macos-va-3448/" } ] }, diff --git a/2019/20xxx/CVE-2019-20433.json b/2019/20xxx/CVE-2019-20433.json index f0e35ddf763..7893166a427 100644 --- a/2019/20xxx/CVE-2019-20433.json +++ b/2019/20xxx/CVE-2019-20433.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20433", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20433", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://aspell.net/buffer-overread-ucs.txt", + "refsource": "MISC", + "name": "http://aspell.net/buffer-overread-ucs.txt" } ] } diff --git a/2020/8xxx/CVE-2020-8033.json b/2020/8xxx/CVE-2020-8033.json new file mode 100644 index 00000000000..bc0a09fe410 --- /dev/null +++ b/2020/8xxx/CVE-2020-8033.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8033", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8034.json b/2020/8xxx/CVE-2020-8034.json new file mode 100644 index 00000000000..888eab814ac --- /dev/null +++ b/2020/8xxx/CVE-2020-8034.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8034", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8035.json b/2020/8xxx/CVE-2020-8035.json new file mode 100644 index 00000000000..ec149b8edb9 --- /dev/null +++ b/2020/8xxx/CVE-2020-8035.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8035", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From fd6c4bc9389b4c21b4f9b45127ccf3aa9b3fae0d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 16:01:12 +0000 Subject: [PATCH 343/387] "-Synchronized-Data." --- 2014/8xxx/CVE-2014-8161.json | 92 ++++++++++++++++++++++++++++++++-- 2014/9xxx/CVE-2014-9481.json | 65 ++++++++++++++++++++++-- 2015/0xxx/CVE-2015-0241.json | 92 ++++++++++++++++++++++++++++++++-- 2015/0xxx/CVE-2015-0242.json | 92 ++++++++++++++++++++++++++++++++-- 2015/0xxx/CVE-2015-0243.json | 92 ++++++++++++++++++++++++++++++++-- 2015/0xxx/CVE-2015-0244.json | 92 ++++++++++++++++++++++++++++++++-- 2015/0xxx/CVE-2015-0294.json | 60 ++++++++++++++++++++-- 2015/3xxx/CVE-2015-3154.json | 56 +++++++++++++++++++-- 2019/17xxx/CVE-2019-17190.json | 62 +++++++++++++++++++++++ 2019/1xxx/CVE-2019-1348.json | 50 ++++++++++++++++-- 2019/1xxx/CVE-2019-1353.json | 50 ++++++++++++++++-- 11 files changed, 773 insertions(+), 30 deletions(-) create mode 100644 2019/17xxx/CVE-2019-17190.json diff --git a/2014/8xxx/CVE-2014-8161.json b/2014/8xxx/CVE-2014-8161.json index ffaa622c9b8..cdda87a59cd 100644 --- a/2014/8xxx/CVE-2014-8161.json +++ b/2014/8xxx/CVE-2014-8161.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-8161", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,93 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PostgreSQL Global Development Group", + "product": { + "product_data": [ + { + "product_name": "PostgreSQL", + "version": { + "version_data": [ + { + "version_value": "before 9.0.19" + }, + { + "version_value": "9.1.x before 9.1.15" + }, + { + "version_value": "9.2.x before 9.2.10" + }, + { + "version_value": "9.3.x before 9.3.6" + }, + { + "version_value": "9.4.x before 9.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", + "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/about/news/1569/", + "url": "http://www.postgresql.org/about/news/1569/" + }, + { + "refsource": "CONFIRM", + "name": "http://www.debian.org/security/2015/dsa-3155", + "url": "http://www.debian.org/security/2015/dsa-3155" } ] } diff --git a/2014/9xxx/CVE-2014-9481.json b/2014/9xxx/CVE-2014-9481.json index 4427a1877a5..586589d5825 100644 --- a/2014/9xxx/CVE-2014-9481.json +++ b/2014/9xxx/CVE-2014-9481.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2014-9481", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Scribunto", + "product": { + "product_data": [ + { + "product_name": "Scribunto", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/12/21/2", + "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/01/03/13", + "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13" + }, + { + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T73167", + "url": "https://phabricator.wikimedia.org/T73167" + }, + { + "refsource": "CONFIRM", + "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html" } ] } diff --git a/2015/0xxx/CVE-2015-0241.json b/2015/0xxx/CVE-2015-0241.json index f044db482b3..3c984b7ac41 100644 --- a/2015/0xxx/CVE-2015-0241.json +++ b/2015/0xxx/CVE-2015-0241.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0241", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,93 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PostgreSQL Global Development Group", + "product": { + "product_data": [ + { + "product_name": "PostgreSQL", + "version": { + "version_data": [ + { + "version_value": "before 9.0.19" + }, + { + "version_value": "9.1.x before 9.1.15" + }, + { + "version_value": "9.2.x before 9.2.10" + }, + { + "version_value": "9.3.x before 9.3.6" + }, + { + "version_value": "9.4.x before 9.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", + "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/about/news/1569/", + "url": "http://www.postgresql.org/about/news/1569/" + }, + { + "refsource": "CONFIRM", + "name": "http://www.debian.org/security/2015/dsa-3155", + "url": "http://www.debian.org/security/2015/dsa-3155" } ] } diff --git a/2015/0xxx/CVE-2015-0242.json b/2015/0xxx/CVE-2015-0242.json index 926cb66e385..bb57903554c 100644 --- a/2015/0xxx/CVE-2015-0242.json +++ b/2015/0xxx/CVE-2015-0242.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0242", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,93 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PostgreSQL Global Development Group", + "product": { + "product_data": [ + { + "product_name": "PostgreSQL", + "version": { + "version_data": [ + { + "version_value": "before 9.0.19" + }, + { + "version_value": "9.1.x before 9.1.15" + }, + { + "version_value": "9.2.x before 9.2.10" + }, + { + "version_value": "9.3.x before 9.3.6" + }, + { + "version_value": "9.4.x before 9.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", + "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/about/news/1569/", + "url": "http://www.postgresql.org/about/news/1569/" + }, + { + "refsource": "CONFIRM", + "name": "http://www.debian.org/security/2015/dsa-3155", + "url": "http://www.debian.org/security/2015/dsa-3155" } ] } diff --git a/2015/0xxx/CVE-2015-0243.json b/2015/0xxx/CVE-2015-0243.json index 831b3b1346a..0b8f9748a49 100644 --- a/2015/0xxx/CVE-2015-0243.json +++ b/2015/0xxx/CVE-2015-0243.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0243", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,93 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PostgreSQL Global Development Group", + "product": { + "product_data": [ + { + "product_name": "PostgreSQL", + "version": { + "version_data": [ + { + "version_value": "before 9.0.19" + }, + { + "version_value": "9.1.x before 9.1.15" + }, + { + "version_value": "9.2.x before 9.2.10" + }, + { + "version_value": "9.3.x before 9.3.6" + }, + { + "version_value": "9.4.x before 9.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", + "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/about/news/1569/", + "url": "http://www.postgresql.org/about/news/1569/" + }, + { + "refsource": "CONFIRM", + "name": "http://www.debian.org/security/2015/dsa-3155", + "url": "http://www.debian.org/security/2015/dsa-3155" } ] } diff --git a/2015/0xxx/CVE-2015-0244.json b/2015/0xxx/CVE-2015-0244.json index e6100ae07ef..6d43ae3b9f0 100644 --- a/2015/0xxx/CVE-2015-0244.json +++ b/2015/0xxx/CVE-2015-0244.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0244", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,93 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PostgreSQL Global Development Group", + "product": { + "product_data": [ + { + "product_name": "PostgreSQL", + "version": { + "version_data": [ + { + "version_value": "before 9.0.19" + }, + { + "version_value": "9.1.x before 9.1.15" + }, + { + "version_value": "9.2.x before 9.2.10" + }, + { + "version_value": "9.3.x before 9.3.6" + }, + { + "version_value": "9.4.x before 9.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", + "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/about/news/1569/", + "url": "http://www.postgresql.org/about/news/1569/" + }, + { + "refsource": "CONFIRM", + "name": "http://www.debian.org/security/2015/dsa-3155", + "url": "http://www.debian.org/security/2015/dsa-3155" } ] } diff --git a/2015/0xxx/CVE-2015-0294.json b/2015/0xxx/CVE-2015-0294.json index 1126e760455..dd2c78248da 100644 --- a/2015/0xxx/CVE-2015-0294.json +++ b/2015/0xxx/CVE-2015-0294.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0294", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cryptography" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GnuTLS", + "product": { + "product_data": [ + { + "product_name": "GnuTLS", + "version": { + "version_data": [ + { + "version_value": "before 3.3.13" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1196323", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196323" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff", + "url": "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff" + }, + { + "refsource": "MISC", + "name": "http://www.debian.org/security/2015/dsa-3191", + "url": "http://www.debian.org/security/2015/dsa-3191" } ] } diff --git a/2015/3xxx/CVE-2015-3154.json b/2015/3xxx/CVE-2015-3154.json index 34a98d79295..cd686a40498 100644 --- a/2015/3xxx/CVE-2015-3154.json +++ b/2015/3xxx/CVE-2015-3154.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3154", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,57 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CRLF injection vulnerability in Zend\\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CRLF Injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zend Technologies", + "product": { + "product_data": [ + { + "product_name": "Zend Framework", + "version": { + "version_data": [ + { + "version_value": "before 1.12.12" + }, + { + "version_value": "2.x before 2.3.8" + }, + { + "version_value": "2.4.x before 2.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://framework.zend.com/security/advisory/ZF2015-04", + "url": "http://framework.zend.com/security/advisory/ZF2015-04" } ] } diff --git a/2019/17xxx/CVE-2019-17190.json b/2019/17xxx/CVE-2019-17190.json new file mode 100644 index 00000000000..528171f25f2 --- /dev/null +++ b/2019/17xxx/CVE-2019-17190.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the elevated process cleans the ACL of the Update.ini file in %PROGRAMDATA%\\Avast Software\\Browser\\Update\\ and sets all privileges to group Everyone. Because any low-privileged user can create, delete, or modify the Update.ini file stored in this location, an attacker with low privileges can create a hard link named Update.ini in this folder, and make it point to a file writable by NT AUTHORITY\\SYSTEM. Once AvastBrowserUpdate.exe is triggered by the update check functionality, the DACL is set to a misconfigured value on the crafted Update.ini and, consequently, to the target file that was previously not writable by the low-privileged attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.avast.com/bug-bounty-credits/en/a-tribute-to-our-security-research-community", + "url": "https://www.avast.com/bug-bounty-credits/en/a-tribute-to-our-security-research-community" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1348.json b/2019/1xxx/CVE-2019-1348.json index 2bd0a3fb44b..010dc967d38 100644 --- a/2019/1xxx/CVE-2019-1348.json +++ b/2019/1xxx/CVE-2019-1348.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-1348", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft Corporation", + "product": { + "product_data": [ + { + "product_name": "Git", + "version": { + "version_data": [ + { + "version_value": "Before 2.24.1, 2.23.1, 2.22.2, 2.21.1, 2.20.2, 2.19.3, 2.18.2, 2.17.3, 2.16.6, 2.15.4, 2.14.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u", + "url": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." + "value": "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths." } ] } diff --git a/2019/1xxx/CVE-2019-1353.json b/2019/1xxx/CVE-2019-1353.json index eae853cad28..9a270f484a8 100644 --- a/2019/1xxx/CVE-2019-1353.json +++ b/2019/1xxx/CVE-2019-1353.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-1353", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft Corporation", + "product": { + "product_data": [ + { + "product_name": "Git", + "version": { + "version_data": [ + { + "version_value": "Before 2.24.1, 2.23.1, 2.22.2, 2.21.1, 2.20.2, 2.19.3, 2.18.2, 2.17.3, 2.16.6, 2.15.4, 2.14.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u", + "url": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." + "value": "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as \"WSL\") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active." } ] } From e56945c71fdcbce97dfc230428841a8b3eed95a2 Mon Sep 17 00:00:00 2001 From: santosomar Date: Mon, 27 Jan 2020 16:26:32 +0000 Subject: [PATCH 344/387] Adding Cisco Cisco_CVE-2020-3142-- --- 2020/3xxx/CVE-2020-3142.json | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/2020/3xxx/CVE-2020-3142.json b/2020/3xxx/CVE-2020-3142.json index 704f0b9a1cc..7bb4f641df0 100644 --- a/2020/3xxx/CVE-2020-3142.json +++ b/2020/3xxx/CVE-2020-3142.json @@ -37,16 +37,10 @@ "description_data": [ { "lang": "eng", - "value": "[CVE-2020-3142_su] A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device’s web browser. The browser will then request to launch the device’s Webex mobile application. A successful exploit could allow the unauthorized attendee to join the password-protected meeting. The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee. Cisco has applied updates that address this vulnerability and no user action is required." + "value": "A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device’s web browser. The browser will then request to launch the device’s Webex mobile application. A successful exploit could allow the unauthorized attendee to join the password-protected meeting. The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee. Cisco has applied updates that address this vulnerability and no user action is required." } ] }, - "exploit": [ - { - "lang": "eng", - "value": "[CVE-2020-3142_ex] " - } - ], "impact": { "cvss": { "baseScore": "7.5", @@ -84,4 +78,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} From 8559901a1f671d36596b9529cd90780878d41f1e Mon Sep 17 00:00:00 2001 From: santosomar Date: Mon, 27 Jan 2020 16:28:22 +0000 Subject: [PATCH 345/387] Adding Cisco CVE-2020-3136- --- 2020/3xxx/CVE-2020-3136.json | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/2020/3xxx/CVE-2020-3136.json b/2020/3xxx/CVE-2020-3136.json index bb636ed921c..5b0ca7cce5c 100644 --- a/2020/3xxx/CVE-2020-3136.json +++ b/2020/3xxx/CVE-2020-3136.json @@ -37,16 +37,10 @@ "description_data": [ { "lang": "eng", - "value": "[CVE-2020-3136_su] A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information." + "value": "A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information." } ] }, - "exploit": [ - { - "lang": "eng", - "value": "[CVE-2020-3136_ex] " - } - ], "impact": { "cvss": { "baseScore": "6.1", @@ -84,4 +78,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} From 5416996e104c5c65d471e28fa4fd50c9a3002bcd Mon Sep 17 00:00:00 2001 From: santosomar Date: Mon, 27 Jan 2020 16:32:19 +0000 Subject: [PATCH 346/387] Adding Cisco CVE-2020-3139-- --- 2020/3xxx/CVE-2020-3139.json | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/2020/3xxx/CVE-2020-3139.json b/2020/3xxx/CVE-2020-3139.json index 252f45d9640..ae164a5d0d1 100644 --- a/2020/3xxx/CVE-2020-3139.json +++ b/2020/3xxx/CVE-2020-3139.json @@ -37,16 +37,10 @@ "description_data": [ { "lang": "eng", - "value": "[CVE-2020-3139_su] A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB management interface when, in fact, the packets should be dropped. The vulnerability is due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. An attacker could exploit this vulnerability by sending traffic to the OOB management interface on the targeted device. A successful exploit could allow the attacker to bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself." + "value": "A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB management interface when, in fact, the packets should be dropped. The vulnerability is due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. An attacker could exploit this vulnerability by sending traffic to the OOB management interface on the targeted device. A successful exploit could allow the attacker to bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself." } ] }, - "exploit": [ - { - "lang": "eng", - "value": "[CVE-2020-3139_ex] " - } - ], "impact": { "cvss": { "baseScore": "5.3", @@ -84,4 +78,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} From 6eded6ee51e2deb273131fd03cf45f29be68bceb Mon Sep 17 00:00:00 2001 From: santosomar Date: Mon, 27 Jan 2020 16:34:19 +0000 Subject: [PATCH 347/387] Adding Cisco CVE-2020-3131-- --- 2020/3xxx/CVE-2020-3131.json | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/2020/3xxx/CVE-2020-3131.json b/2020/3xxx/CVE-2020-3131.json index b7385222380..a247803f71b 100644 --- a/2020/3xxx/CVE-2020-3131.json +++ b/2020/3xxx/CVE-2020-3131.json @@ -37,16 +37,10 @@ "description_data": [ { "lang": "eng", - "value": "[CVE-2020-3131_su] A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user's client to crash continuously." + "value": "A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user's client to crash continuously." } ] }, - "exploit": [ - { - "lang": "eng", - "value": "[CVE-2020-3131_ex] " - } - ], "impact": { "cvss": { "baseScore": "6.5", @@ -84,4 +78,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} From 39bda4c4da552dc616b7987f4b59c7c926a33101 Mon Sep 17 00:00:00 2001 From: santosomar Date: Mon, 27 Jan 2020 16:35:41 +0000 Subject: [PATCH 348/387] Adding Cisco CVE-2020-3134 --- 2020/3xxx/CVE-2020-3134.json | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/2020/3xxx/CVE-2020-3134.json b/2020/3xxx/CVE-2020-3134.json index 73c33275287..3fb1504b5ca 100644 --- a/2020/3xxx/CVE-2020-3134.json +++ b/2020/3xxx/CVE-2020-3134.json @@ -37,16 +37,10 @@ "description_data": [ { "lang": "eng", - "value": "[CVE-2020-3134_su] A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition." + "value": "A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition." } ] }, - "exploit": [ - { - "lang": "eng", - "value": "[CVE-2020-3134_ex] " - } - ], "impact": { "cvss": { "baseScore": "6.5", @@ -84,4 +78,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} From fc41a4c85874e916e68c370a68dacb0028b43355 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 17:01:06 +0000 Subject: [PATCH 349/387] "-Synchronized-Data." --- 2013/4xxx/CVE-2013-4441.json | 65 +++++++++++++++++++++++++++++++-- 2019/19xxx/CVE-2019-19825.json | 66 ++++++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7238.json | 61 +++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7949.json | 56 +++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7950.json | 56 +++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7951.json | 56 +++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7952.json | 56 +++++++++++++++++++++++++---- 2020/8xxx/CVE-2020-8036.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8037.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8038.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8039.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8040.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8041.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8042.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8043.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8044.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8045.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8046.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8047.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8048.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8049.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8050.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8051.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8052.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8053.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8054.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8055.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8056.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8057.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8058.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8059.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8060.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8061.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8062.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8063.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8064.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8065.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8066.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8067.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8068.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8069.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8070.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8071.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8072.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8073.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8074.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8075.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8076.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8077.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8078.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8079.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8080.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8081.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8082.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8083.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8084.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8085.json | 18 ++++++++++ 57 files changed, 1277 insertions(+), 39 deletions(-) create mode 100644 2020/8xxx/CVE-2020-8036.json create mode 100644 2020/8xxx/CVE-2020-8037.json create mode 100644 2020/8xxx/CVE-2020-8038.json create mode 100644 2020/8xxx/CVE-2020-8039.json create mode 100644 2020/8xxx/CVE-2020-8040.json create mode 100644 2020/8xxx/CVE-2020-8041.json create mode 100644 2020/8xxx/CVE-2020-8042.json create mode 100644 2020/8xxx/CVE-2020-8043.json create mode 100644 2020/8xxx/CVE-2020-8044.json create mode 100644 2020/8xxx/CVE-2020-8045.json create mode 100644 2020/8xxx/CVE-2020-8046.json create mode 100644 2020/8xxx/CVE-2020-8047.json create mode 100644 2020/8xxx/CVE-2020-8048.json create mode 100644 2020/8xxx/CVE-2020-8049.json create mode 100644 2020/8xxx/CVE-2020-8050.json create mode 100644 2020/8xxx/CVE-2020-8051.json create mode 100644 2020/8xxx/CVE-2020-8052.json create mode 100644 2020/8xxx/CVE-2020-8053.json create mode 100644 2020/8xxx/CVE-2020-8054.json create mode 100644 2020/8xxx/CVE-2020-8055.json create mode 100644 2020/8xxx/CVE-2020-8056.json create mode 100644 2020/8xxx/CVE-2020-8057.json create mode 100644 2020/8xxx/CVE-2020-8058.json create mode 100644 2020/8xxx/CVE-2020-8059.json create mode 100644 2020/8xxx/CVE-2020-8060.json create mode 100644 2020/8xxx/CVE-2020-8061.json create mode 100644 2020/8xxx/CVE-2020-8062.json create mode 100644 2020/8xxx/CVE-2020-8063.json create mode 100644 2020/8xxx/CVE-2020-8064.json create mode 100644 2020/8xxx/CVE-2020-8065.json create mode 100644 2020/8xxx/CVE-2020-8066.json create mode 100644 2020/8xxx/CVE-2020-8067.json create mode 100644 2020/8xxx/CVE-2020-8068.json create mode 100644 2020/8xxx/CVE-2020-8069.json create mode 100644 2020/8xxx/CVE-2020-8070.json create mode 100644 2020/8xxx/CVE-2020-8071.json create mode 100644 2020/8xxx/CVE-2020-8072.json create mode 100644 2020/8xxx/CVE-2020-8073.json create mode 100644 2020/8xxx/CVE-2020-8074.json create mode 100644 2020/8xxx/CVE-2020-8075.json create mode 100644 2020/8xxx/CVE-2020-8076.json create mode 100644 2020/8xxx/CVE-2020-8077.json create mode 100644 2020/8xxx/CVE-2020-8078.json create mode 100644 2020/8xxx/CVE-2020-8079.json create mode 100644 2020/8xxx/CVE-2020-8080.json create mode 100644 2020/8xxx/CVE-2020-8081.json create mode 100644 2020/8xxx/CVE-2020-8082.json create mode 100644 2020/8xxx/CVE-2020-8083.json create mode 100644 2020/8xxx/CVE-2020-8084.json create mode 100644 2020/8xxx/CVE-2020-8085.json diff --git a/2013/4xxx/CVE-2013-4441.json b/2013/4xxx/CVE-2013-4441.json index 9c16c305b11..91c2179650a 100644 --- a/2013/4xxx/CVE-2013-4441.json +++ b/2013/4xxx/CVE-2013-4441.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4441", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Password" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Pwgen", + "product": { + "product_data": [ + { + "product_name": "Pwgen", + "version": { + "version_data": [ + { + "version_value": "2.06" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726578", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726578" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/06/06/1", + "url": "http://www.openwall.com/lists/oss-security/2013/06/06/1" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/10/16/15", + "url": "http://www.openwall.com/lists/oss-security/2013/10/16/15" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2012/01/22/6", + "url": "https://www.openwall.com/lists/oss-security/2012/01/22/6" } ] } diff --git a/2019/19xxx/CVE-2019-19825.json b/2019/19xxx/CVE-2019-19825.json index 18a763c4b20..cbd9d4a3cdf 100644 --- a/2019/19xxx/CVE-2019-19825.json +++ b/2019/19xxx/CVE-2019-19825.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19825", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19825", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {\"topicurl\":\"setting/getSanvas\"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform router actions via HTTP requests with Basic Authentication.) This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sploit.tech", + "refsource": "MISC", + "name": "https://sploit.tech" + }, + { + "refsource": "FULLDISC", + "name": "20200124 Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers", + "url": "http://seclists.org/fulldisclosure/2020/Jan/36" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html" } ] } diff --git a/2020/7xxx/CVE-2020-7238.json b/2020/7xxx/CVE-2020-7238.json index d8611ad257f..e099fbad858 100644 --- a/2020/7xxx/CVE-2020-7238.json +++ b/2020/7xxx/CVE-2020-7238.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7238", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7238", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://netty.io/news/", + "refsource": "MISC", + "name": "https://netty.io/news/" + }, + { + "refsource": "MISC", + "name": "https://github.com/jdordonezn/CVE-2020-72381/issues/1", + "url": "https://github.com/jdordonezn/CVE-2020-72381/issues/1" } ] } diff --git a/2020/7xxx/CVE-2020-7949.json b/2020/7xxx/CVE-2020-7949.json index 9e4492e456b..82eaa42a5cc 100644 --- a/2020/7xxx/CVE-2020-7949.json +++ b/2020/7xxx/CVE-2020-7949.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7949", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7949", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/bi7s/CVE/tree/master/CVE-2020-7949", + "url": "https://github.com/bi7s/CVE/tree/master/CVE-2020-7949" } ] } diff --git a/2020/7xxx/CVE-2020-7950.json b/2020/7xxx/CVE-2020-7950.json index b9f4ecafecd..90443cac20e 100644 --- a/2020/7xxx/CVE-2020-7950.json +++ b/2020/7xxx/CVE-2020-7950.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7950", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7950", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a vulnerable function call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/bi7s/CVE/tree/master/CVE-2020-7950", + "url": "https://github.com/bi7s/CVE/tree/master/CVE-2020-7950" } ] } diff --git a/2020/7xxx/CVE-2020-7951.json b/2020/7xxx/CVE-2020-7951.json index f9bf8566f3e..755ba84a29a 100644 --- a/2020/7xxx/CVE-2020-7951.json +++ b/2020/7xxx/CVE-2020-7951.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7951", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7951", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/bi7s/CVE/tree/master/CVE-2020-7951", + "url": "https://github.com/bi7s/CVE/tree/master/CVE-2020-7951" } ] } diff --git a/2020/7xxx/CVE-2020-7952.json b/2020/7xxx/CVE-2020-7952.json index 43e3eb21fc8..2517ded7f41 100644 --- a/2020/7xxx/CVE-2020-7952.json +++ b/2020/7xxx/CVE-2020-7952.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7952", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7952", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/bi7s/CVE/tree/master/CVE-2020-7952", + "url": "https://github.com/bi7s/CVE/tree/master/CVE-2020-7952" } ] } diff --git a/2020/8xxx/CVE-2020-8036.json b/2020/8xxx/CVE-2020-8036.json new file mode 100644 index 00000000000..9a87c4277fb --- /dev/null +++ b/2020/8xxx/CVE-2020-8036.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8036", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8037.json b/2020/8xxx/CVE-2020-8037.json new file mode 100644 index 00000000000..ec2602354b5 --- /dev/null +++ b/2020/8xxx/CVE-2020-8037.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8037", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8038.json b/2020/8xxx/CVE-2020-8038.json new file mode 100644 index 00000000000..bfef2aea85c --- /dev/null +++ b/2020/8xxx/CVE-2020-8038.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8038", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8039.json b/2020/8xxx/CVE-2020-8039.json new file mode 100644 index 00000000000..f5c74eb5c2c --- /dev/null +++ b/2020/8xxx/CVE-2020-8039.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8039", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8040.json b/2020/8xxx/CVE-2020-8040.json new file mode 100644 index 00000000000..82877ac6082 --- /dev/null +++ b/2020/8xxx/CVE-2020-8040.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8040", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8041.json b/2020/8xxx/CVE-2020-8041.json new file mode 100644 index 00000000000..fee73c55c27 --- /dev/null +++ b/2020/8xxx/CVE-2020-8041.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8041", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8042.json b/2020/8xxx/CVE-2020-8042.json new file mode 100644 index 00000000000..f0080fb7065 --- /dev/null +++ b/2020/8xxx/CVE-2020-8042.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8042", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8043.json b/2020/8xxx/CVE-2020-8043.json new file mode 100644 index 00000000000..ef4cabe702a --- /dev/null +++ b/2020/8xxx/CVE-2020-8043.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8043", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8044.json b/2020/8xxx/CVE-2020-8044.json new file mode 100644 index 00000000000..f51126abd21 --- /dev/null +++ b/2020/8xxx/CVE-2020-8044.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8044", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8045.json b/2020/8xxx/CVE-2020-8045.json new file mode 100644 index 00000000000..f080a8b0e72 --- /dev/null +++ b/2020/8xxx/CVE-2020-8045.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8045", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8046.json b/2020/8xxx/CVE-2020-8046.json new file mode 100644 index 00000000000..c4bbec8a888 --- /dev/null +++ b/2020/8xxx/CVE-2020-8046.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8046", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8047.json b/2020/8xxx/CVE-2020-8047.json new file mode 100644 index 00000000000..7d2cce86ac0 --- /dev/null +++ b/2020/8xxx/CVE-2020-8047.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8047", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8048.json b/2020/8xxx/CVE-2020-8048.json new file mode 100644 index 00000000000..af29f40f816 --- /dev/null +++ b/2020/8xxx/CVE-2020-8048.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8048", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8049.json b/2020/8xxx/CVE-2020-8049.json new file mode 100644 index 00000000000..93a16e8f97b --- /dev/null +++ b/2020/8xxx/CVE-2020-8049.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8049", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8050.json b/2020/8xxx/CVE-2020-8050.json new file mode 100644 index 00000000000..bbf7c40c433 --- /dev/null +++ b/2020/8xxx/CVE-2020-8050.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8050", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8051.json b/2020/8xxx/CVE-2020-8051.json new file mode 100644 index 00000000000..4fccb960909 --- /dev/null +++ b/2020/8xxx/CVE-2020-8051.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8051", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8052.json b/2020/8xxx/CVE-2020-8052.json new file mode 100644 index 00000000000..6d6aa999909 --- /dev/null +++ b/2020/8xxx/CVE-2020-8052.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8052", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8053.json b/2020/8xxx/CVE-2020-8053.json new file mode 100644 index 00000000000..6e6cff450fa --- /dev/null +++ b/2020/8xxx/CVE-2020-8053.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8053", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8054.json b/2020/8xxx/CVE-2020-8054.json new file mode 100644 index 00000000000..b014765512d --- /dev/null +++ b/2020/8xxx/CVE-2020-8054.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8054", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8055.json b/2020/8xxx/CVE-2020-8055.json new file mode 100644 index 00000000000..4fec8a65ba7 --- /dev/null +++ b/2020/8xxx/CVE-2020-8055.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8055", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8056.json b/2020/8xxx/CVE-2020-8056.json new file mode 100644 index 00000000000..cd41380c6f3 --- /dev/null +++ b/2020/8xxx/CVE-2020-8056.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8056", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8057.json b/2020/8xxx/CVE-2020-8057.json new file mode 100644 index 00000000000..7404bf6179b --- /dev/null +++ b/2020/8xxx/CVE-2020-8057.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8057", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8058.json b/2020/8xxx/CVE-2020-8058.json new file mode 100644 index 00000000000..256efbec61d --- /dev/null +++ b/2020/8xxx/CVE-2020-8058.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8058", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8059.json b/2020/8xxx/CVE-2020-8059.json new file mode 100644 index 00000000000..4373daf76ba --- /dev/null +++ b/2020/8xxx/CVE-2020-8059.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8059", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8060.json b/2020/8xxx/CVE-2020-8060.json new file mode 100644 index 00000000000..1b9497a5efe --- /dev/null +++ b/2020/8xxx/CVE-2020-8060.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8060", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8061.json b/2020/8xxx/CVE-2020-8061.json new file mode 100644 index 00000000000..9d409d28a93 --- /dev/null +++ b/2020/8xxx/CVE-2020-8061.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8061", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8062.json b/2020/8xxx/CVE-2020-8062.json new file mode 100644 index 00000000000..2508009246b --- /dev/null +++ b/2020/8xxx/CVE-2020-8062.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8062", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8063.json b/2020/8xxx/CVE-2020-8063.json new file mode 100644 index 00000000000..b4ae1ff0ec7 --- /dev/null +++ b/2020/8xxx/CVE-2020-8063.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8063", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8064.json b/2020/8xxx/CVE-2020-8064.json new file mode 100644 index 00000000000..6e78c860cc8 --- /dev/null +++ b/2020/8xxx/CVE-2020-8064.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8064", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8065.json b/2020/8xxx/CVE-2020-8065.json new file mode 100644 index 00000000000..c3d9f7a42d2 --- /dev/null +++ b/2020/8xxx/CVE-2020-8065.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8065", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8066.json b/2020/8xxx/CVE-2020-8066.json new file mode 100644 index 00000000000..682186801c7 --- /dev/null +++ b/2020/8xxx/CVE-2020-8066.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8066", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8067.json b/2020/8xxx/CVE-2020-8067.json new file mode 100644 index 00000000000..59e11ecd042 --- /dev/null +++ b/2020/8xxx/CVE-2020-8067.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8067", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8068.json b/2020/8xxx/CVE-2020-8068.json new file mode 100644 index 00000000000..7e96ff5dafb --- /dev/null +++ b/2020/8xxx/CVE-2020-8068.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8068", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8069.json b/2020/8xxx/CVE-2020-8069.json new file mode 100644 index 00000000000..4333c8c5015 --- /dev/null +++ b/2020/8xxx/CVE-2020-8069.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8069", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8070.json b/2020/8xxx/CVE-2020-8070.json new file mode 100644 index 00000000000..9a88f837d1f --- /dev/null +++ b/2020/8xxx/CVE-2020-8070.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8070", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8071.json b/2020/8xxx/CVE-2020-8071.json new file mode 100644 index 00000000000..ce24d44ad9a --- /dev/null +++ b/2020/8xxx/CVE-2020-8071.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8071", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8072.json b/2020/8xxx/CVE-2020-8072.json new file mode 100644 index 00000000000..7c9e5922f53 --- /dev/null +++ b/2020/8xxx/CVE-2020-8072.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8072", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8073.json b/2020/8xxx/CVE-2020-8073.json new file mode 100644 index 00000000000..5259af50d9f --- /dev/null +++ b/2020/8xxx/CVE-2020-8073.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8073", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8074.json b/2020/8xxx/CVE-2020-8074.json new file mode 100644 index 00000000000..f18a98912e0 --- /dev/null +++ b/2020/8xxx/CVE-2020-8074.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8074", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8075.json b/2020/8xxx/CVE-2020-8075.json new file mode 100644 index 00000000000..dfc4d01110d --- /dev/null +++ b/2020/8xxx/CVE-2020-8075.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8075", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8076.json b/2020/8xxx/CVE-2020-8076.json new file mode 100644 index 00000000000..39a9d71ceb1 --- /dev/null +++ b/2020/8xxx/CVE-2020-8076.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8076", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8077.json b/2020/8xxx/CVE-2020-8077.json new file mode 100644 index 00000000000..668a5764e1e --- /dev/null +++ b/2020/8xxx/CVE-2020-8077.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8077", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8078.json b/2020/8xxx/CVE-2020-8078.json new file mode 100644 index 00000000000..e528cba3952 --- /dev/null +++ b/2020/8xxx/CVE-2020-8078.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8078", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8079.json b/2020/8xxx/CVE-2020-8079.json new file mode 100644 index 00000000000..ae49a868345 --- /dev/null +++ b/2020/8xxx/CVE-2020-8079.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8079", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8080.json b/2020/8xxx/CVE-2020-8080.json new file mode 100644 index 00000000000..c8a2fab6f7c --- /dev/null +++ b/2020/8xxx/CVE-2020-8080.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8080", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8081.json b/2020/8xxx/CVE-2020-8081.json new file mode 100644 index 00000000000..96f1a6f2d37 --- /dev/null +++ b/2020/8xxx/CVE-2020-8081.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8081", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8082.json b/2020/8xxx/CVE-2020-8082.json new file mode 100644 index 00000000000..c74f29c0570 --- /dev/null +++ b/2020/8xxx/CVE-2020-8082.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8082", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8083.json b/2020/8xxx/CVE-2020-8083.json new file mode 100644 index 00000000000..0d8ad88a474 --- /dev/null +++ b/2020/8xxx/CVE-2020-8083.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8083", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8084.json b/2020/8xxx/CVE-2020-8084.json new file mode 100644 index 00000000000..140e887f985 --- /dev/null +++ b/2020/8xxx/CVE-2020-8084.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8084", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8085.json b/2020/8xxx/CVE-2020-8085.json new file mode 100644 index 00000000000..c81c16cd946 --- /dev/null +++ b/2020/8xxx/CVE-2020-8085.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8085", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From d3b9d63389fac0a8609110190a3df07110f32d7a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 18:01:22 +0000 Subject: [PATCH 350/387] "-Synchronized-Data." --- 2013/4xxx/CVE-2013-4770.json | 48 ++++++++++++++++++++- 2013/7xxx/CVE-2013-7390.json | 53 +++++++++++++++++++++++- 2014/3xxx/CVE-2014-3979.json | 58 +++++++++++++++++++++++++- 2014/7xxx/CVE-2014-7301.json | 53 +++++++++++++++++++++++- 2014/7xxx/CVE-2014-7302.json | 53 +++++++++++++++++++++++- 2014/7xxx/CVE-2014-7303.json | 53 +++++++++++++++++++++++- 2014/8xxx/CVE-2014-8741.json | 53 +++++++++++++++++++++++- 2014/8xxx/CVE-2014-8742.json | 53 +++++++++++++++++++++++- 2019/14xxx/CVE-2019-14902.json | 5 +++ 2019/14xxx/CVE-2019-14907.json | 5 +++ 2019/17xxx/CVE-2019-17094.json | 10 ++--- 2019/17xxx/CVE-2019-17095.json | 1 + 2019/17xxx/CVE-2019-17099.json | 13 +++--- 2019/19xxx/CVE-2019-19344.json | 5 +++ 2019/19xxx/CVE-2019-19822.json | 76 +++++++++++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19823.json | 76 +++++++++++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19824.json | 66 ++++++++++++++++++++++++++--- 2020/5xxx/CVE-2020-5390.json | 5 +++ 2020/8xxx/CVE-2020-8086.json | 18 ++++++++ 19 files changed, 658 insertions(+), 46 deletions(-) create mode 100644 2020/8xxx/CVE-2020-8086.json diff --git a/2013/4xxx/CVE-2013-4770.json b/2013/4xxx/CVE-2013-4770.json index 48d77126f97..a7263905e76 100644 --- a/2013/4xxx/CVE-2013-4770.json +++ b/2013/4xxx/CVE-2013-4770.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4770", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://groups.google.com/a/eucalyptus.com/d/msg/security-announce/tFcxwess0TE/Br0sQW1mJBMJ", + "url": "https://groups.google.com/a/eucalyptus.com/d/msg/security-announce/tFcxwess0TE/Br0sQW1mJBMJ" } ] } diff --git a/2013/7xxx/CVE-2013-7390.json b/2013/7xxx/CVE-2013-7390.json index c9cdc963b7a..112781e1938 100644 --- a/2013/7xxx/CVE-2013-7390.json +++ b/2013/7xxx/CVE-2013-7390.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7390", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/desktopcentral_file_upload.rb", + "url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/desktopcentral_file_upload.rb" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2013/Nov/130", + "url": "http://seclists.org/fulldisclosure/2013/Nov/130" } ] } diff --git a/2014/3xxx/CVE-2014-3979.json b/2014/3xxx/CVE-2014-3979.json index bd52e3a6805..db4d7e445c8 100644 --- a/2014/3xxx/CVE-2014-3979.json +++ b/2014/3xxx/CVE-2014-3979.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3979", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Bytemark Symbiosis allows remote attackers to cause a denial of service via a crafted username, which triggers the firewall to blacklist the IP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/06/06/10", + "url": "http://www.openwall.com/lists/oss-security/2014/06/06/10" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/06/11/2", + "url": "http://www.openwall.com/lists/oss-security/2014/06/11/2" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/67948", + "url": "http://www.securityfocus.com/bid/67948" } ] } diff --git a/2014/7xxx/CVE-2014-7301.json b/2014/7xxx/CVE-2014-7301.json index dc43e8ad463..aebbf558548 100644 --- a/2014/7xxx/CVE-2014-7301.json +++ b/2014/7xxx/CVE-2014-7301.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7301", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/129466/SGI-Tempo-Database-Password-Disclosure.html", + "url": "https://packetstormsecurity.com/files/129466/SGI-Tempo-Database-Password-Disclosure.html" + }, + { + "refsource": "MISC", + "name": "https://labs.f-secure.com/advisories/sgi-tempo-system-database-password-exposure/", + "url": "https://labs.f-secure.com/advisories/sgi-tempo-system-database-password-exposure/" } ] } diff --git a/2014/7xxx/CVE-2014-7302.json b/2014/7xxx/CVE-2014-7302.json index ccdc631c46e..b2eb5e498eb 100644 --- a/2014/7xxx/CVE-2014-7302.json +++ b/2014/7xxx/CVE-2014-7302.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7302", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/129465/SGI-Tempo-vx-Setuid-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/129465/SGI-Tempo-vx-Setuid-Privilege-Escalation.html" + }, + { + "refsource": "MISC", + "name": "https://labs.mwrinfosecurity.com/advisories/2014/12/02/sgi-suid-root-privilege-escalation/", + "url": "https://labs.mwrinfosecurity.com/advisories/2014/12/02/sgi-suid-root-privilege-escalation/" } ] } diff --git a/2014/7xxx/CVE-2014-7303.json b/2014/7xxx/CVE-2014-7303.json index 052a7a25923..d874ed46154 100644 --- a/2014/7xxx/CVE-2014-7303.json +++ b/2014/7xxx/CVE-2014-7303.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7303", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/129467/SGI-Tempo-Database-Exposure.html", + "url": "https://packetstormsecurity.com/files/129467/SGI-Tempo-Database-Exposure.html" + }, + { + "refsource": "MISC", + "name": "https://labs.f-secure.com/advisories/sgi-tempo-system-database-exposure/", + "url": "https://labs.f-secure.com/advisories/sgi-tempo-system-database-exposure/" } ] } diff --git a/2014/8xxx/CVE-2014-8741.json b/2014/8xxx/CVE-2014-8741.json index da3adac0433..5f3d35c4d1c 100644 --- a/2014/8xxx/CVE-2014-8741.json +++ b/2014/8xxx/CVE-2014-8741.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8741", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://support.lexmark.com/index?page=content&id=TE666", + "url": "http://support.lexmark.com/index?page=content&id=TE666" + }, + { + "refsource": "MISC", + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-410/", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-410/" } ] } diff --git a/2014/8xxx/CVE-2014-8742.json b/2014/8xxx/CVE-2014-8742.json index 8247b57910e..77a08172cb7 100644 --- a/2014/8xxx/CVE-2014-8742.json +++ b/2014/8xxx/CVE-2014-8742.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8742", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-411/", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-411/" + }, + { + "refsource": "CONFIRM", + "name": "http://support.lexmark.com/index?page=content&id=TE666", + "url": "http://support.lexmark.com/index?page=content&id=TE666" } ] } diff --git a/2019/14xxx/CVE-2019-14902.json b/2019/14xxx/CVE-2019-14902.json index ccee8c0dadb..11f76d16c42 100644 --- a/2019/14xxx/CVE-2019-14902.json +++ b/2019/14xxx/CVE-2019-14902.json @@ -69,6 +69,11 @@ "refsource": "CONFIRM", "name": "https://www.synology.com/security/advisory/Synology_SA_20_01", "url": "https://www.synology.com/security/advisory/Synology_SA_20_01" + }, + { + "refsource": "UBUNTU", + "name": "USN-4244-1", + "url": "https://usn.ubuntu.com/4244-1/" } ] }, diff --git a/2019/14xxx/CVE-2019-14907.json b/2019/14xxx/CVE-2019-14907.json index dd8142f692a..702cad0865c 100644 --- a/2019/14xxx/CVE-2019-14907.json +++ b/2019/14xxx/CVE-2019-14907.json @@ -69,6 +69,11 @@ "refsource": "CONFIRM", "name": "https://www.synology.com/security/advisory/Synology_SA_20_01", "url": "https://www.synology.com/security/advisory/Synology_SA_20_01" + }, + { + "refsource": "UBUNTU", + "name": "USN-4244-1", + "url": "https://usn.ubuntu.com/4244-1/" } ] }, diff --git a/2019/17xxx/CVE-2019-17094.json b/2019/17xxx/CVE-2019-17094.json index 1f3d5c6cb84..f58b8ea83ca 100644 --- a/2019/17xxx/CVE-2019-17094.json +++ b/2019/17xxx/CVE-2019-17094.json @@ -10,6 +10,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "Belkin", "product": { "product_data": [ { @@ -17,15 +18,13 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_value": "2.00.11396" + "version_value": "2.00.11396 and prior" } ] } } ] - }, - "vendor_name": "Belkin" + } } ] } @@ -43,7 +42,7 @@ "description_data": [ { "lang": "eng", - "value": "A Stack-based Buffer Overflow vulnerability in libbelkin_api.so component of Belkin WeMo Insight Switch firmware allows a local attacker to obtain code execution on the device.\nThis issue affects:\nBelkin WeMo Insight Switch firmware\nversion 2.00.11396 and prior versions." + "value": "A Stack-based Buffer Overflow vulnerability in libbelkin_api.so component of Belkin WeMo Insight Switch firmware allows a local attacker to obtain code execution on the device. This issue affects: Belkin WeMo Insight Switch firmware version 2.00.11396 and prior versions." } ] }, @@ -82,6 +81,7 @@ "reference_data": [ { "refsource": "CONFIRM", + "name": "https://labs.bitdefender.com/2019/12/multiple-vulnerabilities-in-belkin-wemo-insight-switch/", "url": "https://labs.bitdefender.com/2019/12/multiple-vulnerabilities-in-belkin-wemo-insight-switch/" } ] diff --git a/2019/17xxx/CVE-2019-17095.json b/2019/17xxx/CVE-2019-17095.json index b6a47383311..a4bb4b58401 100644 --- a/2019/17xxx/CVE-2019-17095.json +++ b/2019/17xxx/CVE-2019-17095.json @@ -88,6 +88,7 @@ "reference_data": [ { "refsource": "CONFIRM", + "name": "https://www.bitdefender.com/support/security-advisories/command-injection-vulnerability-in-bitdefender-box-v2-va-5706", "url": "https://www.bitdefender.com/support/security-advisories/command-injection-vulnerability-in-bitdefender-box-v2-va-5706" } ] diff --git a/2019/17xxx/CVE-2019-17099.json b/2019/17xxx/CVE-2019-17099.json index 3f662c4666b..5a1edd4cf13 100644 --- a/2019/17xxx/CVE-2019-17099.json +++ b/2019/17xxx/CVE-2019-17099.json @@ -10,23 +10,21 @@ "vendor": { "vendor_data": [ { + "vendor_name": "Bitdefender", "product": { "product_data": [ { - "product_name": "EPSecurityService.exe ", + "product_name": "EPSecurityService.exe", "version": { "version_data": [ { - "version_affected": "<", - "version_name": "6.6.11.162", - "version_value": "6.6.11.162" + "version_value": "6.6.11.162 and prior" } ] } } ] - }, - "vendor_name": "Bitdefender" + } } ] } @@ -44,7 +42,7 @@ "description_data": [ { "lang": "eng", - "value": "An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path.\nThis issue affects:\nBitdefender EPSecurityService.exe versions prior to 6.6.11.163." + "value": "An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163." } ] }, @@ -83,6 +81,7 @@ "reference_data": [ { "refsource": "CONFIRM", + "name": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-epsecurityservice-exe-va-3500/", "url": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-epsecurityservice-exe-va-3500/" } ] diff --git a/2019/19xxx/CVE-2019-19344.json b/2019/19xxx/CVE-2019-19344.json index 10e6e3c854c..b3cc5d2aa21 100644 --- a/2019/19xxx/CVE-2019-19344.json +++ b/2019/19xxx/CVE-2019-19344.json @@ -69,6 +69,11 @@ "refsource": "CONFIRM", "name": "https://www.synology.com/security/advisory/Synology_SA_20_01", "url": "https://www.synology.com/security/advisory/Synology_SA_20_01" + }, + { + "refsource": "UBUNTU", + "name": "USN-4244-1", + "url": "https://usn.ubuntu.com/4244-1/" } ] }, diff --git a/2019/19xxx/CVE-2019-19822.json b/2019/19xxx/CVE-2019-19822.json index 5c459eadef2..fbc7bd81806 100644 --- a/2019/19xxx/CVE-2019-19822.json +++ b/2019/19xxx/CVE-2019-19822.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19822", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19822", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13", + "refsource": "MISC", + "name": "https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13" + }, + { + "url": "http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz", + "refsource": "MISC", + "name": "http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz" + }, + { + "url": "https://sploit.tech", + "refsource": "MISC", + "name": "https://sploit.tech" + }, + { + "refsource": "FULLDISC", + "name": "20200124 Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers", + "url": "http://seclists.org/fulldisclosure/2020/Jan/36" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html" } ] } diff --git a/2019/19xxx/CVE-2019-19823.json b/2019/19xxx/CVE-2019-19823.json index deafa97ad87..1442389daf4 100644 --- a/2019/19xxx/CVE-2019-19823.json +++ b/2019/19xxx/CVE-2019-19823.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19823", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19823", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13", + "refsource": "MISC", + "name": "https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13" + }, + { + "url": "http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz", + "refsource": "MISC", + "name": "http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz" + }, + { + "url": "https://sploit.tech", + "refsource": "MISC", + "name": "https://sploit.tech" + }, + { + "refsource": "FULLDISC", + "name": "20200124 Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers", + "url": "http://seclists.org/fulldisclosure/2020/Jan/36" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html" } ] } diff --git a/2019/19xxx/CVE-2019-19824.json b/2019/19xxx/CVE-2019-19824.json index 1597f287525..63c555179d0 100644 --- a/2019/19xxx/CVE-2019-19824.json +++ b/2019/19xxx/CVE-2019-19824.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19824", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19824", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sploit.tech", + "refsource": "MISC", + "name": "https://sploit.tech" + }, + { + "refsource": "FULLDISC", + "name": "20200124 Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers", + "url": "http://seclists.org/fulldisclosure/2020/Jan/36" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html" } ] } diff --git a/2020/5xxx/CVE-2020-5390.json b/2020/5xxx/CVE-2020-5390.json index 93f1fe49460..10bff612cba 100644 --- a/2020/5xxx/CVE-2020-5390.json +++ b/2020/5xxx/CVE-2020-5390.json @@ -76,6 +76,11 @@ "refsource": "MISC", "name": "https://pypi.org/project/pysaml2/5.0.0/", "url": "https://pypi.org/project/pysaml2/5.0.0/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4245-1", + "url": "https://usn.ubuntu.com/4245-1/" } ] } diff --git a/2020/8xxx/CVE-2020-8086.json b/2020/8xxx/CVE-2020-8086.json new file mode 100644 index 00000000000..7602771fe55 --- /dev/null +++ b/2020/8xxx/CVE-2020-8086.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8086", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From f618ec04685767d3eb4461c3250d006a741b2b67 Mon Sep 17 00:00:00 2001 From: Gary Liu Date: Mon, 27 Jan 2020 10:46:24 -0800 Subject: [PATCH 351/387] Add CVE-2019-11288 Signed-off-by: Steven Locke --- 2019/11xxx/CVE-2019-11288.json | 124 ++++++++++++++++++++++++++++++++- 1 file changed, 121 insertions(+), 3 deletions(-) diff --git a/2019/11xxx/CVE-2019-11288.json b/2019/11xxx/CVE-2019-11288.json index ed2dd3e965e..37d01b038cc 100644 --- a/2019/11xxx/CVE-2019-11288.json +++ b/2019/11xxx/CVE-2019-11288.json @@ -3,16 +3,134 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@pivotal.io", + "DATE_PUBLIC": "2020-01-15T00:00:00.000Z", "ID": "CVE-2019-11288", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "tcServer JMX Socket Listener Registry Rebinding Local Privilege Escalation" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pivotal tc Server 4.x", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "All", + "version_value": "4.0.10" + } + ] + } + }, + { + "product_name": "Pivotal tc Server 3.x", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "All", + "version_value": "3.2.19" + } + ] + } + }, + { + "product_name": "Pivotal tc Server 4.x Runtimes", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "7.x", + "version_value": "7.0.99.B" + }, + { + "affected": "<", + "version_name": "8.x", + "version_value": "8.5.47.A" + }, + { + "affected": "<", + "version_name": "9.x", + "version_value": "9.0.27.A" + } + ] + } + }, + { + "product_name": "Pivotal tc Server 3.x Runtimes", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "7.x", + "version_value": "7.0.99.B" + }, + { + "affected": "<", + "version_name": "8.x", + "version_value": "8.5.47.A" + } + ] + } + } + ] + }, + "vendor_name": "Pivotal" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions prior to 4.0.10, and Pivotal tc Runtimes, 7.x versions prior to 7.0.99.B, 8.x versions prior to 8.5.47.A, and 9.x versions prior to 9.0.27.A, when a tc Runtime instance is configured with the JMX Socket Listener, a local attacker without access to the tc Runtime process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the tc Runtime instance." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2019-11288", + "name": "https://pivotal.io/security/cve-2019-11288" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } } \ No newline at end of file From 9b08ec655f05cb717daf6607353ca74bf930288e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 19:01:19 +0000 Subject: [PATCH 352/387] "-Synchronized-Data." --- 2014/5xxx/CVE-2014-5500.json | 48 ++++++++++++++++++++++- 2014/8xxx/CVE-2014-8563.json | 53 ++++++++++++++++++++++++- 2015/2xxx/CVE-2015-2249.json | 48 ++++++++++++++++++++++- 2018/19xxx/CVE-2018-19441.json | 53 ++++++++++++++++++++++++- 2019/11xxx/CVE-2019-11318.json | 71 +++++++++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12427.json | 66 ++++++++++++++++++++++++++++--- 2019/15xxx/CVE-2019-15313.json | 67 ++++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19143.json | 56 ++++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19539.json | 56 ++++++++++++++++++++++++--- 2019/8xxx/CVE-2019-8945.json | 63 +++++++++++++++++++++++++++++- 2019/8xxx/CVE-2019-8946.json | 63 +++++++++++++++++++++++++++++- 2019/8xxx/CVE-2019-8947.json | 63 +++++++++++++++++++++++++++++- 12 files changed, 669 insertions(+), 38 deletions(-) create mode 100644 2019/15xxx/CVE-2019-15313.json diff --git a/2014/5xxx/CVE-2014-5500.json b/2014/5xxx/CVE-2014-5500.json index 28077c1a330..68ce2584180 100644 --- a/2014/5xxx/CVE-2014-5500.json +++ b/2014/5xxx/CVE-2014-5500.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5500", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Synacor Zimbra Collaboration before 8.0.8 has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" } ] } diff --git a/2014/8xxx/CVE-2014-8563.json b/2014/8xxx/CVE-2014-8563.json index 6d155e7afe1..d94a9940d57 100644 --- a/2014/8xxx/CVE-2014-8563.json +++ b/2014/8xxx/CVE-2014-8563.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8563", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=96105", + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=96105" } ] } diff --git a/2015/2xxx/CVE-2015-2249.json b/2015/2xxx/CVE-2015-2249.json index b56c2845839..5c3f75ef5d3 100644 --- a/2015/2xxx/CVE-2015-2249.json +++ b/2015/2xxx/CVE-2015-2249.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2249", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zimbra Collaboration before 8.6.0 patch5 has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" } ] } diff --git a/2018/19xxx/CVE-2018-19441.json b/2018/19xxx/CVE-2018-19441.json index c7e06b07f99..dc7f2788f2d 100644 --- a/2018/19xxx/CVE-2018-19441.json +++ b/2018/19xxx/CVE-2018-19441.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19441", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secret_key values used for local and cloud authentication/authorization. If an attacker knows the serial number and is able to estimate the time of first provisioning of a robot, he is able to brute force the generated secret_key of the robot. This is because the entropy of the secret_key exclusively relies on these two values, due to not seeding the random generator and using several constant inputs for secret_key computation. Serial numbers are printed on the packaging and equal the MAC address of the robot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=k5nj7Jhwn9c", + "url": "https://www.youtube.com/watch?v=k5nj7Jhwn9c" + }, + { + "refsource": "MISC", + "name": "https://www.usenix.org/system/files/woot19-paper_ullrich.pdf", + "url": "https://www.usenix.org/system/files/woot19-paper_ullrich.pdf" } ] } diff --git a/2019/11xxx/CVE-2019-11318.json b/2019/11xxx/CVE-2019-11318.json index 20caafb568e..4220158c9d3 100644 --- a/2019/11xxx/CVE-2019-11318.json +++ b/2019/11xxx/CVE-2019-11318.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11318", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11318", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "url": "https://wiki.zimbra.com/wiki/Security_Center", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Security_Center" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109117", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109117" + }, + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.12/P1", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.12/P1" } ] } diff --git a/2019/12xxx/CVE-2019-12427.json b/2019/12xxx/CVE-2019-12427.json index ae0e856a559..c897c227e73 100644 --- a/2019/12xxx/CVE-2019-12427.json +++ b/2019/12xxx/CVE-2019-12427.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12427", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12427", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "url": "https://wiki.zimbra.com/wiki/Security_Center", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Security_Center" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109174", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109174" } ] } diff --git a/2019/15xxx/CVE-2019-15313.json b/2019/15xxx/CVE-2019-15313.json new file mode 100644 index 00000000000..c0a8fce8347 --- /dev/null +++ b/2019/15xxx/CVE-2019-15313.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109141", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109141" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19143.json b/2019/19xxx/CVE-2019-19143.json index 94231f70f31..6ae640a2bbe 100644 --- a/2019/19xxx/CVE-2019-19143.json +++ b/2019/19xxx/CVE-2019-19143.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19143", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19143", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fireshellsecurity.team/hack-n-routers/", + "refsource": "MISC", + "name": "https://fireshellsecurity.team/hack-n-routers/" } ] } diff --git a/2019/19xxx/CVE-2019-19539.json b/2019/19xxx/CVE-2019-19539.json index de3961b94f9..f88ae886677 100644 --- a/2019/19xxx/CVE-2019-19539.json +++ b/2019/19xxx/CVE-2019-19539.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19539", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19539", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03981en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03981en_us" } ] } diff --git a/2019/8xxx/CVE-2019-8945.json b/2019/8xxx/CVE-2019-8945.json index 65f85259783..8b1cdb064f4 100644 --- a/2019/8xxx/CVE-2019-8945.json +++ b/2019/8xxx/CVE-2019-8945.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-8945", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109122", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109122" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109123", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109123" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109124", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109124" } ] } diff --git a/2019/8xxx/CVE-2019-8946.json b/2019/8xxx/CVE-2019-8946.json index d12a3131725..e4f1eca34a6 100644 --- a/2019/8xxx/CVE-2019-8946.json +++ b/2019/8xxx/CVE-2019-8946.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-8946", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109122", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109122" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109123", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109123" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109124", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109124" } ] } diff --git a/2019/8xxx/CVE-2019-8947.json b/2019/8xxx/CVE-2019-8947.json index d0ab96c0c74..f7e69a7dfb9 100644 --- a/2019/8xxx/CVE-2019-8947.json +++ b/2019/8xxx/CVE-2019-8947.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-8947", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109122", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109122" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109123", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109123" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109124", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109124" } ] } From d2e3b3cd8956da78c51741faf1309d666a38c201 Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Mon, 27 Jan 2020 20:23:21 +0100 Subject: [PATCH 353/387] updating affected version --- 2020/3xxx/CVE-2020-3134.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2020/3xxx/CVE-2020-3134.json b/2020/3xxx/CVE-2020-3134.json index 3fb1504b5ca..6e6543ac9c0 100644 --- a/2020/3xxx/CVE-2020-3134.json +++ b/2020/3xxx/CVE-2020-3134.json @@ -18,7 +18,7 @@ "version_data": [ { "affected": "<", - "version_value": "n/a" + "version_value": "13.0" } ] } @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition." + "value": "A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition. This vulnerability affects Cisco AsyncOS Software for Cisco ESA releases earlier than 13.0." } ] }, From 44a3d318a2337cebd21ce4ab6487f340b8a1fcd0 Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Mon, 27 Jan 2020 20:24:51 +0100 Subject: [PATCH 354/387] Update CVE-2020-3136.json --- 2020/3xxx/CVE-2020-3136.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2020/3xxx/CVE-2020-3136.json b/2020/3xxx/CVE-2020-3136.json index 5b0ca7cce5c..c2fd50b2083 100644 --- a/2020/3xxx/CVE-2020-3136.json +++ b/2020/3xxx/CVE-2020-3136.json @@ -18,7 +18,7 @@ "version_data": [ { "affected": "<", - "version_value": "n/a" + "version_value": "11.1(3)" } ] } @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information." + "value": "A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. This vulnerability affects Cisco Jabber Guest releases 11.1(2) and earlier." } ] }, From ab48c8e68c6cf8730c49708e03172b1429a806b0 Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Mon, 27 Jan 2020 12:26:14 -0700 Subject: [PATCH 355/387] add CVE-2020-5207 for GHSA-xrr9-rh8p-433v --- 2020/5xxx/CVE-2020-5207.json | 84 +++++++++++++++++++++++++++++++++--- 1 file changed, 77 insertions(+), 7 deletions(-) diff --git a/2020/5xxx/CVE-2020-5207.json b/2020/5xxx/CVE-2020-5207.json index 5ed93bb32ef..c31b68db0d2 100644 --- a/2020/5xxx/CVE-2020-5207.json +++ b/2020/5xxx/CVE-2020-5207.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5207", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Request smuggling is possible in Ktor when both chunked TE and content length specified" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Ktor", + "version": { + "version_data": [ + { + "version_value": "< 1.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Ktor.io" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \\n as a headers separator." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ktorio/ktor/security/advisories/GHSA-xrr9-rh8p-433v", + "refsource": "CONFIRM", + "url": "https://github.com/ktorio/ktor/security/advisories/GHSA-xrr9-rh8p-433v" + }, + { + "name": "https://github.com/ktorio/ktor/pull/1547", + "refsource": "MISC", + "url": "https://github.com/ktorio/ktor/pull/1547" + } + ] + }, + "source": { + "advisory": "GHSA-xrr9-rh8p-433v", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} From ffba25c2d3010f0ccf107670f8aabc809d235e80 Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Mon, 27 Jan 2020 20:27:56 +0100 Subject: [PATCH 356/387] Update CVE-2020-3131.json --- 2020/3xxx/CVE-2020-3131.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/2020/3xxx/CVE-2020-3131.json b/2020/3xxx/CVE-2020-3131.json index a247803f71b..1aae17168f2 100644 --- a/2020/3xxx/CVE-2020-3131.json +++ b/2020/3xxx/CVE-2020-3131.json @@ -17,8 +17,8 @@ "version": { "version_data": [ { - "affected": "<", - "version_value": "n/a" + "affected": "=", + "version_value": "3.0.13131" } ] } @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user's client to crash continuously." + "value": "A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user's client to crash continuously. This vulnerability was introduced in Cisco Webex Teams client for Windows Release 3.0.13131." } ] }, From f71470f88f86b57336f4206c8aeafede2cefed76 Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Mon, 27 Jan 2020 20:31:35 +0100 Subject: [PATCH 357/387] Update CVE-2020-3136.json --- 2020/3xxx/CVE-2020-3136.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2020/3xxx/CVE-2020-3136.json b/2020/3xxx/CVE-2020-3136.json index 5b0ca7cce5c..967e655d663 100644 --- a/2020/3xxx/CVE-2020-3136.json +++ b/2020/3xxx/CVE-2020-3136.json @@ -18,7 +18,7 @@ "version_data": [ { "affected": "<", - "version_value": "n/a" + "version_value": "11.1(3)" } ] } @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information." + "value": "A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. This vulnerability affected Cisco Jabber Guest releases 11.1(2) and earlier." } ] }, From 786085e4bcb56e71a6c605fe5ef1b97e757793a2 Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Mon, 27 Jan 2020 20:33:53 +0100 Subject: [PATCH 358/387] Update CVE-2020-3136.json --- 2020/3xxx/CVE-2020-3136.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2020/3xxx/CVE-2020-3136.json b/2020/3xxx/CVE-2020-3136.json index 5b0ca7cce5c..967e655d663 100644 --- a/2020/3xxx/CVE-2020-3136.json +++ b/2020/3xxx/CVE-2020-3136.json @@ -18,7 +18,7 @@ "version_data": [ { "affected": "<", - "version_value": "n/a" + "version_value": "11.1(3)" } ] } @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information." + "value": "A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. This vulnerability affected Cisco Jabber Guest releases 11.1(2) and earlier." } ] }, From 3e0fe4f0c1749571ae488a0927727c62a1cfca5e Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Mon, 27 Jan 2020 20:35:12 +0100 Subject: [PATCH 359/387] Update CVE-2020-3139.json --- 2020/3xxx/CVE-2020-3139.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2020/3xxx/CVE-2020-3139.json b/2020/3xxx/CVE-2020-3139.json index ae164a5d0d1..4182425a6c5 100644 --- a/2020/3xxx/CVE-2020-3139.json +++ b/2020/3xxx/CVE-2020-3139.json @@ -18,7 +18,7 @@ "version_data": [ { "affected": "<", - "version_value": "n/a" + "version_value": "4.2(3j)" } ] } @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB management interface when, in fact, the packets should be dropped. The vulnerability is due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. An attacker could exploit this vulnerability by sending traffic to the OOB management interface on the targeted device. A successful exploit could allow the attacker to bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself." + "value": "A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB management interface when, in fact, the packets should be dropped. The vulnerability is due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. An attacker could exploit this vulnerability by sending traffic to the OOB management interface on the targeted device. A successful exploit could allow the attacker to bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself. This vulnerability affects Cisco APIC releases prior to the first fixed software Release 4.2(3j)." } ] }, From 860207be09ad0cab6de40395e22889659d8819bd Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Mon, 27 Jan 2020 20:35:59 +0100 Subject: [PATCH 360/387] Update CVE-2020-3136.json --- 2020/3xxx/CVE-2020-3136.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2020/3xxx/CVE-2020-3136.json b/2020/3xxx/CVE-2020-3136.json index 5b0ca7cce5c..967e655d663 100644 --- a/2020/3xxx/CVE-2020-3136.json +++ b/2020/3xxx/CVE-2020-3136.json @@ -18,7 +18,7 @@ "version_data": [ { "affected": "<", - "version_value": "n/a" + "version_value": "11.1(3)" } ] } @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information." + "value": "A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. This vulnerability affected Cisco Jabber Guest releases 11.1(2) and earlier." } ] }, From f32c137d3a105b26f8a2a216c9c90dcbdd6a05e4 Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Mon, 27 Jan 2020 20:37:44 +0100 Subject: [PATCH 361/387] Update CVE-2020-3142.json --- 2020/3xxx/CVE-2020-3142.json | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/2020/3xxx/CVE-2020-3142.json b/2020/3xxx/CVE-2020-3142.json index 7bb4f641df0..97a9939d452 100644 --- a/2020/3xxx/CVE-2020-3142.json +++ b/2020/3xxx/CVE-2020-3142.json @@ -18,7 +18,11 @@ "version_data": [ { "affected": "<", - "version_value": "n/a" + "version_value": "39.11.5" + }, + { + "affected": "<", + "version_value": "40.1.3" } ] } @@ -37,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device’s web browser. The browser will then request to launch the device’s Webex mobile application. A successful exploit could allow the unauthorized attendee to join the password-protected meeting. The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee. Cisco has applied updates that address this vulnerability and no user action is required." + "value": "A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device’s web browser. The browser will then request to launch the device’s Webex mobile application. A successful exploit could allow the unauthorized attendee to join the password-protected meeting. The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee. Cisco has applied updates that address this vulnerability and no user action is required. This vulnerability affects Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites releases earlier than 39.11.5 and 40.1.3." } ] }, From d401aca8f875883720958a4858949ba89874ddee Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 20:01:15 +0000 Subject: [PATCH 362/387] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12399.json | 10 ++++++ 2020/8xxx/CVE-2020-8087.json | 62 ++++++++++++++++++++++++++++++++++ 2020/8xxx/CVE-2020-8088.json | 62 ++++++++++++++++++++++++++++++++++ 3 files changed, 134 insertions(+) create mode 100644 2020/8xxx/CVE-2020-8087.json create mode 100644 2020/8xxx/CVE-2020-8088.json diff --git a/2019/12xxx/CVE-2019-12399.json b/2019/12xxx/CVE-2019-12399.json index 5698252873b..bcc0043c848 100644 --- a/2019/12xxx/CVE-2019-12399.json +++ b/2019/12xxx/CVE-2019-12399.json @@ -136,6 +136,16 @@ "refsource": "MLIST", "name": "[druid-commits] 20200127 [GitHub] [druid] clintropolis commented on a change in pull request #9261: Address CVE-2019-12399", "url": "https://lists.apache.org/thread.html/r0e3a613705d70950aca2bfe9a6265c87503921852d9a3dbce512ca9f@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200127 [GitHub] [druid] ccaominh closed pull request #9261: Address CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/r9871a4215b621c1d09deee5eba97f0f44fde01b4363deb1bed0dd160@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200127 [GitHub] [druid] ccaominh commented on issue #9261: Address CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/r47c225db363d1ee2c18c4b3b2f51b63a9789f78c7fa602e5976ecd05@%3Ccommits.druid.apache.org%3E" } ] }, diff --git a/2020/8xxx/CVE-2020-8087.json b/2020/8xxx/CVE-2020-8087.json new file mode 100644 index 00000000000..345db46c596 --- /dev/null +++ b/2020/8xxx/CVE-2020-8087.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote command execution by leveraging access to the Network Diagnostic Tools screen, as demonstrated by an admin login. The attacker must use a Parameter Pollution approach against goform/formSetDiagnosticToolsFmPing by providing the vlu_diagnostic_tools__ping_address parameter twice: once with a shell metacharacter and a command name, and once with a command argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/smc-networks-remote-code-execution.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/smc-networks-remote-code-execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8088.json b/2020/8xxx/CVE-2020-8088.json new file mode 100644 index 00000000000..ace442c0f6c --- /dev/null +++ b/2020/8xxx/CVE-2020-8088.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://xavibel.com/2020/01/22/usebb-forum-php-type-juggling-vulnerability/", + "refsource": "MISC", + "name": "https://xavibel.com/2020/01/22/usebb-forum-php-type-juggling-vulnerability/" + } + ] + } +} \ No newline at end of file From fd25086e9782c50d7aac9d73159f4be9165444dc Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Mon, 27 Jan 2020 13:11:02 -0700 Subject: [PATCH 363/387] add CVE-2020-5220 for GHSA-8vp7-j5cj-vvm2 --- 2020/5xxx/CVE-2020-5220.json | 93 +++++++++++++++++++++++++++++++++--- 1 file changed, 86 insertions(+), 7 deletions(-) diff --git a/2020/5xxx/CVE-2020-5220.json b/2020/5xxx/CVE-2020-5220.json index ce8ac3cb0c8..13e91d21118 100644 --- a/2020/5xxx/CVE-2020-5220.json +++ b/2020/5xxx/CVE-2020-5220.json @@ -1,18 +1,97 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5220", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Ability to expose data in Sylius by using an unintended serialisation group" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SyliusResourceBundle", + "version": { + "version_data": [ + { + "version_value": "< 1.3.13" + }, + { + "version_value": ">= 1.4.0, < 1.4.6" + }, + { + "version_value": ">= 1.5.0, < 1.5.1" + }, + { + "version_value": ">= 1.6.0, < 1.6.3" + } + ] + } + } + ] + }, + "vendor_name": "Sylius" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API.\n\nAnyone exposing an API with ResourceBundle's controller is affected. The vulnerable versions are: <1.3 || >=1.3.0 <=1.3.12 || >=1.4.0 <=1.4.5 || >=1.5.0 <=1.5.0 || >=1.6.0 <=1.6.2.\n\nThe patch is provided for Sylius ResourceBundle 1.3.13, 1.4.6, 1.5.1 and 1.6.3, but not for any versions below 1.3." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-8vp7-j5cj-vvm2", + "refsource": "CONFIRM", + "url": "https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-8vp7-j5cj-vvm2" + }, + { + "name": "https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-5220.yaml", + "refsource": "MISC", + "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-5220.yaml" + } + ] + }, + "source": { + "advisory": "GHSA-8vp7-j5cj-vvm2", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} From 5dd27112bfc7258343ef9f72b7ace52ed6d2b4a5 Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Mon, 27 Jan 2020 13:20:21 -0700 Subject: [PATCH 364/387] add CVE-2020-5218 for GHSA-prg5-hg25-8grq --- 2020/5xxx/CVE-2020-5218.json | 93 +++++++++++++++++++++++++++++++++--- 1 file changed, 86 insertions(+), 7 deletions(-) diff --git a/2020/5xxx/CVE-2020-5218.json b/2020/5xxx/CVE-2020-5218.json index d64dc2a2ace..079f394776d 100644 --- a/2020/5xxx/CVE-2020-5218.json +++ b/2020/5xxx/CVE-2020-5218.json @@ -1,18 +1,97 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5218", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Ability in Sylius to switch channels via GET parameter enabled in production environments" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sylius", + "version": { + "version_data": [ + { + "version_value": "< 1.3.13" + }, + { + "version_value": ">= 1.4.0, < 1.4.6" + }, + { + "version_value": ">= 1.5.0, < 1.5.1" + }, + { + "version_value": ">= 1.6.0, < 1.6.3" + } + ] + } + } + ] + }, + "vendor_name": "Sylius" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production environments. This was meant to be enabled only when kernel.debug is set to true.\n\nHowever, if no sylius_channel.debug is set explicitly in the configuration, the default value which is kernel.debug will be not resolved and cast to boolean, enabling this debug feature even if that parameter is set to false.\n\nPatch has been provided for Sylius 1.3.x and newer - 1.3.16, 1.4.12, 1.5.9, 1.6.5. Versions older than 1.3 are not covered by our security support anymore." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-8vp7-j5cj-vvm2", + "refsource": "CONFIRM", + "url": "https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-8vp7-j5cj-vvm2" + }, + { + "name": "https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-5220.yaml", + "refsource": "MISC", + "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-5220.yaml" + } + ] + }, + "source": { + "advisory": "GHSA-prg5-hg25-8grq", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} From a111fa39b155739704beb2e2f613dca1b355d524 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 21:01:14 +0000 Subject: [PATCH 365/387] "-Synchronized-Data." --- 2017/16xxx/CVE-2017-16545.json | 5 +++++ 2017/16xxx/CVE-2017-16547.json | 5 +++++ 2017/16xxx/CVE-2017-16669.json | 5 +++++ 2017/17xxx/CVE-2017-17498.json | 5 +++++ 2017/17xxx/CVE-2017-17500.json | 5 +++++ 2017/17xxx/CVE-2017-17501.json | 5 +++++ 2017/17xxx/CVE-2017-17502.json | 5 +++++ 2017/17xxx/CVE-2017-17503.json | 5 +++++ 2017/17xxx/CVE-2017-17782.json | 5 +++++ 2017/17xxx/CVE-2017-17783.json | 5 +++++ 2019/12xxx/CVE-2019-12399.json | 5 +++++ 2020/5xxx/CVE-2020-5218.json | 4 ++-- 2020/5xxx/CVE-2020-5220.json | 4 ++-- 2020/8xxx/CVE-2020-8089.json | 18 ++++++++++++++++++ 14 files changed, 77 insertions(+), 4 deletions(-) create mode 100644 2020/8xxx/CVE-2020-8089.json diff --git a/2017/16xxx/CVE-2017-16545.json b/2017/16xxx/CVE-2017-16545.json index cfee5dc0476..e863dca8228 100644 --- a/2017/16xxx/CVE-2017-16545.json +++ b/2017/16xxx/CVE-2017-16545.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-425a1aa7c9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4248-1", + "url": "https://usn.ubuntu.com/4248-1/" } ] } diff --git a/2017/16xxx/CVE-2017-16547.json b/2017/16xxx/CVE-2017-16547.json index 78c11b6cabf..ee741408929 100644 --- a/2017/16xxx/CVE-2017-16547.json +++ b/2017/16xxx/CVE-2017-16547.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-425a1aa7c9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4248-1", + "url": "https://usn.ubuntu.com/4248-1/" } ] } diff --git a/2017/16xxx/CVE-2017-16669.json b/2017/16xxx/CVE-2017-16669.json index 125b5d407a3..c859ca14b46 100644 --- a/2017/16xxx/CVE-2017-16669.json +++ b/2017/16xxx/CVE-2017-16669.json @@ -116,6 +116,11 @@ "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0", "refsource": "MISC", "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0" + }, + { + "refsource": "UBUNTU", + "name": "USN-4248-1", + "url": "https://usn.ubuntu.com/4248-1/" } ] } diff --git a/2017/17xxx/CVE-2017-17498.json b/2017/17xxx/CVE-2017-17498.json index 01c3fd8d5c6..6f2490f8d18 100644 --- a/2017/17xxx/CVE-2017-17498.json +++ b/2017/17xxx/CVE-2017-17498.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-425a1aa7c9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4248-1", + "url": "https://usn.ubuntu.com/4248-1/" } ] } diff --git a/2017/17xxx/CVE-2017-17500.json b/2017/17xxx/CVE-2017-17500.json index 83cfbbd5626..c2b4e57e846 100644 --- a/2017/17xxx/CVE-2017-17500.json +++ b/2017/17xxx/CVE-2017-17500.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-425a1aa7c9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4248-1", + "url": "https://usn.ubuntu.com/4248-1/" } ] } diff --git a/2017/17xxx/CVE-2017-17501.json b/2017/17xxx/CVE-2017-17501.json index 272c7bfb2ac..c1329871d2d 100644 --- a/2017/17xxx/CVE-2017-17501.json +++ b/2017/17xxx/CVE-2017-17501.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-425a1aa7c9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4248-1", + "url": "https://usn.ubuntu.com/4248-1/" } ] } diff --git a/2017/17xxx/CVE-2017-17502.json b/2017/17xxx/CVE-2017-17502.json index 2679ecb8b7c..37c77276321 100644 --- a/2017/17xxx/CVE-2017-17502.json +++ b/2017/17xxx/CVE-2017-17502.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-425a1aa7c9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4248-1", + "url": "https://usn.ubuntu.com/4248-1/" } ] } diff --git a/2017/17xxx/CVE-2017-17503.json b/2017/17xxx/CVE-2017-17503.json index 594081a1c84..8fb08cbf3c6 100644 --- a/2017/17xxx/CVE-2017-17503.json +++ b/2017/17xxx/CVE-2017-17503.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-425a1aa7c9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4248-1", + "url": "https://usn.ubuntu.com/4248-1/" } ] } diff --git a/2017/17xxx/CVE-2017-17782.json b/2017/17xxx/CVE-2017-17782.json index 586f04c0e6a..7dea77c0b5a 100644 --- a/2017/17xxx/CVE-2017-17782.json +++ b/2017/17xxx/CVE-2017-17782.json @@ -76,6 +76,11 @@ "name": "https://sourceforge.net/p/graphicsmagick/bugs/530/", "refsource": "CONFIRM", "url": "https://sourceforge.net/p/graphicsmagick/bugs/530/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4248-1", + "url": "https://usn.ubuntu.com/4248-1/" } ] } diff --git a/2017/17xxx/CVE-2017-17783.json b/2017/17xxx/CVE-2017-17783.json index 4a9110cc4b0..8182726c991 100644 --- a/2017/17xxx/CVE-2017-17783.json +++ b/2017/17xxx/CVE-2017-17783.json @@ -66,6 +66,11 @@ "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=60932931559a", "refsource": "CONFIRM", "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=60932931559a" + }, + { + "refsource": "UBUNTU", + "name": "USN-4248-1", + "url": "https://usn.ubuntu.com/4248-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12399.json b/2019/12xxx/CVE-2019-12399.json index bcc0043c848..bcfe5e5c9c0 100644 --- a/2019/12xxx/CVE-2019-12399.json +++ b/2019/12xxx/CVE-2019-12399.json @@ -146,6 +146,11 @@ "refsource": "MLIST", "name": "[druid-commits] 20200127 [GitHub] [druid] ccaominh commented on issue #9261: Address CVE-2019-12399", "url": "https://lists.apache.org/thread.html/r47c225db363d1ee2c18c4b3b2f51b63a9789f78c7fa602e5976ecd05@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200127 [GitHub] [druid] jihoonson merged pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/r2d390dec5f360ec8aa294bef18e1a4385e2a3698d747209216f5a48b@%3Ccommits.druid.apache.org%3E" } ] }, diff --git a/2020/5xxx/CVE-2020-5218.json b/2020/5xxx/CVE-2020-5218.json index 079f394776d..0767b880cc5 100644 --- a/2020/5xxx/CVE-2020-5218.json +++ b/2020/5xxx/CVE-2020-5218.json @@ -44,7 +44,7 @@ "description_data": [ { "lang": "eng", - "value": "Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production environments. This was meant to be enabled only when kernel.debug is set to true.\n\nHowever, if no sylius_channel.debug is set explicitly in the configuration, the default value which is kernel.debug will be not resolved and cast to boolean, enabling this debug feature even if that parameter is set to false.\n\nPatch has been provided for Sylius 1.3.x and newer - 1.3.16, 1.4.12, 1.5.9, 1.6.5. Versions older than 1.3 are not covered by our security support anymore." + "value": "Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production environments. This was meant to be enabled only when kernel.debug is set to true. However, if no sylius_channel.debug is set explicitly in the configuration, the default value which is kernel.debug will be not resolved and cast to boolean, enabling this debug feature even if that parameter is set to false. Patch has been provided for Sylius 1.3.x and newer - 1.3.16, 1.4.12, 1.5.9, 1.6.5. Versions older than 1.3 are not covered by our security support anymore." } ] }, @@ -94,4 +94,4 @@ "advisory": "GHSA-prg5-hg25-8grq", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5220.json b/2020/5xxx/CVE-2020-5220.json index 13e91d21118..ad7060015dd 100644 --- a/2020/5xxx/CVE-2020-5220.json +++ b/2020/5xxx/CVE-2020-5220.json @@ -44,7 +44,7 @@ "description_data": [ { "lang": "eng", - "value": "Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API.\n\nAnyone exposing an API with ResourceBundle's controller is affected. The vulnerable versions are: <1.3 || >=1.3.0 <=1.3.12 || >=1.4.0 <=1.4.5 || >=1.5.0 <=1.5.0 || >=1.6.0 <=1.6.2.\n\nThe patch is provided for Sylius ResourceBundle 1.3.13, 1.4.6, 1.5.1 and 1.6.3, but not for any versions below 1.3." + "value": "Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's controller is affected. The vulnerable versions are: <1.3 || >=1.3.0 <=1.3.12 || >=1.4.0 <=1.4.5 || >=1.5.0 <=1.5.0 || >=1.6.0 <=1.6.2. The patch is provided for Sylius ResourceBundle 1.3.13, 1.4.6, 1.5.1 and 1.6.3, but not for any versions below 1.3." } ] }, @@ -94,4 +94,4 @@ "advisory": "GHSA-8vp7-j5cj-vvm2", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8089.json b/2020/8xxx/CVE-2020-8089.json new file mode 100644 index 00000000000..5c61d0bad93 --- /dev/null +++ b/2020/8xxx/CVE-2020-8089.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8089", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 73850026bc67bf98ed891d0867c4e7eeb34a9c2d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 22:01:13 +0000 Subject: [PATCH 366/387] "-Synchronized-Data." --- 2012/6xxx/CVE-2012-6448.json | 48 ++++++++++++++++++++++- 2013/2xxx/CVE-2013-2267.json | 53 ++++++++++++++++++++++++- 2013/2xxx/CVE-2013-2474.json | 58 ++++++++++++++++++++++++++- 2013/2xxx/CVE-2013-2499.json | 58 ++++++++++++++++++++++++++- 2020/8xxx/CVE-2020-8090.json | 62 +++++++++++++++++++++++++++++ 2020/8xxx/CVE-2020-8091.json | 76 ++++++++++++++++++++++++++++++++++++ 6 files changed, 347 insertions(+), 8 deletions(-) create mode 100644 2020/8xxx/CVE-2020-8090.json create mode 100644 2020/8xxx/CVE-2020-8091.json diff --git a/2012/6xxx/CVE-2012-6448.json b/2012/6xxx/CVE-2012-6448.json index d2685faea3c..33521a11cec 100644 --- a/2012/6xxx/CVE-2012-6448.json +++ b/2012/6xxx/CVE-2012-6448.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6448", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "EXPLOIT-DB", + "name": "38153", + "url": "https://www.exploit-db.com/exploits/38153" } ] } diff --git a/2013/2xxx/CVE-2013-2267.json b/2013/2xxx/CVE-2013-2267.json index 608e965e5c8..7cc4cec93d1 100644 --- a/2013/2xxx/CVE-2013-2267.json +++ b/2013/2xxx/CVE-2013-2267.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2267", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "58845", + "url": "http://www.securityfocus.com/bid/58845" + }, + { + "refsource": "XF", + "name": "83229", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83229" } ] } diff --git a/2013/2xxx/CVE-2013-2474.json b/2013/2xxx/CVE-2013-2474.json index eee36942b78..94d014a1114 100644 --- a/2013/2xxx/CVE-2013-2474.json +++ b/2013/2xxx/CVE-2013-2474.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2474", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in AWS XMS 2.5 allows remote attackers to view arbitrary files via the 'what' parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "58753", + "url": "http://www.securityfocus.com/bid/58753" + }, + { + "refsource": "EXPLOIT-DB", + "name": "24906", + "url": "http://www.exploit-db.com/exploits/24906" + }, + { + "refsource": "XF", + "name": "83062", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83062" } ] } diff --git a/2013/2xxx/CVE-2013-2499.json b/2013/2xxx/CVE-2013-2499.json index 3b6af3dda15..961e430ff82 100644 --- a/2013/2xxx/CVE-2013-2499.json +++ b/2013/2xxx/CVE-2013-2499.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2499", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SimpleHRM 2.3 and earlier could allow remote attackers to bypass the authentication process in 'user_manager.php' via spoofing a cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "59255", + "url": "http://www.securityfocus.com/bid/59255" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/04/17/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/17/1" + }, + { + "refsource": "XF", + "name": "83629", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83629" } ] } diff --git a/2020/8xxx/CVE-2020-8090.json b/2020/8xxx/CVE-2020-8090.json new file mode 100644 index 00000000000..ab2b9d07d2d --- /dev/null +++ b/2020/8xxx/CVE-2020-8090.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Username field in the Storage Service settings of A1 WLAN Box ADB VV2220v2 devices allows stored XSS (after a successful Administrator login)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/a1-modem-wlan-box-adb-vv2220.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/a1-modem-wlan-box-adb-vv2220.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8091.json b/2020/8xxx/CVE-2020-8091.json new file mode 100644 index 00000000000..131b3dc0c9f --- /dev/null +++ b/2020/8xxx/CVE-2020-8091.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://typo3.org/security/advisory/typo3-psa-2019-003/", + "refsource": "MISC", + "name": "https://typo3.org/security/advisory/typo3-psa-2019-003/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:H/AV:N/A:N/C:L/I:L/PR:N/S:U/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file From f7d4a6159db2dbb3047cf2a3d2fbba2ff4679e7f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 22:01:36 +0000 Subject: [PATCH 367/387] "-Synchronized-Data." --- 2013/2xxx/CVE-2013-2612.json | 53 ++++++++++++++++++++++++++++++++++-- 1 file changed, 51 insertions(+), 2 deletions(-) diff --git a/2013/2xxx/CVE-2013-2612.json b/2013/2xxx/CVE-2013-2612.json index 71c17348a76..696d6768a9d 100644 --- a/2013/2xxx/CVE-2013-2612.json +++ b/2013/2xxx/CVE-2013-2612.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2612", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "XF", + "name": "85782", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85782" + }, + { + "refsource": "BID", + "name": "61167", + "url": "https://www.securityfocus.com/bid/61167/info" } ] } From 5b4e08c4d2f6edcdb7ce64053a49663b84c6a864 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 23:01:28 +0000 Subject: [PATCH 368/387] "-Synchronized-Data." --- 2019/13xxx/CVE-2019-13519.json | 67 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13521.json | 67 ++++++++++++++++++++++++++++++++++ 2020/3xxx/CVE-2020-3134.json | 11 +++--- 2020/3xxx/CVE-2020-3136.json | 11 +++--- 2020/3xxx/CVE-2020-3139.json | 11 +++--- 2020/3xxx/CVE-2020-3142.json | 16 ++++---- 6 files changed, 156 insertions(+), 27 deletions(-) create mode 100644 2019/13xxx/CVE-2019-13519.json create mode 100644 2019/13xxx/CVE-2019-13521.json diff --git a/2019/13xxx/CVE-2019-13519.json b/2019/13xxx/CVE-2019-13519.json new file mode 100644 index 00000000000..2380caf9374 --- /dev/null +++ b/2019/13xxx/CVE-2019-13519.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-13519", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockwell", + "product": { + "product_data": [ + { + "product_name": "Rockwell Automation Arena Simulation Software", + "version": { + "version_data": [ + { + "version_value": "Versions 16.00.00 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of resource using incompatible type ('Type confusion') CWE-843" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-802/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-802/" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities." + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13521.json b/2019/13xxx/CVE-2019-13521.json new file mode 100644 index 00000000000..684b88d6e1c --- /dev/null +++ b/2019/13xxx/CVE-2019-13521.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-13521", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockwell", + "product": { + "product_data": [ + { + "product_name": "Rockwell Automation Arena Simulation Software", + "version": { + "version_data": [ + { + "version_value": "Versions 16.00.00 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient UI warning of dangerous operations CWE-357" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-799/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-799/" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities." + } + ] + } +} \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3134.json b/2020/3xxx/CVE-2020-3134.json index 6e6543ac9c0..30499dbb653 100644 --- a/2020/3xxx/CVE-2020-3134.json +++ b/2020/3xxx/CVE-2020-3134.json @@ -10,22 +10,21 @@ "vendor": { "vendor_data": [ { + "vendor_name": "Cisco", "product": { "product_data": [ { - "product_name": "Cisco Email Security Appliance (ESA) ", + "product_name": "Cisco Email Security Appliance (ESA)", "version": { "version_data": [ { - "affected": "<", - "version_value": "13.0" + "version_value": "earlier than 13.0" } ] } } ] - }, - "vendor_name": "Cisco" + } } ] } @@ -78,4 +77,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3136.json b/2020/3xxx/CVE-2020-3136.json index c2fd50b2083..9fe9f9194ec 100644 --- a/2020/3xxx/CVE-2020-3136.json +++ b/2020/3xxx/CVE-2020-3136.json @@ -10,22 +10,21 @@ "vendor": { "vendor_data": [ { + "vendor_name": "Cisco", "product": { "product_data": [ { - "product_name": "Cisco Jabber Guest ", + "product_name": "Cisco Jabber Guest", "version": { "version_data": [ { - "affected": "<", - "version_value": "11.1(3)" + "version_value": "before 11.1(3)" } ] } } ] - }, - "vendor_name": "Cisco" + } } ] } @@ -78,4 +77,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3139.json b/2020/3xxx/CVE-2020-3139.json index 4182425a6c5..589bf331fd8 100644 --- a/2020/3xxx/CVE-2020-3139.json +++ b/2020/3xxx/CVE-2020-3139.json @@ -10,22 +10,21 @@ "vendor": { "vendor_data": [ { + "vendor_name": "Cisco", "product": { "product_data": [ { - "product_name": "Cisco Application Policy Infrastructure Controller (APIC) ", + "product_name": "Cisco Application Policy Infrastructure Controller (APIC)", "version": { "version_data": [ { - "affected": "<", - "version_value": "4.2(3j)" + "version_value": "prior to 4.2(3j)" } ] } } ] - }, - "vendor_name": "Cisco" + } } ] } @@ -78,4 +77,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3142.json b/2020/3xxx/CVE-2020-3142.json index 97a9939d452..e5bb6023e02 100644 --- a/2020/3xxx/CVE-2020-3142.json +++ b/2020/3xxx/CVE-2020-3142.json @@ -10,26 +10,24 @@ "vendor": { "vendor_data": [ { + "vendor_name": "Cisco", "product": { "product_data": [ { - "product_name": "Cisco Webex Meetings ", + "product_name": "Cisco Webex Meetings", "version": { "version_data": [ { - "affected": "<", - "version_value": "39.11.5" + "version_value": "earlier than 39.11.5" }, - { - "affected": "<", - "version_value": "40.1.3" + { + "version_value": "earlier than 40.1.3" } ] } } ] - }, - "vendor_name": "Cisco" + } } ] } @@ -82,4 +80,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file From db3da3286ab962a9c22b03cd33af95cefb402683 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 28 Jan 2020 00:01:08 +0000 Subject: [PATCH 369/387] "-Synchronized-Data." --- 2016/4xxx/CVE-2016-4303.json | 5 +++ 2019/0xxx/CVE-2019-0205.json | 5 +++ 2019/20xxx/CVE-2019-20434.json | 18 ++++++++ 2019/20xxx/CVE-2019-20435.json | 18 ++++++++ 2019/20xxx/CVE-2019-20436.json | 18 ++++++++ 2019/20xxx/CVE-2019-20437.json | 18 ++++++++ 2019/20xxx/CVE-2019-20438.json | 18 ++++++++ 2019/20xxx/CVE-2019-20439.json | 18 ++++++++ 2019/20xxx/CVE-2019-20440.json | 81 ++++++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20441.json | 81 ++++++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20442.json | 81 ++++++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20443.json | 81 ++++++++++++++++++++++++++++++++++ 2019/7xxx/CVE-2019-7131.json | 62 ++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8257.json | 62 ++++++++++++++++++++++---- 14 files changed, 548 insertions(+), 18 deletions(-) create mode 100644 2019/20xxx/CVE-2019-20434.json create mode 100644 2019/20xxx/CVE-2019-20435.json create mode 100644 2019/20xxx/CVE-2019-20436.json create mode 100644 2019/20xxx/CVE-2019-20437.json create mode 100644 2019/20xxx/CVE-2019-20438.json create mode 100644 2019/20xxx/CVE-2019-20439.json create mode 100644 2019/20xxx/CVE-2019-20440.json create mode 100644 2019/20xxx/CVE-2019-20441.json create mode 100644 2019/20xxx/CVE-2019-20442.json create mode 100644 2019/20xxx/CVE-2019-20443.json diff --git a/2016/4xxx/CVE-2016-4303.json b/2016/4xxx/CVE-2016-4303.json index c020207041b..e7e9f3d34b3 100644 --- a/2016/4xxx/CVE-2016-4303.json +++ b/2016/4xxx/CVE-2016-4303.json @@ -86,6 +86,11 @@ "name": "openSUSE-SU-2016:2121", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00090.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200127 [SECURITY] [DLA 2080-1] iperf3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00023.html" } ] } diff --git a/2019/0xxx/CVE-2019-0205.json b/2019/0xxx/CVE-2019-0205.json index 730a0bea275..a0bcd0fb5d0 100644 --- a/2019/0xxx/CVE-2019-0205.json +++ b/2019/0xxx/CVE-2019-0205.json @@ -123,6 +123,11 @@ "refsource": "MLIST", "name": "[thrift-dev] 20200125 [jira] [Commented] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", "url": "https://lists.apache.org/thread.html/r4633082b834eebccd0d322697651d931ab10ca9c51ee7ef18e1f60f4@%3Cdev.thrift.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[thrift-dev] 20200127 [jira] [Commented] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", + "url": "https://lists.apache.org/thread.html/r137753c9df8dd9065bea27a26af49aadc406b5a57fc584fefa008afd@%3Cdev.thrift.apache.org%3E" } ] }, diff --git a/2019/20xxx/CVE-2019-20434.json b/2019/20xxx/CVE-2019-20434.json new file mode 100644 index 00000000000..ef7ef9315d8 --- /dev/null +++ b/2019/20xxx/CVE-2019-20434.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20434", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20435.json b/2019/20xxx/CVE-2019-20435.json new file mode 100644 index 00000000000..77102b24e6c --- /dev/null +++ b/2019/20xxx/CVE-2019-20435.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20435", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20436.json b/2019/20xxx/CVE-2019-20436.json new file mode 100644 index 00000000000..abaa1f0cfcc --- /dev/null +++ b/2019/20xxx/CVE-2019-20436.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20436", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20437.json b/2019/20xxx/CVE-2019-20437.json new file mode 100644 index 00000000000..96ef7ea9665 --- /dev/null +++ b/2019/20xxx/CVE-2019-20437.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20437", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20438.json b/2019/20xxx/CVE-2019-20438.json new file mode 100644 index 00000000000..c3761d7b5ee --- /dev/null +++ b/2019/20xxx/CVE-2019-20438.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20438", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20439.json b/2019/20xxx/CVE-2019-20439.json new file mode 100644 index 00000000000..2d64bf94d1b --- /dev/null +++ b/2019/20xxx/CVE-2019-20439.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20439", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20440.json b/2019/20xxx/CVE-2019-20440.json new file mode 100644 index 00000000000..61a0ce6d5db --- /dev/null +++ b/2019/20xxx/CVE-2019-20440.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0646", + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0646" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/24", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/24" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:U/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20441.json b/2019/20xxx/CVE-2019-20441.json new file mode 100644 index 00000000000..c741b495e74 --- /dev/null +++ b/2019/20xxx/CVE-2019-20441.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0647", + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0647" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/23", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/23" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:C/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20442.json b/2019/20xxx/CVE-2019-20442.json new file mode 100644 index 00000000000..28f0297aa0b --- /dev/null +++ b/2019/20xxx/CVE-2019-20442.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0636", + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0636" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/25", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/25" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:U/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20443.json b/2019/20xxx/CVE-2019-20443.json new file mode 100644 index 00000000000..1797e791e15 --- /dev/null +++ b/2019/20xxx/CVE-2019-20443.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has been identified in the registry UI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0636", + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0636" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/26", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/26" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:U/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7131.json b/2019/7xxx/CVE-2019-7131.json index 7832356b98c..1f7301a7674 100644 --- a/2019/7xxx/CVE-2019-7131.json +++ b/2019/7xxx/CVE-2019-7131.json @@ -1,18 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7131", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.010.20064\u00a0and earlier, 2019.010.20064\u00a0and earlier, 2017.011.30110\u00a0and earlier version, and 2015.006.30461\u00a0and earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-02.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb19-02.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7131", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8257.json b/2019/8xxx/CVE-2019-8257.json index b79eb5697b7..3565b55b061 100644 --- a/2019/8xxx/CVE-2019-8257.json +++ b/2019/8xxx/CVE-2019-8257.json @@ -1,18 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8257", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution ." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": ", 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142\u202fand earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free\u202f\u202f\u202f" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-41.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb19-41.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-8257", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file From e16a82bb47655a93c0436aab13fd71c041106e3c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 28 Jan 2020 01:01:07 +0000 Subject: [PATCH 370/387] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10770.json | 50 +++++++++++++++++++++-- 2019/10xxx/CVE-2019-10779.json | 53 ++++++++++++++++++++++-- 2019/12xxx/CVE-2019-12418.json | 5 +++ 2019/17xxx/CVE-2019-17563.json | 5 +++ 2019/17xxx/CVE-2019-17651.json | 62 ++++++++++++++++++++++++++++ 2019/1xxx/CVE-2019-1348.json | 5 +++ 2019/1xxx/CVE-2019-1349.json | 5 +++ 2019/1xxx/CVE-2019-1350.json | 5 +++ 2019/1xxx/CVE-2019-1351.json | 5 +++ 2019/1xxx/CVE-2019-1352.json | 5 +++ 2019/1xxx/CVE-2019-1353.json | 5 +++ 2019/1xxx/CVE-2019-1354.json | 5 +++ 2019/1xxx/CVE-2019-1387.json | 5 +++ 2019/20xxx/CVE-2019-20434.json | 75 +++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20435.json | 75 +++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20436.json | 75 +++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20437.json | 75 +++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20438.json | 75 +++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20439.json | 75 +++++++++++++++++++++++++++++++--- 2020/0xxx/CVE-2020-0548.json | 62 ++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0549.json | 62 ++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1928.json | 50 +++++++++++++++++++++-- 2020/1xxx/CVE-2020-1932.json | 59 ++++++++++++++++++++++++-- 2020/1xxx/CVE-2020-1933.json | 50 +++++++++++++++++++++-- 24 files changed, 897 insertions(+), 51 deletions(-) create mode 100644 2019/17xxx/CVE-2019-17651.json create mode 100644 2020/0xxx/CVE-2020-0548.json create mode 100644 2020/0xxx/CVE-2020-0549.json diff --git a/2019/10xxx/CVE-2019-10770.json b/2019/10xxx/CVE-2019-10770.json index f79783621e4..d5c3e8dd2a0 100644 --- a/2019/10xxx/CVE-2019-10770.json +++ b/2019/10xxx/CVE-2019-10770.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10770", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "io.ratpack:ratpack-core", + "version": { + "version_data": [ + { + "version_value": "all versions from 0.9.10 inclusive and before 1.7.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://snyk.io/vuln/SNYK-JAVA-IORATPACK-534882", + "url": "https://snyk.io/vuln/SNYK-JAVA-IORATPACK-534882" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting (XSS). This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to be utilized in production it would require users to not disable development mode." } ] } diff --git a/2019/10xxx/CVE-2019-10779.json b/2019/10xxx/CVE-2019-10779.json index f2b860d45fe..65f62efa7fb 100644 --- a/2019/10xxx/CVE-2019-10779.json +++ b/2019/10xxx/CVE-2019-10779.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10779", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "stroom:stroom-app", + "version": { + "version_data": [ + { + "version_value": "all versions before 5.5.12" + }, + { + "version_value": "all versions of the 6.0.0 branch before 6.0.25" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://snyk.io/vuln/SNYK-JAVA-STROOM-541182", + "url": "https://snyk.io/vuln/SNYK-JAVA-STROOM-541182" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scripting. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue commands to the Stroom UI via an XSS vulnerability to take full control of the Stroom UI on behalf of the logged-in user." } ] } diff --git a/2019/12xxx/CVE-2019-12418.json b/2019/12xxx/CVE-2019-12418.json index f67f27f4cc8..580c25fbac4 100644 --- a/2019/12xxx/CVE-2019-12418.json +++ b/2019/12xxx/CVE-2019-12418.json @@ -79,6 +79,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0038", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200127 [SECURITY] [DLA 2077-1] tomcat7 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17563.json b/2019/17xxx/CVE-2019-17563.json index aeb0eb162b1..cc1d4f3c2d6 100644 --- a/2019/17xxx/CVE-2019-17563.json +++ b/2019/17xxx/CVE-2019-17563.json @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0038", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200127 [SECURITY] [DLA 2077-1] tomcat7 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17651.json b/2019/17xxx/CVE-2019-17651.json new file mode 100644 index 00000000000..d21335f175b --- /dev/null +++ b/2019/17xxx/CVE-2019-17651.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17651", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiSIEM", + "version": { + "version_data": [ + { + "version_value": "FortiSIEM version 5.2.5 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-19-197", + "url": "https://fortiguard.com/psirt/FG-IR-19-197" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1348.json b/2019/1xxx/CVE-2019-1348.json index 010dc967d38..d1bd561dfe2 100644 --- a/2019/1xxx/CVE-2019-1348.json +++ b/2019/1xxx/CVE-2019-1348.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u", "url": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u" + }, + { + "refsource": "MISC", + "name": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", + "url": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/" } ] }, diff --git a/2019/1xxx/CVE-2019-1349.json b/2019/1xxx/CVE-2019-1349.json index b81a98e9e67..4086a46b2aa 100644 --- a/2019/1xxx/CVE-2019-1349.json +++ b/2019/1xxx/CVE-2019-1349.json @@ -86,6 +86,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1349", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1349" + }, + { + "refsource": "MISC", + "name": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", + "url": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/" } ] } diff --git a/2019/1xxx/CVE-2019-1350.json b/2019/1xxx/CVE-2019-1350.json index 1daeaf12972..5d92c015646 100644 --- a/2019/1xxx/CVE-2019-1350.json +++ b/2019/1xxx/CVE-2019-1350.json @@ -86,6 +86,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1350", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1350" + }, + { + "refsource": "MISC", + "name": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", + "url": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/" } ] } diff --git a/2019/1xxx/CVE-2019-1351.json b/2019/1xxx/CVE-2019-1351.json index 5bf978ca892..cb71e096a7d 100644 --- a/2019/1xxx/CVE-2019-1351.json +++ b/2019/1xxx/CVE-2019-1351.json @@ -86,6 +86,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351" + }, + { + "refsource": "MISC", + "name": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", + "url": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/" } ] } diff --git a/2019/1xxx/CVE-2019-1352.json b/2019/1xxx/CVE-2019-1352.json index 5c403546d91..f40e41528c3 100644 --- a/2019/1xxx/CVE-2019-1352.json +++ b/2019/1xxx/CVE-2019-1352.json @@ -86,6 +86,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1352", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1352" + }, + { + "refsource": "MISC", + "name": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", + "url": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/" } ] } diff --git a/2019/1xxx/CVE-2019-1353.json b/2019/1xxx/CVE-2019-1353.json index 9a270f484a8..ef500271907 100644 --- a/2019/1xxx/CVE-2019-1353.json +++ b/2019/1xxx/CVE-2019-1353.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u", "url": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u" + }, + { + "refsource": "MISC", + "name": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", + "url": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/" } ] }, diff --git a/2019/1xxx/CVE-2019-1354.json b/2019/1xxx/CVE-2019-1354.json index 7629287c2b9..b424ac2e1e0 100644 --- a/2019/1xxx/CVE-2019-1354.json +++ b/2019/1xxx/CVE-2019-1354.json @@ -86,6 +86,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1354", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1354" + }, + { + "refsource": "MISC", + "name": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", + "url": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/" } ] } diff --git a/2019/1xxx/CVE-2019-1387.json b/2019/1xxx/CVE-2019-1387.json index 423d12339b7..a9cde854855 100644 --- a/2019/1xxx/CVE-2019-1387.json +++ b/2019/1xxx/CVE-2019-1387.json @@ -103,6 +103,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200123 [SECURITY] [DLA 2059-1] git security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00019.html" + }, + { + "refsource": "MISC", + "name": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", + "url": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/" } ] }, diff --git a/2019/20xxx/CVE-2019-20434.json b/2019/20xxx/CVE-2019-20434.json index ef7ef9315d8..98f504522cc 100644 --- a/2019/20xxx/CVE-2019-20434.json +++ b/2019/20xxx/CVE-2019-20434.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20434", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20434", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0616", + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0616" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/17", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/17" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:C/UI:R", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20435.json b/2019/20xxx/CVE-2019-20435.json index 77102b24e6c..c4d7f4672f4 100644 --- a/2019/20xxx/CVE-2019-20435.json +++ b/2019/20xxx/CVE-2019-20435.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20435", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20435", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0633", + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0633" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/18", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/18" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:U/UI:R", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20436.json b/2019/20xxx/CVE-2019-20436.json index abaa1f0cfcc..48e9bf4e149 100644 --- a/2019/20xxx/CVE-2019-20436.json +++ b/2019/20xxx/CVE-2019-20436.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20436", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20436", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. If there is a claim dialect configured with an XSS payload in the dialect URI, and a user picks up this dialect's URI and adds it as the service provider claim dialect while configuring the service provider, that payload gets executed. The attacker also needs to have privileges to log in to the management console, and to add and configure claim dialects." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0634", + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0634" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/19", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/19" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:N/S:C/UI:R", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20437.json b/2019/20xxx/CVE-2019-20437.json index 96ef7ea9665..dc7aac9b011 100644 --- a/2019/20xxx/CVE-2019-20437.json +++ b/2019/20xxx/CVE-2019-20437.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20437", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20437", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect's URI as the provisioning claim in the advanced claim configuration of the same Identity Provider. The attacker also needs to have privileges to log in to the management console, and to add and update identity provider configurations." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0635", + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0635" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/20", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/20" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:N/S:C/UI:R", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20438.json b/2019/20xxx/CVE-2019-20438.json index c3761d7b5ee..7210c6c2d89 100644 --- a/2019/20xxx/CVE-2019-20438.json +++ b/2019/20xxx/CVE-2019-20438.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20438", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20438", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0645", + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0645" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/22", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/22" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:C/UI:R", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20439.json b/2019/20xxx/CVE-2019-20439.json index 2d64bf94d1b..87a6fb80216 100644 --- a/2019/20xxx/CVE-2019-20439.json +++ b/2019/20xxx/CVE-2019-20439.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20439", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20439", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the \"manage the API\" page of the API Publisher." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0644", + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0644" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/21", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/21" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:U/UI:R", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0548.json b/2020/0xxx/CVE-2020-0548.json new file mode 100644 index 00000000000..a27d03e5d84 --- /dev/null +++ b/2020/0xxx/CVE-2020-0548.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0548", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Processors", + "version": { + "version_data": [ + { + "version_value": "see references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0549.json b/2020/0xxx/CVE-2020-0549.json new file mode 100644 index 00000000000..3ddba2166cf --- /dev/null +++ b/2020/0xxx/CVE-2020-0549.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0549", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Processors", + "version": { + "version_data": [ + { + "version_value": "see references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1928.json b/2020/1xxx/CVE-2020-1928.json index da98f2faba1..191e530770e 100644 --- a/2020/1xxx/CVE-2020-1928.json +++ b/2020/1xxx/CVE-2020-1928.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1928", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache NiFi", + "version": { + "version_data": [ + { + "version_value": "Apache NiFi 1.10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://nifi.apache.org/security.html#CVE-2020-1928", + "url": "https://nifi.apache.org/security.html#CVE-2020-1928" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present." } ] } diff --git a/2020/1xxx/CVE-2020-1932.json b/2020/1xxx/CVE-2020-1932.json index 467b7327b2b..f3886360189 100644 --- a/2020/1xxx/CVE-2020-1932.json +++ b/2020/1xxx/CVE-2020-1932.json @@ -4,14 +4,67 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1932", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Superset", + "version": { + "version_data": [ + { + "version_value": "0.34.0" + }, + { + "version_value": "0.34.1" + }, + { + "version_value": "0.35.0" + }, + { + "version_value": "0.35.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r4e5323c3bc786005495311a6ff53ac6d990b2c7eb52941a1a13ce227%40%3Cdev.superset.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r4e5323c3bc786005495311a6ff53ac6d990b2c7eb52941a1a13ce227%40%3Cdev.superset.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset." } ] } diff --git a/2020/1xxx/CVE-2020-1933.json b/2020/1xxx/CVE-2020-1933.json index 9f2c2dc7b85..50e6cb8c7c6 100644 --- a/2020/1xxx/CVE-2020-1933.json +++ b/2020/1xxx/CVE-2020-1933.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1933", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache NiFi", + "version": { + "version_data": [ + { + "version_value": "Apache NiFi 1.0.0 to 1.10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS Attack" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://nifi.apache.org/security.html#CVE-2020-1933", + "url": "https://nifi.apache.org/security.html#CVE-2020-1933" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers." } ] } From 56bcd3a3273324122cd70180eac84c87e7680778 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 28 Jan 2020 03:01:06 +0000 Subject: [PATCH 371/387] "-Synchronized-Data." --- 2019/15xxx/CVE-2019-15578.json | 73 +++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15579.json | 73 +++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15581.json | 73 +++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15582.json | 73 +++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15583.json | 73 +++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15585.json | 73 +++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15586.json | 67 ++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15590.json | 73 +++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15607.json | 62 ++++++++++++++++++++++++++++ 2019/5xxx/CVE-2019-5462.json | 71 ++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5464.json | 71 ++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5465.json | 71 ++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5466.json | 71 ++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5468.json | 74 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5470.json | 74 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5472.json | 74 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5474.json | 74 ++++++++++++++++++++++++++++++---- 17 files changed, 1164 insertions(+), 56 deletions(-) create mode 100644 2019/15xxx/CVE-2019-15578.json create mode 100644 2019/15xxx/CVE-2019-15579.json create mode 100644 2019/15xxx/CVE-2019-15581.json create mode 100644 2019/15xxx/CVE-2019-15582.json create mode 100644 2019/15xxx/CVE-2019-15583.json create mode 100644 2019/15xxx/CVE-2019-15585.json create mode 100644 2019/15xxx/CVE-2019-15586.json create mode 100644 2019/15xxx/CVE-2019-15590.json create mode 100644 2019/15xxx/CVE-2019-15607.json diff --git a/2019/15xxx/CVE-2019-15578.json b/2019/15xxx/CVE-2019-15578.json new file mode 100644 index 00000000000..22d74ce35d4 --- /dev/null +++ b/2019/15xxx/CVE-2019-15578.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15578", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab CE/EE", + "version": { + "version_data": [ + { + "version_value": "before 12.3.2" + }, + { + "version_value": "before 12.2.6" + }, + { + "version_value": "before 12.1.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/", + "url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/650574", + "url": "https://hackerone.com/reports/650574" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15579.json b/2019/15xxx/CVE-2019-15579.json new file mode 100644 index 00000000000..8827fbb75c7 --- /dev/null +++ b/2019/15xxx/CVE-2019-15579.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15579", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab CE/EE", + "version": { + "version_data": [ + { + "version_value": "before 12.3.2" + }, + { + "version_value": "before 12.2.6" + }, + { + "version_value": "before 12.1.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/", + "url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/635516", + "url": "https://hackerone.com/reports/635516" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15581.json b/2019/15xxx/CVE-2019-15581.json new file mode 100644 index 00000000000..64b29004eba --- /dev/null +++ b/2019/15xxx/CVE-2019-15581.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15581", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab EE", + "version": { + "version_data": [ + { + "version_value": "before 12.3.2" + }, + { + "version_value": "before 12.2.6" + }, + { + "version_value": "before 12.1.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Direct Object Reference (IDOR) (CWE-639)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/", + "url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/518995", + "url": "https://hackerone.com/reports/518995" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15582.json b/2019/15xxx/CVE-2019-15582.json new file mode 100644 index 00000000000..4d26cdda95d --- /dev/null +++ b/2019/15xxx/CVE-2019-15582.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15582", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab EE", + "version": { + "version_data": [ + { + "version_value": "before 12.3.2" + }, + { + "version_value": "before 12.2.6" + }, + { + "version_value": "before 12.1.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Direct Object Reference (IDOR) (CWE-639)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/", + "url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/566216", + "url": "https://hackerone.com/reports/566216" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15583.json b/2019/15xxx/CVE-2019-15583.json new file mode 100644 index 00000000000..0367b2cde6a --- /dev/null +++ b/2019/15xxx/CVE-2019-15583.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15583", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab CE/EE", + "version": { + "version_data": [ + { + "version_value": "before 12.3.2" + }, + { + "version_value": "before 12.2.6" + }, + { + "version_value": "before 12.1.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/", + "url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/643854", + "url": "https://hackerone.com/reports/643854" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15585.json b/2019/15xxx/CVE-2019-15585.json new file mode 100644 index 00000000000..676d5c1baa5 --- /dev/null +++ b/2019/15xxx/CVE-2019-15585.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15585", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "Gitlab CE/EE", + "version": { + "version_data": [ + { + "version_value": "before 12.3.2" + }, + { + "version_value": "before 12.2.6" + }, + { + "version_value": "before 12.1.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication - Generic (CWE-287)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/", + "url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/471323", + "url": "https://hackerone.com/reports/471323" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15586.json b/2019/15xxx/CVE-2019-15586.json new file mode 100644 index 00000000000..fc654c7f01e --- /dev/null +++ b/2019/15xxx/CVE-2019-15586.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15586", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "Gitlab CE/EE", + "version": { + "version_data": [ + { + "version_value": "before 12.1.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - DOM (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/645043", + "url": "https://hackerone.com/reports/645043" + }, + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/", + "url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15590.json b/2019/15xxx/CVE-2019-15590.json new file mode 100644 index 00000000000..4fd0e3b53c3 --- /dev/null +++ b/2019/15xxx/CVE-2019-15590.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15590", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab EE", + "version": { + "version_data": [ + { + "version_value": "before 12.3.5" + }, + { + "version_value": "before 12.2.8" + }, + { + "version_value": "before 12.1.14" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control - Generic (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/701144", + "url": "https://hackerone.com/reports/701144" + }, + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/10/07/security-release-gitlab-12-dot-3-dot-5-released/", + "url": "https://about.gitlab.com/releases/2019/10/07/security-release-gitlab-12-dot-3-dot-5-released/" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15607.json b/2019/15xxx/CVE-2019-15607.json new file mode 100644 index 00000000000..95deeceedd7 --- /dev/null +++ b/2019/15xxx/CVE-2019-15607.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15607", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "node-red", + "version": { + "version_data": [ + { + "version_value": "0.20.7 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/681986", + "url": "https://hackerone.com/reports/681986" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A stored XSS vulnerability is present within node-red (version: <= 0.20.7) npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5462.json b/2019/5xxx/CVE-2019-5462.json index 802f958f1e0..60903924a44 100644 --- a/2019/5xxx/CVE-2019-5462.json +++ b/2019/5xxx/CVE-2019-5462.json @@ -1,17 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5462", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5462", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab Community Edition and GitLab Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "Affects GitLab CE/EE 9.0 and later" + }, + { + "version_value": "Fixed in 12.1.2 in 12.0.4 and in 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation (CAPEC-233)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/495282", + "url": "https://hackerone.com/reports/495282" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/58312", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/58312" + }, + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed." } ] } diff --git a/2019/5xxx/CVE-2019-5464.json b/2019/5xxx/CVE-2019-5464.json index 92071b74152..bbe6be41972 100644 --- a/2019/5xxx/CVE-2019-5464.json +++ b/2019/5xxx/CVE-2019-5464.json @@ -1,17 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5464", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5464", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab CE/EE", + "version": { + "version_data": [ + { + "version_value": "Affects GitLab CE/EE 10.2 and later" + }, + { + "version_value": "Fixed in 12.1.2 in 12.0.4 and in 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation (CWE-20)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/632101", + "url": "https://hackerone.com/reports/632101" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/63959", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/63959" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized." } ] } diff --git a/2019/5xxx/CVE-2019-5465.json b/2019/5xxx/CVE-2019-5465.json index 6f94aab82f4..264113dccd0 100644 --- a/2019/5xxx/CVE-2019-5465.json +++ b/2019/5xxx/CVE-2019-5465.json @@ -1,17 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5465", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5465", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab CE/EE", + "version": { + "version_data": [ + { + "version_value": "Affects GitLab CE/EE 8.14 and later" + }, + { + "version_value": "Fixed in 12.1.2 in 12.0.4 and in 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/584534", + "url": "https://hackerone.com/reports/584534" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/62070", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/62070" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID." } ] } diff --git a/2019/5xxx/CVE-2019-5466.json b/2019/5xxx/CVE-2019-5466.json index 9128cd41fd7..1d433790a12 100644 --- a/2019/5xxx/CVE-2019-5466.json +++ b/2019/5xxx/CVE-2019-5466.json @@ -1,17 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5466", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5466", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GitLab CE/EE", + "version": { + "version_data": [ + { + "version_value": "Affects GitLab CE/EE 11.5 and later" + }, + { + "version_value": "Fixed in 12.1.2 in 12.0.4 and in 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Direct Object Reference (IDOR) (CWE-639)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/507113", + "url": "https://hackerone.com/reports/507113" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/59809", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/59809" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names." } ] } diff --git a/2019/5xxx/CVE-2019-5468.json b/2019/5xxx/CVE-2019-5468.json index 0fe7e60aa35..1a8e17be1eb 100644 --- a/2019/5xxx/CVE-2019-5468.json +++ b/2019/5xxx/CVE-2019-5468.json @@ -1,17 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5468", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5468", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GiltLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": "before 12.1.2" + }, + { + "version_value": "before 12.0.4" + }, + { + "version_value": "before 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation (CAPEC-233)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/493562", + "url": "https://hackerone.com/reports/493562" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/57556", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/57556" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account." } ] } diff --git a/2019/5xxx/CVE-2019-5470.json b/2019/5xxx/CVE-2019-5470.json index 9254c24aae7..1ff7f7a410b 100644 --- a/2019/5xxx/CVE-2019-5470.json +++ b/2019/5xxx/CVE-2019-5470.json @@ -1,17 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5470", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5470", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": "before 12.1.2" + }, + { + "version_value": "before 12.0.4" + }, + { + "version_value": "before 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/490250", + "url": "https://hackerone.com/reports/490250" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ee/issues/9665", + "url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/9665" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information." } ] } diff --git a/2019/5xxx/CVE-2019-5472.json b/2019/5xxx/CVE-2019-5472.json index af4c7311198..068e6d0bd31 100644 --- a/2019/5xxx/CVE-2019-5472.json +++ b/2019/5xxx/CVE-2019-5472.json @@ -1,17 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5472", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5472", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": "before 12.1.2" + }, + { + "version_value": "before 12.0.4" + }, + { + "version_value": "before 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/538101", + "url": "https://hackerone.com/reports/538101" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11381", + "url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11381" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments." } ] } diff --git a/2019/5xxx/CVE-2019-5474.json b/2019/5xxx/CVE-2019-5474.json index 1b4fdb5d134..b2268f9e7bf 100644 --- a/2019/5xxx/CVE-2019-5474.json +++ b/2019/5xxx/CVE-2019-5474.json @@ -1,17 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5474", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5474", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab EE", + "version": { + "version_data": [ + { + "version_value": "before 12.1.2" + }, + { + "version_value": "before 12.0.4" + }, + { + "version_value": "before 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control - Generic (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/544756", + "url": "https://hackerone.com/reports/544756" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11423", + "url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11423" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions." } ] } From 732c13ce67551654157bb76bd85f660347d920c3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 28 Jan 2020 05:01:08 +0000 Subject: [PATCH 372/387] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7997.json | 56 +++++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7998.json | 61 ++++++++++++++++++++++++++++++++---- 2 files changed, 105 insertions(+), 12 deletions(-) diff --git a/2020/7xxx/CVE-2020-7997.json b/2020/7xxx/CVE-2020-7997.json index 95a9e9d698f..a8d5100c485 100644 --- a/2020/7xxx/CVE-2020-7997.json +++ b/2020/7xxx/CVE-2020-7997.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7997", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7997", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/adeshkolte/983bcadd82cc1fd60333098eb646ef68", + "url": "https://gist.github.com/adeshkolte/983bcadd82cc1fd60333098eb646ef68" } ] } diff --git a/2020/7xxx/CVE-2020-7998.json b/2020/7xxx/CVE-2020-7998.json index f4c523b1974..5324afee0cb 100644 --- a/2020/7xxx/CVE-2020-7998.json +++ b/2020/7xxx/CVE-2020-7998.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7998", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7998", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the FTP or Web UI service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://apps.apple.com/us/app/super-file-explorer-file-viewer-file-manager/id1101973946", + "refsource": "MISC", + "name": "https://apps.apple.com/us/app/super-file-explorer-file-viewer-file-manager/id1101973946" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/adeshkolte/9e60b2483d2f20d1951beac0fc917c6f", + "url": "https://gist.github.com/adeshkolte/9e60b2483d2f20d1951beac0fc917c6f" } ] } From 97255a84fc9043d210d2ed232421a16daf1fc619 Mon Sep 17 00:00:00 2001 From: Ikuya Fukumoto Date: Tue, 28 Jan 2020 14:17:40 +0900 Subject: [PATCH 373/387] JPCERT/CC 2020-01-28 --- 2020/5xxx/CVE-2020-5523.json | 82 +++++++++++++++++++++++++++++++++--- 1 file changed, 75 insertions(+), 7 deletions(-) diff --git a/2020/5xxx/CVE-2020-5523.json b/2020/5xxx/CVE-2020-5523.json index 0ba89257176..9e0a0736c84 100644 --- a/2020/5xxx/CVE-2020-5523.json +++ b/2020/5xxx/CVE-2020-5523.json @@ -1,17 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5523", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "references": { + "reference_data": [ + { + "url": "http://www.dokodemobank.ne.jp/info_20200128_bankingapp.html" + }, + { + "url": "https://www.ashikagabank.co.jp/appbanking/pdf/oshirase.pdf" + }, + { + "url": "https://www.sihd-bk.jp/common_v2/pdf/20200127.pdf" + }, + { + "url": "https://www.shikokubank.co.jp/info/apps20200128.html" + }, + { + "url": "https://www.tohoku-bank.co.jp/news/topics/200128_applissl.html" + }, + { + "url": "https://www.naganobank.co.jp/soshiki/2/app-ssl.html" + }, + { + "url": "https://www.77bank.co.jp/pdf/oshirase/20012801_appvulnerability.pdf" + }, + { + "url": "https://www.hokkaidobank.co.jp/common/dat/2020/0120/15795047141946146699.pdf" + }, + { + "url": "https://www.hokugin.co.jp/info/archives/personal/2020/1913.html" + }, + { + "url": "http://jvn.jp/en/jp/JVN28845872/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "MyPallete all versions, AshikagaBankingAppli ver1.0.4 and earlier, SENSHUIKEDABANKBankingAppli ver3.0.4 and earlier, ShikokuBankingAppli ver2.0.1 and earlier, TohokuBankingAppli ver1.0.1 and earlier, NaganoBankingAppli ver1.0.1 and earlier, 77BankingAppli ver2.0.1 and earlier, HokkaidoBankingAppli ver3.0.1 and earlier, and HokurikuBankingAppli ver2.0.1 and earlier" + } + ] + }, + "product_name": "'MyPallete' and some of the Android banking applications that use 'MyPallete'" + } + ] + }, + "vendor_name": "NTT Data Corporation" + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-5523", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to verify SSL certificates" + } + ] } ] } From ec558560923946d0b7b5c33baab1033ea45f552c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 28 Jan 2020 06:01:18 +0000 Subject: [PATCH 374/387] "-Synchronized-Data." --- 2016/9xxx/CVE-2016-9840.json | 5 ++++ 2016/9xxx/CVE-2016-9841.json | 5 ++++ 2016/9xxx/CVE-2016-9842.json | 5 ++++ 2016/9xxx/CVE-2016-9843.json | 5 ++++ 2019/5xxx/CVE-2019-5188.json | 5 ++++ 2020/5xxx/CVE-2020-5523.json | 45 ++++++++++++++++++++++++++---------- 6 files changed, 58 insertions(+), 12 deletions(-) diff --git a/2016/9xxx/CVE-2016-9840.json b/2016/9xxx/CVE-2016-9840.json index cc0105bdb13..e4e77ed8536 100644 --- a/2016/9xxx/CVE-2016-9840.json +++ b/2016/9xxx/CVE-2016-9840.json @@ -176,6 +176,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4246-1", + "url": "https://usn.ubuntu.com/4246-1/" } ] } diff --git a/2016/9xxx/CVE-2016-9841.json b/2016/9xxx/CVE-2016-9841.json index 85ee749ebaf..55cc36f2461 100644 --- a/2016/9xxx/CVE-2016-9841.json +++ b/2016/9xxx/CVE-2016-9841.json @@ -191,6 +191,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4246-1", + "url": "https://usn.ubuntu.com/4246-1/" } ] } diff --git a/2016/9xxx/CVE-2016-9842.json b/2016/9xxx/CVE-2016-9842.json index 573120fe1ac..db70a27ccc6 100644 --- a/2016/9xxx/CVE-2016-9842.json +++ b/2016/9xxx/CVE-2016-9842.json @@ -176,6 +176,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4246-1", + "url": "https://usn.ubuntu.com/4246-1/" } ] } diff --git a/2016/9xxx/CVE-2016-9843.json b/2016/9xxx/CVE-2016-9843.json index 6be4b1fa319..4aa3ef0cac3 100644 --- a/2016/9xxx/CVE-2016-9843.json +++ b/2016/9xxx/CVE-2016-9843.json @@ -191,6 +191,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4246-1", + "url": "https://usn.ubuntu.com/4246-1/" } ] } diff --git a/2019/5xxx/CVE-2019-5188.json b/2019/5xxx/CVE-2019-5188.json index b683d3e4e5a..d939affc31a 100644 --- a/2019/5xxx/CVE-2019-5188.json +++ b/2019/5xxx/CVE-2019-5188.json @@ -53,6 +53,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-a724cc7926", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4249-1", + "url": "https://usn.ubuntu.com/4249-1/" } ] }, diff --git a/2020/5xxx/CVE-2020-5523.json b/2020/5xxx/CVE-2020-5523.json index 9e0a0736c84..4aba1d5b473 100644 --- a/2020/5xxx/CVE-2020-5523.json +++ b/2020/5xxx/CVE-2020-5523.json @@ -3,34 +3,54 @@ "references": { "reference_data": [ { - "url": "http://www.dokodemobank.ne.jp/info_20200128_bankingapp.html" + "url": "http://www.dokodemobank.ne.jp/info_20200128_bankingapp.html", + "refsource": "MISC", + "name": "http://www.dokodemobank.ne.jp/info_20200128_bankingapp.html" }, { - "url": "https://www.ashikagabank.co.jp/appbanking/pdf/oshirase.pdf" + "url": "https://www.ashikagabank.co.jp/appbanking/pdf/oshirase.pdf", + "refsource": "MISC", + "name": "https://www.ashikagabank.co.jp/appbanking/pdf/oshirase.pdf" }, { - "url": "https://www.sihd-bk.jp/common_v2/pdf/20200127.pdf" + "url": "https://www.sihd-bk.jp/common_v2/pdf/20200127.pdf", + "refsource": "MISC", + "name": "https://www.sihd-bk.jp/common_v2/pdf/20200127.pdf" }, { - "url": "https://www.shikokubank.co.jp/info/apps20200128.html" + "url": "https://www.shikokubank.co.jp/info/apps20200128.html", + "refsource": "MISC", + "name": "https://www.shikokubank.co.jp/info/apps20200128.html" }, { - "url": "https://www.tohoku-bank.co.jp/news/topics/200128_applissl.html" + "url": "https://www.tohoku-bank.co.jp/news/topics/200128_applissl.html", + "refsource": "MISC", + "name": "https://www.tohoku-bank.co.jp/news/topics/200128_applissl.html" }, { - "url": "https://www.naganobank.co.jp/soshiki/2/app-ssl.html" + "url": "https://www.naganobank.co.jp/soshiki/2/app-ssl.html", + "refsource": "MISC", + "name": "https://www.naganobank.co.jp/soshiki/2/app-ssl.html" }, { - "url": "https://www.77bank.co.jp/pdf/oshirase/20012801_appvulnerability.pdf" + "url": "https://www.77bank.co.jp/pdf/oshirase/20012801_appvulnerability.pdf", + "refsource": "MISC", + "name": "https://www.77bank.co.jp/pdf/oshirase/20012801_appvulnerability.pdf" }, { - "url": "https://www.hokkaidobank.co.jp/common/dat/2020/0120/15795047141946146699.pdf" + "url": "https://www.hokkaidobank.co.jp/common/dat/2020/0120/15795047141946146699.pdf", + "refsource": "MISC", + "name": "https://www.hokkaidobank.co.jp/common/dat/2020/0120/15795047141946146699.pdf" }, { - "url": "https://www.hokugin.co.jp/info/archives/personal/2020/1913.html" + "url": "https://www.hokugin.co.jp/info/archives/personal/2020/1913.html", + "refsource": "MISC", + "name": "https://www.hokugin.co.jp/info/archives/personal/2020/1913.html" }, { - "url": "http://jvn.jp/en/jp/JVN28845872/index.html" + "url": "http://jvn.jp/en/jp/JVN28845872/index.html", + "refsource": "MISC", + "name": "http://jvn.jp/en/jp/JVN28845872/index.html" } ] }, @@ -38,7 +58,7 @@ "description_data": [ { "lang": "eng", - "value": "Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + "value": "Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." } ] }, @@ -68,7 +88,8 @@ }, "CVE_data_meta": { "ID": "CVE-2020-5523", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "data_format": "MITRE", "problemtype": { From 536f46b4a093ae1523d7c94a7f633b786357d09d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 28 Jan 2020 13:01:17 +0000 Subject: [PATCH 375/387] "-Synchronized-Data." --- 2020/2xxx/CVE-2020-2583.json | 5 +++ 2020/2xxx/CVE-2020-2590.json | 5 +++ 2020/2xxx/CVE-2020-2593.json | 5 +++ 2020/2xxx/CVE-2020-2601.json | 5 +++ 2020/2xxx/CVE-2020-2604.json | 5 +++ 2020/2xxx/CVE-2020-2654.json | 5 +++ 2020/2xxx/CVE-2020-2655.json | 5 +++ 2020/7xxx/CVE-2020-7237.json | 5 +++ 2020/7xxx/CVE-2020-7799.json | 71 +++++++++++++++++++++++++++++++++--- 9 files changed, 105 insertions(+), 6 deletions(-) diff --git a/2020/2xxx/CVE-2020-2583.json b/2020/2xxx/CVE-2020-2583.json index 63b6e1db978..58feedbe1cd 100644 --- a/2020/2xxx/CVE-2020-2583.json +++ b/2020/2xxx/CVE-2020-2583.json @@ -96,6 +96,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0113", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html" } ] } diff --git a/2020/2xxx/CVE-2020-2590.json b/2020/2xxx/CVE-2020-2590.json index d29861b3a45..92c4b7567ff 100644 --- a/2020/2xxx/CVE-2020-2590.json +++ b/2020/2xxx/CVE-2020-2590.json @@ -96,6 +96,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0113", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html" } ] } diff --git a/2020/2xxx/CVE-2020-2593.json b/2020/2xxx/CVE-2020-2593.json index 3950f4c142e..b7d7332697f 100644 --- a/2020/2xxx/CVE-2020-2593.json +++ b/2020/2xxx/CVE-2020-2593.json @@ -96,6 +96,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0113", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html" } ] } diff --git a/2020/2xxx/CVE-2020-2601.json b/2020/2xxx/CVE-2020-2601.json index 02cea4304b1..1604e9f444b 100644 --- a/2020/2xxx/CVE-2020-2601.json +++ b/2020/2xxx/CVE-2020-2601.json @@ -96,6 +96,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0113", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html" } ] } diff --git a/2020/2xxx/CVE-2020-2604.json b/2020/2xxx/CVE-2020-2604.json index 652e6c88c03..a9e4795635e 100644 --- a/2020/2xxx/CVE-2020-2604.json +++ b/2020/2xxx/CVE-2020-2604.json @@ -81,6 +81,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0113", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html" } ] } diff --git a/2020/2xxx/CVE-2020-2654.json b/2020/2xxx/CVE-2020-2654.json index 7b8a0c19c58..114770637a9 100644 --- a/2020/2xxx/CVE-2020-2654.json +++ b/2020/2xxx/CVE-2020-2654.json @@ -92,6 +92,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0113", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html" } ] } diff --git a/2020/2xxx/CVE-2020-2655.json b/2020/2xxx/CVE-2020-2655.json index 1159d50f2ab..9a54a333c1f 100644 --- a/2020/2xxx/CVE-2020-2655.json +++ b/2020/2xxx/CVE-2020-2655.json @@ -82,6 +82,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0113", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html" } ] } diff --git a/2020/7xxx/CVE-2020-7237.json b/2020/7xxx/CVE-2020-7237.json index 9e634f6385e..ec460738fbf 100644 --- a/2020/7xxx/CVE-2020-7237.json +++ b/2020/7xxx/CVE-2020-7237.json @@ -56,6 +56,11 @@ "url": "https://github.com/Cacti/cacti/issues/3201", "refsource": "MISC", "name": "https://github.com/Cacti/cacti/issues/3201" + }, + { + "refsource": "MISC", + "name": "https://ctrsec.io/index.php/2020/01/25/cve-2020-7237-remote-code-execution-in-cacti-rrdtool/", + "url": "https://ctrsec.io/index.php/2020/01/25/cve-2020-7237-remote-code-execution-in-cacti-rrdtool/" } ] } diff --git a/2020/7xxx/CVE-2020-7799.json b/2020/7xxx/CVE-2020-7799.json index a559ad665f6..f3d87c7e63b 100644 --- a/2020/7xxx/CVE-2020-7799.json +++ b/2020/7xxx/CVE-2020-7799.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7799", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7799", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fusionauth.io/docs/v1/tech/release-notes", + "refsource": "MISC", + "name": "https://fusionauth.io/docs/v1/tech/release-notes" + }, + { + "refsource": "BUGTRAQ", + "name": "20200127 CVE - CVE-2020-7799 - FusionAuth command execution via Apache Freemarker Template", + "url": "https://seclists.org/bugtraq/2020/Jan/39" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156102/FusionAuth-1.10-Remote-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/156102/FusionAuth-1.10-Remote-Command-Execution.html" + }, + { + "refsource": "MISC", + "name": "https://lab.mediaservice.net/advisory/2020-03-fusionauth.txt", + "url": "https://lab.mediaservice.net/advisory/2020-03-fusionauth.txt" } ] } From 308f190dded3ddee6b8ab28fb6daa77b706038c7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 28 Jan 2020 14:01:09 +0000 Subject: [PATCH 376/387] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17096.json | 7 ++-- 2020/7xxx/CVE-2020-7934.json | 61 ++++++++++++++++++++++++++++++---- 2020/8xxx/CVE-2020-8092.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8093.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8094.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8095.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8096.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8097.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8098.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8099.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8100.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8101.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8102.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8103.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8104.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8105.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8106.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8107.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8108.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8109.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8110.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8111.json | 18 ++++++++++ 22 files changed, 419 insertions(+), 9 deletions(-) create mode 100644 2020/8xxx/CVE-2020-8092.json create mode 100644 2020/8xxx/CVE-2020-8093.json create mode 100644 2020/8xxx/CVE-2020-8094.json create mode 100644 2020/8xxx/CVE-2020-8095.json create mode 100644 2020/8xxx/CVE-2020-8096.json create mode 100644 2020/8xxx/CVE-2020-8097.json create mode 100644 2020/8xxx/CVE-2020-8098.json create mode 100644 2020/8xxx/CVE-2020-8099.json create mode 100644 2020/8xxx/CVE-2020-8100.json create mode 100644 2020/8xxx/CVE-2020-8101.json create mode 100644 2020/8xxx/CVE-2020-8102.json create mode 100644 2020/8xxx/CVE-2020-8103.json create mode 100644 2020/8xxx/CVE-2020-8104.json create mode 100644 2020/8xxx/CVE-2020-8105.json create mode 100644 2020/8xxx/CVE-2020-8106.json create mode 100644 2020/8xxx/CVE-2020-8107.json create mode 100644 2020/8xxx/CVE-2020-8108.json create mode 100644 2020/8xxx/CVE-2020-8109.json create mode 100644 2020/8xxx/CVE-2020-8110.json create mode 100644 2020/8xxx/CVE-2020-8111.json diff --git a/2019/17xxx/CVE-2019-17096.json b/2019/17xxx/CVE-2019-17096.json index d6df6ad7652..1ad5a239d7f 100644 --- a/2019/17xxx/CVE-2019-17096.json +++ b/2019/17xxx/CVE-2019-17096.json @@ -87,8 +87,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-box-2-bootstrap-get_image_size-command-injection-vulnerability/" + "refsource": "MISC", + "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-box-2-bootstrap-get_image_size-command-injection-vulnerability/", + "name": "https://www.bitdefender.com/support/security-advisories/bitdefender-box-2-bootstrap-get_image_size-command-injection-vulnerability/" } ] }, @@ -105,4 +106,4 @@ ], "discovery": "EXTERNAL" } -} +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7934.json b/2020/7xxx/CVE-2020-7934.json index 16aafc0a956..d385c91b235 100644 --- a/2020/7xxx/CVE-2020-7934.json +++ b/2020/7xxx/CVE-2020-7934.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7934", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7934", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://semanticbits.com/tech-blog", + "refsource": "MISC", + "name": "https://semanticbits.com/tech-blog" + }, + { + "refsource": "MISC", + "name": "https://semanticbits.com/liferay-portal-authenticated-xss-disclosure/", + "url": "https://semanticbits.com/liferay-portal-authenticated-xss-disclosure/" } ] } diff --git a/2020/8xxx/CVE-2020-8092.json b/2020/8xxx/CVE-2020-8092.json new file mode 100644 index 00000000000..f4d199a3962 --- /dev/null +++ b/2020/8xxx/CVE-2020-8092.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8092", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8093.json b/2020/8xxx/CVE-2020-8093.json new file mode 100644 index 00000000000..185f36ebbc9 --- /dev/null +++ b/2020/8xxx/CVE-2020-8093.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8093", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8094.json b/2020/8xxx/CVE-2020-8094.json new file mode 100644 index 00000000000..749745dd439 --- /dev/null +++ b/2020/8xxx/CVE-2020-8094.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8094", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8095.json b/2020/8xxx/CVE-2020-8095.json new file mode 100644 index 00000000000..742d60ca7a1 --- /dev/null +++ b/2020/8xxx/CVE-2020-8095.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8095", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8096.json b/2020/8xxx/CVE-2020-8096.json new file mode 100644 index 00000000000..a8df97b22cb --- /dev/null +++ b/2020/8xxx/CVE-2020-8096.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8096", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8097.json b/2020/8xxx/CVE-2020-8097.json new file mode 100644 index 00000000000..b3fabbd7f0b --- /dev/null +++ b/2020/8xxx/CVE-2020-8097.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8097", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8098.json b/2020/8xxx/CVE-2020-8098.json new file mode 100644 index 00000000000..f7480b2f95f --- /dev/null +++ b/2020/8xxx/CVE-2020-8098.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8098", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8099.json b/2020/8xxx/CVE-2020-8099.json new file mode 100644 index 00000000000..f1f652be8f6 --- /dev/null +++ b/2020/8xxx/CVE-2020-8099.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8099", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8100.json b/2020/8xxx/CVE-2020-8100.json new file mode 100644 index 00000000000..d26eb0305c8 --- /dev/null +++ b/2020/8xxx/CVE-2020-8100.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8100", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8101.json b/2020/8xxx/CVE-2020-8101.json new file mode 100644 index 00000000000..f6b05825b4d --- /dev/null +++ b/2020/8xxx/CVE-2020-8101.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8101", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8102.json b/2020/8xxx/CVE-2020-8102.json new file mode 100644 index 00000000000..801f60fa6af --- /dev/null +++ b/2020/8xxx/CVE-2020-8102.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8102", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8103.json b/2020/8xxx/CVE-2020-8103.json new file mode 100644 index 00000000000..4ace14f3223 --- /dev/null +++ b/2020/8xxx/CVE-2020-8103.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8103", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8104.json b/2020/8xxx/CVE-2020-8104.json new file mode 100644 index 00000000000..b511127e8cf --- /dev/null +++ b/2020/8xxx/CVE-2020-8104.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8104", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8105.json b/2020/8xxx/CVE-2020-8105.json new file mode 100644 index 00000000000..630dd5d2993 --- /dev/null +++ b/2020/8xxx/CVE-2020-8105.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8105", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8106.json b/2020/8xxx/CVE-2020-8106.json new file mode 100644 index 00000000000..9ebcc49c67a --- /dev/null +++ b/2020/8xxx/CVE-2020-8106.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8106", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8107.json b/2020/8xxx/CVE-2020-8107.json new file mode 100644 index 00000000000..6e7c438ce4e --- /dev/null +++ b/2020/8xxx/CVE-2020-8107.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8107", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8108.json b/2020/8xxx/CVE-2020-8108.json new file mode 100644 index 00000000000..20672a61fe2 --- /dev/null +++ b/2020/8xxx/CVE-2020-8108.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8108", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8109.json b/2020/8xxx/CVE-2020-8109.json new file mode 100644 index 00000000000..f14dbfe6382 --- /dev/null +++ b/2020/8xxx/CVE-2020-8109.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8109", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8110.json b/2020/8xxx/CVE-2020-8110.json new file mode 100644 index 00000000000..cfd1e9ad33b --- /dev/null +++ b/2020/8xxx/CVE-2020-8110.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8110", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8111.json b/2020/8xxx/CVE-2020-8111.json new file mode 100644 index 00000000000..2e18b4b1edf --- /dev/null +++ b/2020/8xxx/CVE-2020-8111.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8111", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 2e2f17239ab53dff1a79539f341d588c34a229c3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 28 Jan 2020 15:01:19 +0000 Subject: [PATCH 377/387] "-Synchronized-Data." --- 2012/6xxx/CVE-2012-6114.json | 60 ++++++++++++++++++++++++++-- 2013/1xxx/CVE-2013-1437.json | 60 ++++++++++++++++++++++++++-- 2013/1xxx/CVE-2013-1895.json | 70 ++++++++++++++++++++++++++++++-- 2013/2xxx/CVE-2013-2571.json | 63 ++++++++++++++++++++++++++++- 2013/6xxx/CVE-2013-6451.json | 56 ++++++++++++++++++++++++-- 2013/6xxx/CVE-2013-6455.json | 56 ++++++++++++++++++++++++-- 2014/2xxx/CVE-2014-2581.json | 73 +++++++++++++++++++++++++++++++++- 2014/3xxx/CVE-2014-3445.json | 68 ++++++++++++++++++++++++++++++- 2019/13xxx/CVE-2019-13126.json | 12 +++--- 2020/7xxx/CVE-2020-7245.json | 2 +- 2020/8xxx/CVE-2020-8091.json | 5 +++ 11 files changed, 497 insertions(+), 28 deletions(-) diff --git a/2012/6xxx/CVE-2012-6114.json b/2012/6xxx/CVE-2012-6114.json index 9241a6b6936..59a2af8ccf6 100644 --- a/2012/6xxx/CVE-2012-6114.json +++ b/2012/6xxx/CVE-2012-6114.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-6114", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/changelog or (2) /tmp/.git-effort." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Symbolic Link Following" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "git-extras", + "product": { + "product_data": [ + { + "product_name": "git-extras", + "version": { + "version_data": [ + { + "version_value": "1.7.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/01/22/8", + "url": "http://www.openwall.com/lists/oss-security/2013/01/22/8" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/01/23/5", + "url": "http://www.openwall.com/lists/oss-security/2013/01/23/5" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698490", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698490" } ] } diff --git a/2013/1xxx/CVE-2013-1437.json b/2013/1xxx/CVE-2013-1437.json index 0eaeacded43..e82f0396468 100644 --- a/2013/1xxx/CVE-2013-1437.json +++ b/2013/1xxx/CVE-2013-1437.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2013-1437", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Eval Injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Perl Toolchain Gang", + "product": { + "product_data": [ + { + "product_name": "Module-Metadata", + "version": { + "version_data": [ + { + "version_value": "before 1.000015" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://metacpan.org/changes/distribution/Module-Metadata", + "url": "https://metacpan.org/changes/distribution/Module-Metadata" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114904.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114904.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114912.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114912.html" } ] } diff --git a/2013/1xxx/CVE-2013-1895.json b/2013/1xxx/CVE-2013-1895.json index 86deb1afaf1..01a6da3cf2c 100644 --- a/2013/1xxx/CVE-2013-1895.json +++ b/2013/1xxx/CVE-2013-1895.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1895", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "py-bcrypt", + "product": { + "product_data": [ + { + "product_name": "py-bcrypt", + "version": { + "version_data": [ + { + "version_value": "before 0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/03/26/2", + "url": "http://www.openwall.com/lists/oss-security/2013/03/26/2" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101387.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101387.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101382.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101382.html" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/58702", + "url": "http://www.securityfocus.com/bid/58702" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83039", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83039" } ] } diff --git a/2013/2xxx/CVE-2013-2571.json b/2013/2xxx/CVE-2013-2571.json index 5090a479e38..b835fbe99e2 100644 --- a/2013/2xxx/CVE-2013-2571.json +++ b/2013/2xxx/CVE-2013-2571.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2571", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/25987", + "url": "http://www.exploit-db.com/exploits/25987" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/60359", + "url": "http://www.securityfocus.com/bid/60359" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84761", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84761" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/121917/Xpient-POS-Iris-3.8-Cash-Drawer-Operation-Remote-Trigger.html", + "url": "https://packetstormsecurity.com/files/121917/Xpient-POS-Iris-3.8-Cash-Drawer-Operation-Remote-Trigger.html" } ] } diff --git a/2013/6xxx/CVE-2013-6451.json b/2013/6xxx/CVE-2013-6451.json index 53febf34b02..210b12dac3c 100644 --- a/2013/6xxx/CVE-2013-6451.json +++ b/2013/6xxx/CVE-2013-6451.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-6451", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,57 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wikimedia Foundation", + "product": { + "product_data": [ + { + "product_name": "MediaWiki", + "version": { + "version_data": [ + { + "version_value": "1.19.9 before 1.19.10" + }, + { + "version_value": "1.2x before 1.21.4" + }, + { + "version_value": "1.22.x before 1.22.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html" } ] } diff --git a/2013/6xxx/CVE-2013-6455.json b/2013/6xxx/CVE-2013-6455.json index b427dd5f8bf..fcf8c8e7b77 100644 --- a/2013/6xxx/CVE-2013-6455.json +++ b/2013/6xxx/CVE-2013-6455.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-6455", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,57 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wikimedia Foundation", + "product": { + "product_data": [ + { + "product_name": "MediaWiki", + "version": { + "version_data": [ + { + "version_value": "before 1.19.10" + }, + { + "version_value": "1.2x before 1.21.4" + }, + { + "version_value": "1.22.x before 1.22.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html" } ] } diff --git a/2014/2xxx/CVE-2014-2581.json b/2014/2xxx/CVE-2014-2581.json index 2522534bc1d..7370f927260 100644 --- a/2014/2xxx/CVE-2014-2581.json +++ b/2014/2xxx/CVE-2014-2581.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2581", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,76 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the \"Additional options\" line edit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://sourceforge.net/projects/smb4k/files/1.1.1/", + "url": "http://sourceforge.net/projects/smb4k/files/1.1.1/" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/03/24/1", + "url": "http://www.openwall.com/lists/oss-security/2014/03/24/1" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/03/25/5", + "url": "http://www.openwall.com/lists/oss-security/2014/03/25/5" + }, + { + "refsource": "CONFIRM", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133898.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133898.html" + }, + { + "refsource": "CONFIRM", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133901.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133901.html" + }, + { + "refsource": "MISC", + "name": "https://bugs.gentoo.org/505376", + "url": "https://bugs.gentoo.org/505376" } ] } diff --git a/2014/3xxx/CVE-2014-3445.json b/2014/3xxx/CVE-2014-3445.json index d21fa1e3df4..112c2aa721e 100644 --- a/2014/3xxx/CVE-2014-3445.json +++ b/2014/3xxx/CVE-2014-3445.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3445", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/126844/HandsomeWeb-SOS-Webpages-1.1.11-Backup-Hash-Disclosure.html", + "url": "http://packetstormsecurity.com/files/126844/HandsomeWeb-SOS-Webpages-1.1.11-Backup-Hash-Disclosure.html" + }, + { + "refsource": "MISC", + "name": "http://sourceforge.net/projects/soswebpages/files/SOS%20Webpages/SOS%20Webpages%201.1.12/", + "url": "http://sourceforge.net/projects/soswebpages/files/SOS%20Webpages/SOS%20Webpages%201.1.12/" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/May/130", + "url": "http://seclists.org/fulldisclosure/2014/May/130" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/67644", + "url": "http://www.securityfocus.com/bid/67644" + }, + { + "refsource": "MISC", + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3445/", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3445/" } ] } diff --git a/2019/13xxx/CVE-2019-13126.json b/2019/13xxx/CVE-2019-13126.json index fc2034fd6f1..55b267640f3 100644 --- a/2019/13xxx/CVE-2019-13126.json +++ b/2019/13xxx/CVE-2019-13126.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An integer overflow in NATS Server 2.0.0 allows a remote attacker to crash the server by sending a crafted request." + "value": "An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated." } ] }, @@ -52,15 +52,15 @@ }, "references": { "reference_data": [ - { - "url": "https://github.com/nats-io/nats-server/commits/master", - "refsource": "MISC", - "name": "https://github.com/nats-io/nats-server/commits/master" - }, { "refsource": "MISC", "name": "https://www.twistlock.com/labs-blog/finding-dos-vulnerability-nats-go-fuzz-cve-2019-13126/", "url": "https://www.twistlock.com/labs-blog/finding-dos-vulnerability-nats-go-fuzz-cve-2019-13126/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/nats-io/nats-server/pull/1053", + "url": "https://github.com/nats-io/nats-server/pull/1053" } ] } diff --git a/2020/7xxx/CVE-2020-7245.json b/2020/7xxx/CVE-2020-7245.json index 177eb3432fc..89d9427690b 100644 --- a/2020/7xxx/CVE-2020-7245.json +++ b/2020/7xxx/CVE-2020-7245.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Incorrect username validation in the registration processes of CTFd through 2.2.2 allows a remote attacker to take over an arbitrary account after initiating a password reset. This is related to register() and reset_password() in auth.py. To exploit the vulnerability, one must register with a username similar to the admin, but with spaces inserted before and after the username. This will register the account with the same username as the admin. After a reset of the password for this new account, CTFd will reset the admin account's password due to the username collision." + "value": "Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if the username is known and emails are enabled on the CTFd instance. To exploit the vulnerability, one must register with a username identical to the victim's username, but with white space inserted before and/or after the username. This will register the account with the same username as the victim. After initiating a password reset for the new account, CTFd will reset the victim's account password due to the username collision." } ] }, diff --git a/2020/8xxx/CVE-2020-8091.json b/2020/8xxx/CVE-2020-8091.json index 131b3dc0c9f..3b6e6406e7d 100644 --- a/2020/8xxx/CVE-2020-8091.json +++ b/2020/8xxx/CVE-2020-8091.json @@ -56,6 +56,11 @@ "url": "https://typo3.org/security/advisory/typo3-psa-2019-003/", "refsource": "MISC", "name": "https://typo3.org/security/advisory/typo3-psa-2019-003/" + }, + { + "refsource": "MISC", + "name": "https://www.purplemet.com/blog/typo3-xss-vulnerability", + "url": "https://www.purplemet.com/blog/typo3-xss-vulnerability" } ] }, From 7cca79cca8226b6bb94cab7accfe0f9d1a7c2cb4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 28 Jan 2020 16:01:13 +0000 Subject: [PATCH 378/387] "-Synchronized-Data." --- 2013/0xxx/CVE-2013-0294.json | 85 ++++++++++++++++++++++++++++++-- 2013/2xxx/CVE-2013-2060.json | 65 ++++++++++++++++++++++-- 2013/4xxx/CVE-2013-4582.json | 90 ++++++++++++++++++++++++++++++++-- 2013/4xxx/CVE-2013-4583.json | 90 ++++++++++++++++++++++++++++++++-- 2014/2xxx/CVE-2014-2896.json | 63 +++++++++++++++++++++++- 2014/2xxx/CVE-2014-2897.json | 63 +++++++++++++++++++++++- 2014/2xxx/CVE-2014-2898.json | 63 +++++++++++++++++++++++- 2014/2xxx/CVE-2014-2906.json | 58 +++++++++++++++++++++- 2014/2xxx/CVE-2014-2914.json | 53 +++++++++++++++++++- 2014/3xxx/CVE-2014-3230.json | 70 ++++++++++++++++++++++++-- 2014/3xxx/CVE-2014-3856.json | 58 +++++++++++++++++++++- 2019/18xxx/CVE-2019-18932.json | 5 ++ 2020/6xxx/CVE-2020-6609.json | 5 ++ 2020/6xxx/CVE-2020-6610.json | 5 ++ 2020/6xxx/CVE-2020-6611.json | 5 ++ 2020/6xxx/CVE-2020-6612.json | 5 ++ 2020/6xxx/CVE-2020-6613.json | 5 ++ 2020/6xxx/CVE-2020-6614.json | 5 ++ 2020/6xxx/CVE-2020-6615.json | 5 ++ 2020/7xxx/CVE-2020-7934.json | 5 -- 20 files changed, 771 insertions(+), 32 deletions(-) diff --git a/2013/0xxx/CVE-2013-0294.json b/2013/0xxx/CVE-2013-0294.json index b48cc4dfc27..d06741e34a4 100644 --- a/2013/0xxx/CVE-2013-0294.json +++ b/2013/0xxx/CVE-2013-0294.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0294", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,86 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cryptography" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pyrad", + "product": { + "product_data": [ + { + "product_name": "pyrad", + "version": { + "version_data": [ + { + "version_value": "before 2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=911682", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=911682" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/wichert/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5", + "url": "https://github.com/wichert/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/57984", + "url": "http://www.securityfocus.com/bid/57984" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/02/15/13", + "url": "http://www.openwall.com/lists/oss-security/2013/02/15/13" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82133", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82133" + }, + { + "refsource": "CONFIRM", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116567.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116567.html" + }, + { + "refsource": "CONFIRM", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115705.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115705.html" + }, + { + "refsource": "CONFIRM", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115677.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115677.html" } ] } diff --git a/2013/2xxx/CVE-2013-2060.json b/2013/2xxx/CVE-2013-2060.json index 43f5daa1d3b..07b5d6873fc 100644 --- a/2013/2xxx/CVE-2013-2060.json +++ b/2013/2xxx/CVE-2013-2060.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2060", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Metacharacters" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "OpenShift Origin", + "version": { + "version_data": [ + { + "version_value": "unknown" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=960363", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=960363" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/05/07/1", + "url": "http://www.openwall.com/lists/oss-security/2013/05/07/1" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59687", + "url": "http://www.securityfocus.com/bid/59687" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84075", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84075" } ] } diff --git a/2013/4xxx/CVE-2013-4582.json b/2013/4xxx/CVE-2013-4582.json index e2e1f679349..a367228e74e 100644 --- a/2013/4xxx/CVE-2013-4582.json +++ b/2013/4xxx/CVE-2013-4582.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4582", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,91 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": "5.0 before 5.4.2" + } + ] + } + }, + { + "product_name": "GitLab Community Edition", + "version": { + "version_data": [ + { + "version_value": "before 6.2.4" + } + ] + } + }, + { + "product_name": "GitLab Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "before 6.2.1" + } + ] + } + }, + { + "product_name": "gitlab-shell", + "version": { + "version_data": [ + { + "version_value": "before 1.7.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/11/15/4", + "url": "http://www.openwall.com/lists/oss-security/2013/11/15/4" + }, + { + "refsource": "MISC", + "name": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/", + "url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2013/11/18/4", + "url": "https://www.openwall.com/lists/oss-security/2013/11/18/4" } ] } diff --git a/2013/4xxx/CVE-2013-4583.json b/2013/4xxx/CVE-2013-4583.json index fecac2b6477..e2c9e11ca47 100644 --- a/2013/4xxx/CVE-2013-4583.json +++ b/2013/4xxx/CVE-2013-4583.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4583", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,91 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal (Local File Inclusion)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": "5.0 before 5.4.2" + } + ] + } + }, + { + "product_name": "GitLab Community Edition", + "version": { + "version_data": [ + { + "version_value": "before 6.2.4" + } + ] + } + }, + { + "product_name": "GitLab Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "before 6.2.1" + } + ] + } + }, + { + "product_name": "gitlab-shell", + "version": { + "version_data": [ + { + "version_value": "before 1.7.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/11/15/4", + "url": "http://www.openwall.com/lists/oss-security/2013/11/15/4" + }, + { + "refsource": "MISC", + "name": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/", + "url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2013/11/18/4", + "url": "https://www.openwall.com/lists/oss-security/2013/11/18/4" } ] } diff --git a/2014/2xxx/CVE-2014-2896.json b/2014/2xxx/CVE-2014-2896.json index 249b1957adc..098515acb4f 100644 --- a/2014/2xxx/CVE-2014-2896.json +++ b/2014/2xxx/CVE-2014-2896.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2896", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html", + "url": "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html", + "url": "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2014/q2/126", + "url": "http://seclists.org/oss-sec/2014/q2/126" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2014/q2/130", + "url": "http://seclists.org/oss-sec/2014/q2/130" } ] } diff --git a/2014/2xxx/CVE-2014-2897.json b/2014/2xxx/CVE-2014-2897.json index 92f9d091a09..6a19a8ee410 100644 --- a/2014/2xxx/CVE-2014-2897.json +++ b/2014/2xxx/CVE-2014-2897.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2897", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html", + "url": "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html", + "url": "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2014/q2/126", + "url": "http://seclists.org/oss-sec/2014/q2/126" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2014/q2/130", + "url": "http://seclists.org/oss-sec/2014/q2/130" } ] } diff --git a/2014/2xxx/CVE-2014-2898.json b/2014/2xxx/CVE-2014-2898.json index 54d7a3035f7..2e76d06b602 100644 --- a/2014/2xxx/CVE-2014-2898.json +++ b/2014/2xxx/CVE-2014-2898.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2898", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html", + "url": "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html", + "url": "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2014/q2/126", + "url": "http://seclists.org/oss-sec/2014/q2/126" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2014/q2/130", + "url": "http://seclists.org/oss-sec/2014/q2/130" } ] } diff --git a/2014/2xxx/CVE-2014-2906.json b/2014/2xxx/CVE-2014-2906.json index 24a53f23883..c05910cb8f1 100644 --- a/2014/2xxx/CVE-2014-2906.json +++ b/2014/2xxx/CVE-2014-2906.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2906", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/04/28/4", + "url": "http://www.openwall.com/lists/oss-security/2014/04/28/4" + }, + { + "refsource": "MISC", + "name": "https://github.com/fish-shell/fish-shell/issues/1437", + "url": "https://github.com/fish-shell/fish-shell/issues/1437" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/fish-shell/fish-shell/releases/tag/2.1.1", + "url": "https://github.com/fish-shell/fish-shell/releases/tag/2.1.1" } ] } diff --git a/2014/2xxx/CVE-2014-2914.json b/2014/2xxx/CVE-2014-2914.json index 6a7e3c9030b..298b315bf2c 100644 --- a/2014/2xxx/CVE-2014-2914.json +++ b/2014/2xxx/CVE-2014-2914.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2914", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/fish-shell/fish-shell/issues/1438", + "url": "https://github.com/fish-shell/fish-shell/issues/1438" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/04/28/4", + "url": "http://www.openwall.com/lists/oss-security/2014/04/28/4" } ] } diff --git a/2014/3xxx/CVE-2014-3230.json b/2014/3xxx/CVE-2014-3230.json index a7200748038..cd395897699 100644 --- a/2014/3xxx/CVE-2014-3230.json +++ b/2014/3xxx/CVE-2014-3230.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3230", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "libwww-perl", + "product": { + "product_data": [ + { + "product_name": "LWP::Protocol::https", + "version": { + "version_data": [ + { + "version_value": "6.04 through 6.06" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746579", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746579" + }, + { + "refsource": "MISC", + "name": "https://github.com/libwww-perl/lwp-protocol-https/pull/14", + "url": "https://github.com/libwww-perl/lwp-protocol-https/pull/14" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/05/02/8", + "url": "http://www.openwall.com/lists/oss-security/2014/05/02/8" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/05/04/1", + "url": "http://www.openwall.com/lists/oss-security/2014/05/04/1" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/05/06/8", + "url": "http://www.openwall.com/lists/oss-security/2014/05/06/8" } ] } diff --git a/2014/3xxx/CVE-2014-3856.json b/2014/3xxx/CVE-2014-3856.json index 9d1dd80a1ac..b85ee3981d4 100644 --- a/2014/3xxx/CVE-2014-3856.json +++ b/2014/3xxx/CVE-2014-3856.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3856", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/fish-shell/fish-shell/issues/1437", + "url": "https://github.com/fish-shell/fish-shell/issues/1437" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/fish-shell/fish-shell/releases/tag/2.1.1", + "url": "https://github.com/fish-shell/fish-shell/releases/tag/2.1.1" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2014/04/28/4", + "url": "https://www.openwall.com/lists/oss-security/2014/04/28/4" } ] } diff --git a/2019/18xxx/CVE-2019-18932.json b/2019/18xxx/CVE-2019-18932.json index eb246e86e47..27f47bd378f 100644 --- a/2019/18xxx/CVE-2019-18932.json +++ b/2019/18xxx/CVE-2019-18932.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200127 Re: CVE-2019-18932: sarg: insecure usage of /tmp/sarg allows privilege escalation / DoS attack vector", "url": "http://www.openwall.com/lists/oss-security/2020/01/27/1" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0117", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00051.html" } ] } diff --git a/2020/6xxx/CVE-2020-6609.json b/2020/6xxx/CVE-2020-6609.json index 350eb01ad94..f647649e064 100644 --- a/2020/6xxx/CVE-2020-6609.json +++ b/2020/6xxx/CVE-2020-6609.json @@ -61,6 +61,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0096", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0115", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html" } ] } diff --git a/2020/6xxx/CVE-2020-6610.json b/2020/6xxx/CVE-2020-6610.json index a9994e9c0f0..169eb0beae2 100644 --- a/2020/6xxx/CVE-2020-6610.json +++ b/2020/6xxx/CVE-2020-6610.json @@ -61,6 +61,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0096", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0115", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html" } ] } diff --git a/2020/6xxx/CVE-2020-6611.json b/2020/6xxx/CVE-2020-6611.json index 40f7d9a1b2c..5fdbacd5935 100644 --- a/2020/6xxx/CVE-2020-6611.json +++ b/2020/6xxx/CVE-2020-6611.json @@ -61,6 +61,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0096", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0115", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html" } ] } diff --git a/2020/6xxx/CVE-2020-6612.json b/2020/6xxx/CVE-2020-6612.json index 4882c0bdb95..d25aac091cc 100644 --- a/2020/6xxx/CVE-2020-6612.json +++ b/2020/6xxx/CVE-2020-6612.json @@ -61,6 +61,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0096", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0115", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html" } ] } diff --git a/2020/6xxx/CVE-2020-6613.json b/2020/6xxx/CVE-2020-6613.json index c0c35fa7409..9abdf0d2282 100644 --- a/2020/6xxx/CVE-2020-6613.json +++ b/2020/6xxx/CVE-2020-6613.json @@ -61,6 +61,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0096", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0115", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html" } ] } diff --git a/2020/6xxx/CVE-2020-6614.json b/2020/6xxx/CVE-2020-6614.json index 1c64227d3b9..1f69250a341 100644 --- a/2020/6xxx/CVE-2020-6614.json +++ b/2020/6xxx/CVE-2020-6614.json @@ -61,6 +61,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0096", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0115", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html" } ] } diff --git a/2020/6xxx/CVE-2020-6615.json b/2020/6xxx/CVE-2020-6615.json index c3380b80538..7c8c4fb9fb2 100644 --- a/2020/6xxx/CVE-2020-6615.json +++ b/2020/6xxx/CVE-2020-6615.json @@ -61,6 +61,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0096", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0115", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html" } ] } diff --git a/2020/7xxx/CVE-2020-7934.json b/2020/7xxx/CVE-2020-7934.json index d385c91b235..45608ee5601 100644 --- a/2020/7xxx/CVE-2020-7934.json +++ b/2020/7xxx/CVE-2020-7934.json @@ -52,11 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "https://semanticbits.com/tech-blog", - "refsource": "MISC", - "name": "https://semanticbits.com/tech-blog" - }, { "refsource": "MISC", "name": "https://semanticbits.com/liferay-portal-authenticated-xss-disclosure/", From def554dea4a61c56cd25ef622cf6395b7c01648e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 28 Jan 2020 17:01:18 +0000 Subject: [PATCH 379/387] "-Synchronized-Data." --- 2012/6xxx/CVE-2012-6609.json | 53 +++++++++++++++++++++++++++-- 2012/6xxx/CVE-2012-6610.json | 53 +++++++++++++++++++++++++++-- 2013/4xxx/CVE-2013-4861.json | 58 +++++++++++++++++++++++++++++-- 2013/4xxx/CVE-2013-4862.json | 58 +++++++++++++++++++++++++++++-- 2013/4xxx/CVE-2013-4863.json | 58 +++++++++++++++++++++++++++++-- 2013/4xxx/CVE-2013-4864.json | 58 +++++++++++++++++++++++++++++-- 2013/4xxx/CVE-2013-4865.json | 58 +++++++++++++++++++++++++++++-- 2015/7xxx/CVE-2015-7851.json | 58 +++++++++++++++++++++++++++++-- 2020/1xxx/CVE-2020-1940.json | 50 +++++++++++++++++++++++++-- 2020/6xxx/CVE-2020-6851.json | 5 +++ 2020/8xxx/CVE-2020-8086.json | 66 ++++++++++++++++++++++++++++++++---- 11 files changed, 550 insertions(+), 25 deletions(-) diff --git a/2012/6xxx/CVE-2012-6609.json b/2012/6xxx/CVE-2012-6609.json index 1bd3455c0bd..8fbdeefcee5 100644 --- a/2012/6xxx/CVE-2012-6609.json +++ b/2012/6xxx/CVE-2012-6609.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6609", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2012/Mar/18", + "url": "http://seclists.org/fulldisclosure/2012/Mar/18" + }, + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20130317232013/http://blog.tempest.com.br/joao-paulo-campello/polycom-web-management-interface-os-command-injection.html", + "url": "https://web.archive.org/web/20130317232013/http://blog.tempest.com.br/joao-paulo-campello/polycom-web-management-interface-os-command-injection.html" } ] } diff --git a/2012/6xxx/CVE-2012-6610.json b/2012/6xxx/CVE-2012-6610.json index 06032a688c2..57fcbdce16f 100644 --- a/2012/6xxx/CVE-2012-6610.json +++ b/2012/6xxx/CVE-2012-6610.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6610", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2012/Mar/18", + "url": "http://seclists.org/fulldisclosure/2012/Mar/18" + }, + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20130317232013/http://blog.tempest.com.br/joao-paulo-campello/polycom-web-management-interface-os-command-injection.html", + "url": "https://web.archive.org/web/20130317232013/http://blog.tempest.com.br/joao-paulo-campello/polycom-web-management-interface-os-command-injection.html" } ] } diff --git a/2013/4xxx/CVE-2013-4861.json b/2013/4xxx/CVE-2013-4861.json index a7af6b41048..837e2740cc5 100644 --- a/2013/4xxx/CVE-2013-4861.json +++ b/2013/4xxx/CVE-2013-4861.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4861", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html", + "url": "http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html" + }, + { + "refsource": "MISC", + "name": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt", + "url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt" + }, + { + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/27286", + "url": "http://www.exploit-db.com/exploits/27286" } ] } diff --git a/2013/4xxx/CVE-2013-4862.json b/2013/4xxx/CVE-2013-4862.json index a3d7fe1058b..5b457b1fd67 100644 --- a/2013/4xxx/CVE-2013-4862.json +++ b/2013/4xxx/CVE-2013-4862.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4862", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html", + "url": "http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html" + }, + { + "refsource": "MISC", + "name": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt", + "url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt" + }, + { + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/27286", + "url": "http://www.exploit-db.com/exploits/27286" } ] } diff --git a/2013/4xxx/CVE-2013-4863.json b/2013/4xxx/CVE-2013-4863.json index 2c8f94f7731..95219ed8354 100644 --- a/2013/4xxx/CVE-2013-4863.json +++ b/2013/4xxx/CVE-2013-4863.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4863", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html", + "url": "http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html" + }, + { + "refsource": "MISC", + "name": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt", + "url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt" + }, + { + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/27286", + "url": "http://www.exploit-db.com/exploits/27286" } ] } diff --git a/2013/4xxx/CVE-2013-4864.json b/2013/4xxx/CVE-2013-4864.json index 6e278355c26..a1a301cb26d 100644 --- a/2013/4xxx/CVE-2013-4864.json +++ b/2013/4xxx/CVE-2013-4864.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4864", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html", + "url": "http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html" + }, + { + "refsource": "MISC", + "name": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt", + "url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt" + }, + { + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/27286", + "url": "http://www.exploit-db.com/exploits/27286" } ] } diff --git a/2013/4xxx/CVE-2013-4865.json b/2013/4xxx/CVE-2013-4865.json index dfb53178159..d9226c9634c 100644 --- a/2013/4xxx/CVE-2013-4865.json +++ b/2013/4xxx/CVE-2013-4865.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4865", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html", + "url": "http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html" + }, + { + "refsource": "MISC", + "name": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt", + "url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt" + }, + { + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/27286", + "url": "http://www.exploit-db.com/exploits/27286" } ] } diff --git a/2015/7xxx/CVE-2015-7851.json b/2015/7xxx/CVE-2015-7851.json index 78c73a834ed..5b4ebcf79af 100644 --- a/2015/7xxx/CVE-2015-7851.json +++ b/2015/7xxx/CVE-2015-7851.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7851", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.talosintel.com/reports/TALOS-2015-0062/", + "url": "http://www.talosintel.com/reports/TALOS-2015-0062/" + }, + { + "refsource": "MISC", + "name": "http://support.ntp.org/bin/view/Main/SecurityNotice", + "url": "http://support.ntp.org/bin/view/Main/SecurityNotice" + }, + { + "refsource": "MISC", + "name": "http://support.ntp.org/bin/view/Main/NtpBug2918", + "url": "http://support.ntp.org/bin/view/Main/NtpBug2918" } ] } diff --git a/2020/1xxx/CVE-2020-1940.json b/2020/1xxx/CVE-2020-1940.json index 0f9de1f224a..a4f7f3b6010 100644 --- a/2020/1xxx/CVE-2020-1940.json +++ b/2020/1xxx/CVE-2020-1940.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1940", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Jackrabbit Oak", + "version": { + "version_data": [ + { + "version_value": "1.2.0 to 1.22.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/rccc0ed467faa35734ea16b8f5de5603e708936c41a4eddd90fddeaf0%40%3Cusers.jackrabbit.apache.org%3E", + "url": "https://lists.apache.org/thread.html/rccc0ed467faa35734ea16b8f5de5603e708936c41a4eddd90fddeaf0%40%3Cusers.jackrabbit.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does not remove it upon processing during the first phase of the authentication. In combination with additional, independent authentication mechanisms, this may lead to the new password being disclosed." } ] } diff --git a/2020/6xxx/CVE-2020-6851.json b/2020/6xxx/CVE-2020-6851.json index d5f58de73e7..fcc3e5dae65 100644 --- a/2020/6xxx/CVE-2020-6851.json +++ b/2020/6xxx/CVE-2020-6851.json @@ -56,6 +56,11 @@ "url": "https://github.com/uclouvain/openjpeg/issues/1228", "refsource": "MISC", "name": "https://github.com/uclouvain/openjpeg/issues/1228" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200128 [SECURITY] [DLA 2081-1] openjpeg2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00025.html" } ] } diff --git a/2020/8xxx/CVE-2020-8086.json b/2020/8xxx/CVE-2020-8086.json index 7602771fe55..e31248d35e9 100644 --- a/2020/8xxx/CVE-2020-8086.json +++ b/2020/8xxx/CVE-2020-8086.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8086", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8086", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hg.prosody.im/prosody-modules/log/tip/mod_auth_ldap/mod_auth_ldap.lua", + "refsource": "MISC", + "name": "https://hg.prosody.im/prosody-modules/log/tip/mod_auth_ldap/mod_auth_ldap.lua" + }, + { + "url": "https://hg.prosody.im/prosody-modules/log/tip/mod_auth_ldap2/mod_auth_ldap2.lua", + "refsource": "MISC", + "name": "https://hg.prosody.im/prosody-modules/log/tip/mod_auth_ldap2/mod_auth_ldap2.lua" + }, + { + "refsource": "CONFIRM", + "name": "https://prosody.im/security/advisory_20200128/", + "url": "https://prosody.im/security/advisory_20200128/" } ] } From 6d876182fbe88543f50cbc09f00297789601ba67 Mon Sep 17 00:00:00 2001 From: Eric Johnson Date: Tue, 28 Jan 2020 09:39:53 -0800 Subject: [PATCH 380/387] TIBCO Patterns XSS Vulnerability, January 2020. --- 2019/17xxx/CVE-2019-17338.json | 95 ++++++++++++++++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 2019/17xxx/CVE-2019-17338.json diff --git a/2019/17xxx/CVE-2019-17338.json b/2019/17xxx/CVE-2019-17338.json new file mode 100644 index 00000000000..635b7a89ba4 --- /dev/null +++ b/2019/17xxx/CVE-2019-17338.json @@ -0,0 +1,95 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2020-01-28T17:00:00Z", + "ID": "CVE-2019-17338", + "STATE": "PUBLIC", + "TITLE": "TIBCO Patterns - Search Exposes Cross Site Scripting Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO Patterns - Search", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "5.4.0" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting (XSS) attacks.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Patterns - Search: versions 5.4.0 and below.\n" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of these vulnerabilities includes the theoretical possibility that an attacker could gain all privileges available via the affected component." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tibco.com/support/advisories/2020/01/tibco-security-advisory-january-28-2020-tibco-patterns", + "refsource": "CONFIRM", + "url": "https://www.tibco.com/support/advisories/2020/01/tibco-security-advisory-january-28-2020-tibco-patterns" + }, + { + "name": "http://www.tibco.com/services/support/advisories", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Patterns - Search versions 5.4.0 and below update to version 5.5.0 or higher" + } + ], + "source": { + "discovery": "INTERNAL" + } +} From 340df075621f4feb5ebe2616727a94310776e043 Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Tue, 28 Jan 2020 10:46:45 -0700 Subject: [PATCH 381/387] add CVE-2020-5209 for GHSA-fw72-r8xm-45p8 --- 2020/5xxx/CVE-2020-5209.json | 84 +++++++++++++++++++++++++++++++++--- 1 file changed, 77 insertions(+), 7 deletions(-) diff --git a/2020/5xxx/CVE-2020-5209.json b/2020/5xxx/CVE-2020-5209.json index 5131817044d..22b695a181f 100644 --- a/2020/5xxx/CVE-2020-5209.json +++ b/2020/5xxx/CVE-2020-5209.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5209", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "NetHack command line parsing of options starting with -de and -i is subject to a buffer overflow" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetHack", + "version": { + "version_data": [ + { + "version_value": "< 3.6.5" + } + ] + } + } + ] + }, + "vendor_name": "NetHack" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation.\n\nThis vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options.\n\nUsers should upgrade to NetHack 3.6.5." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8", + "refsource": "CONFIRM", + "url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8" + }, + { + "name": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77", + "refsource": "MISC", + "url": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77" + } + ] + }, + "source": { + "advisory": "GHSA-fw72-r8xm-45p8", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} From 4dcf3fe63338618b0e11a6feba3e07c486c3c9e1 Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Tue, 28 Jan 2020 10:48:34 -0700 Subject: [PATCH 382/387] add CVE-2020-5210 for GHSA-v5pg-hpjg-9rpp --- 2020/5xxx/CVE-2020-5210.json | 84 +++++++++++++++++++++++++++++++++--- 1 file changed, 77 insertions(+), 7 deletions(-) diff --git a/2020/5xxx/CVE-2020-5210.json b/2020/5xxx/CVE-2020-5210.json index 799b7b07fbf..9d9c87dbe09 100644 --- a/2020/5xxx/CVE-2020-5210.json +++ b/2020/5xxx/CVE-2020-5210.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5210", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "NetHack command line -w option parsing is subject to a buffer overflow" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetHack", + "version": { + "version_data": [ + { + "version_value": "< 3.6.5" + } + ] + } + } + ] + }, + "vendor_name": "NetHack" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation.\n\nThis vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options.\n\nUsers should upgrade to NetHack 3.6.5." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp", + "refsource": "CONFIRM", + "url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp" + }, + { + "name": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77", + "refsource": "MISC", + "url": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77" + } + ] + }, + "source": { + "advisory": "GHSA-v5pg-hpjg-9rpp", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} From 122d78f5d2b30b728b32b0a6de7da9852bb563d1 Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Tue, 28 Jan 2020 10:50:15 -0700 Subject: [PATCH 383/387] add CVE-2020-5211 for GHSA-r788-4jf4-r9f7 --- 2020/5xxx/CVE-2020-5211.json | 79 ++++++++++++++++++++++++++++++++---- 1 file changed, 72 insertions(+), 7 deletions(-) diff --git a/2020/5xxx/CVE-2020-5211.json b/2020/5xxx/CVE-2020-5211.json index 511e44ab894..3d6f3813a26 100644 --- a/2020/5xxx/CVE-2020-5211.json +++ b/2020/5xxx/CVE-2020-5211.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5211", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "NetHack AUTOCOMPLETE configuration file option is subject to a buffer overflow" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetHack", + "version": { + "version_data": [ + { + "version_value": "< 3.6.5" + } + ] + } + } + ] + }, + "vendor_name": "NetHack" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation.\n\nThis vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files.\n\nUsers should upgrade to NetHack 3.6.5." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7", + "refsource": "CONFIRM", + "url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7" + } + ] + }, + "source": { + "advisory": "GHSA-r788-4jf4-r9f7", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} From 438e8d55cbdf74362496e73bdabfa4fb932aa92c Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Tue, 28 Jan 2020 10:51:42 -0700 Subject: [PATCH 384/387] add CVE-2020-5212 for GHSA-g89f-m829-4m56 --- 2020/5xxx/CVE-2020-5212.json | 79 ++++++++++++++++++++++++++++++++---- 1 file changed, 72 insertions(+), 7 deletions(-) diff --git a/2020/5xxx/CVE-2020-5212.json b/2020/5xxx/CVE-2020-5212.json index a84ee6fbbbc..fc44e3929c6 100644 --- a/2020/5xxx/CVE-2020-5212.json +++ b/2020/5xxx/CVE-2020-5212.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5212", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "NetHack MENUCOLOR configuration file option is subject to a buffer overflow" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetHack", + "version": { + "version_data": [ + { + "version_value": "< 3.6.5" + } + ] + } + } + ] + }, + "vendor_name": "NetHack" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation.\n\nThis vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files.\n\nUsers should upgrade to NetHack 3.6.5." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56", + "refsource": "CONFIRM", + "url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56" + } + ] + }, + "source": { + "advisory": "GHSA-g89f-m829-4m56", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} From cf279a768b80fff904e46e9e4311e0ae25baaa3b Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Tue, 28 Jan 2020 10:52:55 -0700 Subject: [PATCH 385/387] add CVE-2020-5213 for GHSA-rr25-4v34-pr7v --- 2020/5xxx/CVE-2020-5213.json | 79 ++++++++++++++++++++++++++++++++---- 1 file changed, 72 insertions(+), 7 deletions(-) diff --git a/2020/5xxx/CVE-2020-5213.json b/2020/5xxx/CVE-2020-5213.json index 040e977b261..2306244f9f2 100644 --- a/2020/5xxx/CVE-2020-5213.json +++ b/2020/5xxx/CVE-2020-5213.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5213", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "NetHack SYMBOL configuration file option is subject to a buffer overflow" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetHack", + "version": { + "version_data": [ + { + "version_value": "< 3.6.5" + } + ] + } + } + ] + }, + "vendor_name": "NetHack" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation.\n\nThis vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files.\n\nUsers should upgrade to NetHack 3.6.5." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v", + "refsource": "CONFIRM", + "url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v" + } + ] + }, + "source": { + "advisory": "GHSA-rr25-4v34-pr7v", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} From f20debfe206065c4193fd7f912fac7ca86a1b3dc Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Tue, 28 Jan 2020 10:54:18 -0700 Subject: [PATCH 386/387] add CVE-2020-5214 for GHSA-p8fw-rq89-xqx6 --- 2020/5xxx/CVE-2020-5214.json | 79 ++++++++++++++++++++++++++++++++---- 1 file changed, 72 insertions(+), 7 deletions(-) diff --git a/2020/5xxx/CVE-2020-5214.json b/2020/5xxx/CVE-2020-5214.json index f5933791a0e..a38703ac3d3 100644 --- a/2020/5xxx/CVE-2020-5214.json +++ b/2020/5xxx/CVE-2020-5214.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5214", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "NetHack error recovery after syntax error in configuration file is subject to a buffer overflow" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetHack", + "version": { + "version_data": [ + { + "version_value": "< 3.6.5" + } + ] + } + } + ] + }, + "vendor_name": "NetHack" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation.\n\nThis vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files.\n\nUsers should upgrade to NetHack 3.6.5." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6", + "refsource": "CONFIRM", + "url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6" + } + ] + }, + "source": { + "advisory": "GHSA-p8fw-rq89-xqx6", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} From 5e33b12aae0a6a9d31712e6c388fd3406128879a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 28 Jan 2020 18:01:23 +0000 Subject: [PATCH 387/387] "-Synchronized-Data." --- 2019/19xxx/CVE-2019-19740.json | 5 +++ 2020/1xxx/CVE-2020-1940.json | 5 +++ 2020/5xxx/CVE-2020-5209.json | 14 ++++---- 2020/5xxx/CVE-2020-5210.json | 4 +-- 2020/6xxx/CVE-2020-6851.json | 2 +- 2020/7xxx/CVE-2020-7991.json | 5 +++ 2020/8xxx/CVE-2020-8112.json | 62 ++++++++++++++++++++++++++++++++++ 2020/8xxx/CVE-2020-8113.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8114.json | 18 ++++++++++ 9 files changed, 123 insertions(+), 10 deletions(-) create mode 100644 2020/8xxx/CVE-2020-8112.json create mode 100644 2020/8xxx/CVE-2020-8113.json create mode 100644 2020/8xxx/CVE-2020-8114.json diff --git a/2019/19xxx/CVE-2019-19740.json b/2019/19xxx/CVE-2019-19740.json index a43bcc4d916..4a32f0fc295 100644 --- a/2019/19xxx/CVE-2019-19740.json +++ b/2019/19xxx/CVE-2019-19740.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/BrunoBulle/Oempro_4.7/blob/master/README.md", "url": "https://github.com/BrunoBulle/Oempro_4.7/blob/master/README.md" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156113/Octeth-Oempro-4.8-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/156113/Octeth-Oempro-4.8-SQL-Injection.html" } ] } diff --git a/2020/1xxx/CVE-2020-1940.json b/2020/1xxx/CVE-2020-1940.json index a4f7f3b6010..f813523b8b4 100644 --- a/2020/1xxx/CVE-2020-1940.json +++ b/2020/1xxx/CVE-2020-1940.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://lists.apache.org/thread.html/rccc0ed467faa35734ea16b8f5de5603e708936c41a4eddd90fddeaf0%40%3Cusers.jackrabbit.apache.org%3E", "url": "https://lists.apache.org/thread.html/rccc0ed467faa35734ea16b8f5de5603e708936c41a4eddd90fddeaf0%40%3Cusers.jackrabbit.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[jackrabbit-announce] 20200128 CVE-2020-1940: Apache Jackrabbit Oak sensitive information disclosure vulnerability", + "url": "https://lists.apache.org/thread.html/rccc0ed467faa35734ea16b8f5de5603e708936c41a4eddd90fddeaf0@%3Cannounce.jackrabbit.apache.org%3E" } ] }, diff --git a/2020/5xxx/CVE-2020-5209.json b/2020/5xxx/CVE-2020-5209.json index 22b695a181f..9630528c223 100644 --- a/2020/5xxx/CVE-2020-5209.json +++ b/2020/5xxx/CVE-2020-5209.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation.\n\nThis vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options.\n\nUsers should upgrade to NetHack 3.6.5." + "value": "In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5." } ] }, @@ -69,15 +69,15 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8", - "refsource": "CONFIRM", - "url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8" - }, { "name": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77", "refsource": "MISC", "url": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77" + }, + { + "name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8", + "refsource": "CONFIRM", + "url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8" } ] }, @@ -85,4 +85,4 @@ "advisory": "GHSA-fw72-r8xm-45p8", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5210.json b/2020/5xxx/CVE-2020-5210.json index 9d9c87dbe09..f3d97bce94c 100644 --- a/2020/5xxx/CVE-2020-5210.json +++ b/2020/5xxx/CVE-2020-5210.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation.\n\nThis vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options.\n\nUsers should upgrade to NetHack 3.6.5." + "value": "In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5." } ] }, @@ -85,4 +85,4 @@ "advisory": "GHSA-v5pg-hpjg-9rpp", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6851.json b/2020/6xxx/CVE-2020-6851.json index fcc3e5dae65..8c06ab8fcac 100644 --- a/2020/6xxx/CVE-2020-6851.json +++ b/2020/6xxx/CVE-2020-6851.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in libopenjp2.so." + "value": "OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation." } ] }, diff --git a/2020/7xxx/CVE-2020-7991.json b/2020/7xxx/CVE-2020-7991.json index b0475d4b0f1..ad0501e84b3 100644 --- a/2020/7xxx/CVE-2020-7991.json +++ b/2020/7xxx/CVE-2020-7991.json @@ -61,6 +61,11 @@ "url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md", "refsource": "MISC", "name": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156106/Adive-Framework-2.0.8-Cross-Site-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/156106/Adive-Framework-2.0.8-Cross-Site-Request-Forgery.html" } ] } diff --git a/2020/8xxx/CVE-2020-8112.json b/2020/8xxx/CVE-2020-8112.json new file mode 100644 index 00000000000..4f9ed37e1ab --- /dev/null +++ b/2020/8xxx/CVE-2020-8112.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/uclouvain/openjpeg/issues/1231", + "refsource": "MISC", + "name": "https://github.com/uclouvain/openjpeg/issues/1231" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8113.json b/2020/8xxx/CVE-2020-8113.json new file mode 100644 index 00000000000..7cac61ace6f --- /dev/null +++ b/2020/8xxx/CVE-2020-8113.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8113", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8114.json b/2020/8xxx/CVE-2020-8114.json new file mode 100644 index 00000000000..ecd3e6e2ff7 --- /dev/null +++ b/2020/8xxx/CVE-2020-8114.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8114", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file